Lab 7 Risk Management in It

In: Computers and Technology

Submitted By kdog2984
Words 737
Pages 3
-------------------------------------------------
Project

Project Title
Transforming to an E-Business Model

Purpose
This project provides you an opportunity to assume a specific role in a business situation. You then apply the competencies gained in this course to develop a solution for a business problem related to an organization’s transformation to an e-business model.

Learning Objectives and Outcomes
You will be able to:
* Gain an overall understanding of an e-business transformation capitalizing on the advent of the Internet technologies and Web applications in a specific business situation.
* Summarize your understanding of implementing social networking applications into an e-business model capitalizing on the advent of Internet technologies and Web applications in a specific business situation.
* Summarize your understanding of identifying risks, threats, and vulnerabilities relating to Web and social networking applications in an e-business transformation.
* Identify various weaknesses in Web site applications.
* Understand the life cycle of software development and how security can fit into the model.
* Identify the need for Payment Card Industry Data Security Standard (PCI DSS) compliance within an organization.
* Identify various open source and proprietary tools used in Web application security assessment and vulnerability scanning.
* Identify the available mobile communication devices and the security risks associated with each type of device.

Required Source Information and Tools
The following tools and resources will be needed to complete this project:
* Course textbook
* Access to the Internet

Project Logistics
Activity Name | Assigned | Due | % Grade |
Project Part 1: Identify E-Business and E-Commerce Web Apps for Planned Transformation | Unit 1 | Unit 2 | 2 |
Project Part 2: Identify Social Networking Apps…...

Similar Documents

Risk Management

... clear central authority. Software development in such an environment often crosses national, linguistic, and cultural boundaries and requires changes in the nature of risk management. Risk management is a routine practice of software development and project management. It deals with anticipating, preventing, and mitigating problems arising in the software product, project, or process, including difficulties in personnel, communication, and coordination. Traditional risk management has been effective in addressing the needs of a single organization and its relationships with its clients and subcontractors. However, the current globalization of markets, business relationships, and technology has given rise to less centralized, collaborative efforts and partnerships for multi-organizational software development. These partnerships require the modification of internal organizational practices, particularly C for collaborative communication, and significant enhancements to an organization’s risk monitoring, mitigation, and management (RMMM) activities. In response to these challenges, this article codifies the differences between CSD and single-organization development, describes an extended set of principles for CSD risk management, and outlines a new, layered risk management framework for CSD. The article also describes three critical risk factors for CSD that emerged from the authors’ field research: trust, culture, and collaborative communication. RISK MANAGEMENT IN...

Words: 6555 - Pages: 27

Risk Management

... 4 2. Risks In Software Development 5 3. Risk Management 7 4. Strategies For Risk Management 7 5. Conclusion 11 6. References 12 Introduction Nowadays, software is becoming a major part of enterprise business. Every software development project faces a significant amount of uncertainty that is usually manifested as possible risk materialization The success of a software development project is directly connected with the involved risk, i.e. project risks should be successfully mitigated in order to finish a software development project. The conditions on today’s global software market demand the most advanced software solutions from enterprises in order to be comparable and competitive. Development of an advanced software solution in the shortest possible time is a process associated with an extremely high number of risk impacts. Every aspect of a software development project could be influenced by risks that could cause project failure. It is common to say that risk is the price of opportunity, i.e. a project with a high number of risks has an opportunity on the global software market if the project is completed on time and within planned expenses. This paper is organized as follows: After this introduction, an...

Words: 2496 - Pages: 10

Risk and Risk Management

... financially. When a company is insolvent, it means that it can no longer operate and is undergoing bankruptcy. 9. General Risk Management - The process of identification, analysis and either acceptance or mitigation of uncertainty in investment decision-making. Essentially, risk management occurs anytime an investor or fund manager analyzes and attempts to quantify the potential for losses in an investment and then takes the appropriate action (or inaction) given their investment objectives and risk tolerance. Inadequate risk management can result in severe consequences for companies as well as individuals. For example, the recession that began in 2008 was largely caused by the loose credit risk management of financial firms. 10. Credit Risk Management Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. The goal of credit risk management is to maximize a bank's risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well as the risk in individual credits or transactions. Banks should also consider the relationships between credit risk and other risks. The effective management of credit risk is a critical component of a comprehensive approach to risk management and essential to the long-term success of any banking organization. 11. Managing the lending...

Words: 2314 - Pages: 10

Risk Management

...TERM PAPER: Risk management in software engineering CSC 532 Advanced Software Engineering Vijaya Sankar Karri Louisiana Tech University Table of contents Abstract Page No 1. Introduction 1 2. Risk Management Concepts 2 3. Framework Overview 3 4. The principles of risk management 4 5. Risk management in project management 5 6. Conclusion 5 7. References 6 Term Paper ------------------------------------------------- Vijaya Sankar Karri RISK MANAGEMENT vsk007@latech.edu Abstract Basically in software engineering risk management is an important part of project management. This term paper gives a detail introduction to the risk management concepts, overview of a framework. The main goal of the risk management framework is to reduce the chances of uncertain events, and to maintain all possible outputs under tight management. Risk management has to making judgments about various types of risk, software development risk, operational risk, and information security risk etc. The risk management framework is mainly intended for risk management principles for improving the quality of software development. 1. Introduction Even if most of the organizations uses risk management framework while developing software development system. The framework is used as a foundation for comprehensive risk management methodology and it also provide...

Words: 983 - Pages: 4

Managing Risk Lab 9

...Managing Risk in Information Systems Lab 9 Assessment Questions 1. How does documented back-up and recovery procedures help achieve RTO? a. By having effective backup and recovery procedures you should have the necessary resources to restore systems from backups and a repeatable process that is known to succeed in achieving RTO. By documenting and implementing backup and recovery procedures, the process for recovery is much more efficient, helping with the time portion of RTO. 2. True or False. To achieve an RTO of 0, you need 100% redundant, hot-stand-by infrastructure (i.e., IT system, application, and data, etc.). b. True 3. What is most important when considering data back-up? c. Registry, directories, and imperative operating data as well as licensing. 4. What is most important when considering data recovery? d. Most current, working recovery and in a timely manner (fast). 5. What are the risks of using your external e-mail box as a back-up and data storage solution? e. First, you are at the mercy of the provider. If it is a large recovery you may not be able to have internet access to download it. File corruption could be an issue as well as back up size allowable for email. 6. Identify the Total Amount of Time Required to Recover and Install the Lab #9 Assessment Worksheets on Your Student VM Hard Drive and open the file in Microsoft Word to verify integrity. {Insert your timed RTO using your...

Words: 711 - Pages: 3

Lab 7 Risk Management in It

... of device. Required Source Information and Tools The following tools and resources will be needed to complete this project: * Course textbook * Access to the Internet Project Logistics Activity Name | Assigned | Due | % Grade | Project Part 1: Identify E-Business and E-Commerce Web Apps for Planned Transformation | Unit 1 | Unit 2 | 2 | Project Part 2: Identify Social Networking Apps for Planned Transformation | Unit 2 | Unit 3 | 2 | Project Part 3: Identify Risks, Threats, and Vulnerabilities | Unit 3 | Unit 4 | 2 | Project Part 4: Web Application Vulnerabilities and Motivations for Attack | Unit 4 | Unit 5 | 2 | Project Part 5: Analyze the Software Development Life Cycle (SDLC) | Unit 5 | Unit 6 | 2 | Project Part 6: Plan for Compliance | Unit 6 | Unit 7 | 2 | Project Part 7: Configuration Management, Change Management, and Test Plans | Unit 7 | Unit 8 | 2 | Project Part 8: Vulnerability and Security Assessment | Unit 8 | Unit 9 | 2 | Project Part 9: End-Point Device Security | Unit 9 | Unit 10 | 2 | Project Part 10: Web Security Life Cycle | Unit 10 | Unit 11 | 12 | Deliverables Introduction As organizations transform from brick-and-mortar models to e-business models, it affects many individuals and departments, each of which has specific roles in evaluating a proposed business transformation. This activity allows a small group of students to fulfill the roles of various business employees as they consider a potential transformation to an......

Words: 737 - Pages: 3

Lab 7

...IS3445 Security Strategies for Web Applications and Social Networking Lab 7 Assessment 05/10/14 1. How does Skipfish categorize findings in the scan report? As high risk flaws, medium risk flaws, and low issue scans 2. Which tool used in the lab is considered a static analysis tool? Explain what is referred to by static code analysis. RATS, because the running of static code analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code. 3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code? Allow system commands to execute. 4. Did the static analysis tool find all the potential security flaws in the application? Yes, although such tools like these would automatically find security flaws with high degree of confidence that what it found was a flaw. 5. What is black box testing on a web site or web application? They’re designed to threat the application as an “unknown entity”; therefore, no knowledge of the tiers is provided. 6. Explain the Skipfish command in detail: ./skipfish-o/var/scans/is308lab.org –A admin:password –d3 –b I –X logout.jsp –r200000 http://www.is308lab.org This is a standard, authenticated scan of a well-designed and self-contained site. 7. During the manual code review, what is noticed about high.php to make it less likely to vicitimize users with XSS reflection and why is it considered more secure? Because when a php is at...

Words: 379 - Pages: 2

Lab 7

....tcp_syncookies = 1 Save and exit 7. Given a system that has been freshly installed your boss wants you to make sure it is up to date and locked down at the Kernel level. What steps would you take to verify what modules are loaded into the Kernel and how would you go about locking them down? To verify what modules are loaded into the Kernel = cat /proc/modules To lock them down = $ /etc/init.d/sshd stop 8. What would you enable to set the Kernel to debug mode? Why would someone choose to enable this? Have the kernel running under the control of gcb from the beginning by putting 'debug' on the command line. In order to see the IRQ process during start up, in case you want to modify something (eg. module that is not needed). 9. What is the relation between sysctl.conf and the sysctl command? sysctl is used to modify kernel parameters at runtime & sysctl is a file containing the sysctl values. 10. If you wanted to modify a kernel parameter without editing the sysctl.conf file would it be possible? If yes, please give the example. Yes, an example of this would be = # mkinitrd /boot/initrd-2.6.18-6.mike1.img 2.618-6.mike1...

Words: 473 - Pages: 2

Lab 7

...Antonio Johnson Class: Access Security Unit: IS3230 September 25, 2014 Lab 2 Design Infrastructure Access Controls for a Network Diagram Lab 2 Answers 1. To check it there I any malware, updates where it be made, and to know if any other viruses are the system or application 2. help to cut down storage and backup cost, to meet legal regulatory requirements for retrieving specific information within a set timeframe. Data strategies are different types and volume. 3. Have backup/ restore for the patch management 4. Networking monitoring allows real-time communication to take place on a data path that’s established and does change. Performances monitoring is circuit-switched networks known for stability and reliability with industry standards, it alarms the network engineers of new attack protocols. It also helps secure IT infrastructure be increasing storage needs 5. I think passwords and PIN are required for multi-factor authentication 6. Systems/Application domain because attackers will target that first. 7. Network-based firewall is a computer network firewall operating at the application layer protocol stack. Hose-based firewall is monitoring any application input, output, or systems services calls are made from. I put in the implementation, the firewall will block out malware and it let me know when the firewall needs to be updated. 8. Consuming Entering Using All 3 controls use permission called authorization which gives users right......

Words: 323 - Pages: 2

Risk Management

...1 CHAPTER 1 INTRODUCTION Risk management structure should be well thought-out, as well as a cultural fit and sustainable. (Smiechewicz, 2001) Uncertainty is not measurable. Risk is. - Frank Knight, Risk, Uncertainty and Profit (1921) 1.1 Introduction Success in business, to a certain degree, requires owners and managers to take calculated risks. The most successful business is usually managed by people who know when to push forward and when to pull back, when to buy and when to sell, when to stand firm and when to compromise. The successful company is managed by people who understand what risk in business is, and how this risk should be managed and mitigated. Risk is an undeniable reality of doing business today, whether domestically or globally. A successful entrepreneur does not fear risk, but strives to understand it, to manage it, even to take advantage of it. As risk management tools and techniques become more and more complex, however, companies require the services of a Risk Management specialist. A growing specialty in this field, globally, is that of international accounting risk management. International accounting professionals can contribute to the 2 success of their companies must have a strong grasp of financial risk management techniques for multinational and multilateral business transactions of great complexity. Unfortunately, as the world of business becomes increasingly borderless, risk management becomes, likewise, borderless...

Words: 4103 - Pages: 17

Pt1420 Lab 7

...Lab 7.1 Module main () Declare String keepGoing = “y” While keepGoing == “y” Declare String clientName = “ “ Declare Real feetUTP = 0 Declare Real subTotal = 0 Declare Real taxCost = 0 Declare Real totalCost = 0 Call inputData (feetUTP, clientName) Call calcCosts (feetUTP, subTotal, taxCost, totalCost) Call displayBill (clientName, totalCost) End While End Module Lab 7.2 Lab 7.3 Module Main() Declare integer toPower = 2 Declare integer number = 2 Declare integer counter = 0 While Counter < 7 Set toPower = 2^Number Display 2 to the power of, “number,” is,”toPower,” Counter += 1 Number += 1 End While End Module Lab 7.4 Lab 7.5 Module Module1 Sub Main() Dim keepGoing As String = "yes" Do While keepGoing = "yes" pingMe() Console.Write("Enter yes if you want to run program again") keepGoing = Console.ReadLine() Loop Console.WriteLine("Press enter to continue. ..") Console.ReadLine() End Sub Sub pingMe() Dim counter As Integer = 5 Do While counter > 0 Console.WriteLine("Count down . ") counter = counter - 1 Loop Console.WriteLine("Now ping. ..") Shell("Ping.exe 127.0.0.1", , True) Console.Out.WriteLine(" ") End Sub End Module Lab 7.6 Module Module1 Sub Main() Dim keepGoing As String = "y" ......

Words: 262 - Pages: 2

Ecet 360 Lab 3 of 7: Process Management Simulation

...ECET 360 Lab 3 of 7: Process Management Simulation Click Link Below To Buy: http://hwcampus.com/shop/ecet-360-lab-3-of-7-process-management-simulation/ L A B O V E R V I E W Scenario/Summary Process Management Simulation (Part 3 of 3) The objective of this three section lab is to simulate four process management functions: process creation, replacing the current process image with a new process image, process state transition,and process scheduling. This lab will be due over the first three weeks of this course. The commander process program is due in Week 1. This program will introduce the student to system calls and other basic operating system functions. The process manager functions process creation, replacing the current process image with a new process image and process state transition are due in Week 2. The scheduling section of the process manager is due in Week 3. You will use Linux system calls such as fork( ), exec(), wait( ), pipe( ), and sleep( ). Read man pages of these system calls for details. This simulation exercise consists of three processes running on a Linux environment: commander, process manager, and reporter. There is one commander process (this is the process that starts your simulation), one process manager process that is created by the commander process, and a number of reporter processes that get created by the process manager, as needed. 1. Commander Process: The commander process first creates a pipe and then the...

Words: 2625 - Pages: 11

Lab 7

... physiological properties of skeletal muscle using the isolated frog gastrocnemius. Concepts we will explore include the single twitch, graded response and the relationship between muscle length and tension generated. We will also explore tetanus and muscle fatigue b. By the end of lab we should be able to describe the relationship between the intensity of muscle stimulation and contractile force, and describe and explain the effects of muscle stretch, summation, tetanus and fatigue on the strength of contraction 2. Dissection→ c. Using a scalpel or sharp scissors, cut the skin of the frog around its abdomen d. Peel the skin down and off the legs of the frog 3. Equipment Setup→ e. PowerLab i. Connect the bridge pod to input 1 of the PowerLab ii. Connect the positive and negative BNC connectors of the stimulating electrode leads to the analog Outputs on the PowerLab 4. Force Transducer Setup→ f. Force transducer setup iii. Raw output from the force transducer is in millivolts. It needs to be calibrated to give the more meaningful units of Newtons (N). Force transducers also often have some residual offset voltage that needs to be corrected for. g. Zeroing Procedure iv. Leave the force transducer undisturbed and click start. v. The baseline value will be displayed in the LabTutor panel. Use the knob on the front of the Bridge Pod to adjust the baseline value to zero, then......

Words: 1350 - Pages: 6

Ecet 360 Lab 3 of 7: Process Management Simulation

...ECET 360 Lab 3 of 7: Process Management Simulation Click Link Below To Buy: http://hwcampus.com/shop/ecet-360-lab-3-of-7-process-management-simulation/ L A B O V E R V I E W Scenario/Summary Process Management Simulation (Part 3 of 3) The objective of this three section lab is to simulate four process management functions: process creation, replacing the current process image with a new process image, process state transition,and process scheduling. This lab will be due over the first three weeks of this course. The commander process program is due in Week 1. This program will introduce the student to system calls and other basic operating system functions. The process manager functions process creation, replacing the current process image with a new process image and process state transition are due in Week 2. The scheduling section of the process manager is due in Week 3. You will use Linux system calls such as fork( ), exec(), wait( ), pipe( ), and sleep( ). Read man pages of these system calls for details. This simulation exercise consists of three processes running on a Linux environment: commander, process manager, and reporter. There is one commander process (this is the process that starts your simulation), one process manager process that is created by the commander process, and a number of reporter processes that get created by the process manager, as needed. 1. Commander Process: The commander process first creates a pipe and then the...

Words: 2625 - Pages: 11

Itt Lab 7 Lab Doc

...© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION Lab #7 - Assessment Worksheet Using Encryption to Enhance Confidentiality and Integrity Course Name and Number: _____________________________________________________ john schenberger Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you learned how cryptography tools can be used to ensure message and file transfer integrity and how encryption can be used to maximize confidentiality. You used Kleopatra, the certificate management component of GPG4Win, to generate both a public and private key as both a sender and a receiver. You used the sender’s keys to encrypt a file, sent it to the receiver, and decrypted it using the receiver’s copy of the keys. Lab Assessment Questions & Answers 1. If you and another person want to encrypt messages, should you provide that person with your public key, private key, or both? The public key is the only key that I will share with another person as part of the handshake in order of the encryption take place. 2. What does Kleopatra allow you to do once it is installed? Kleopatra allow you to encrypted messages, files and text with a private key. 3. What key type was used to create the certificate on Kleopatra? What other types of encryption key......

Words: 285 - Pages: 2