...Case Study 3: Security 1. Analyze the new system and determine the design issues with this new system. With any type of fast-food restaurant grease and other types of oils are used in the process to create the food that is delivered to the customers. Since these oils are being used to create the food the employees need to touch the food and most times to either cook it or deliver the food to the customers. The unfortunate handling of this food causes the employees to get grease on their hands and fingers. This can be an issue with the design because after time the grease built up will cause the screen to become unresponsive or unreadable as well. Another design issue that the new system has is a two part security issue. First is a lack of security giving the ability for employees to login into the register interface for other employees that have forgotten their user id and passwords. This is huge concern for the management because each employee is responsible and accountable for their time on the register and money that goes into the register as well. If other employees are logging into the system for them, and the register comes out short at the end of the night, there is no body to hold accountable for the missing money. This huge security risk for management, all employees should be held accountable for their time on the register and not be logging into the system for other employees. The other security concern that is a design issue with the new system...
Words: 1983 - Pages: 8
...Case Study #1 Kristian Lauren R. Martin November 6, 2011 Case Study #1 Building the Foundation – Security Assessments As the security manager of a major corporation tasked with creating the initial security assessment and auditing program for the company, the first step in developing proposals for the security services would be conducting a comprehensive survey (policies, procedures and operations) of the entire facility to identify the critical factors affecting the security of the premises (Broder, 2006). The next step would be to analyze the vulnerabilities and recommend protection which is cost-effective (Broder, 2006). To start, establishing policies and procedures which define the mission of the security department should be the bare minimum in the role of the security department. These would include the following: * Protection against internal and external theft (to prevent embezzlement, fraud, burglary, robbery, industrial espionage and theft of trade secrets and proprietary information) * Developing access-control procedures (to protect the perimeter of the facility and other sensitive areas) and anti-intrusion systems * Establishing lock-and-key control procedures * Establishing a workplace violence program * Controlling the movement of people on the premises * Reviewing security personnel hiring and deploying * Establishing emergency and disaster recovery plans * Identifying the resources needed and available for the security program...
Words: 802 - Pages: 4
...Social security is an annual pay as you go plan since most of the revenues from social security tax are paid from social security retirees. Social security is a major retirement program in the US with a cost of $736billion each year which is an equivalent of 12.4% on earning up to a set level of earnings. The employee contributes 6.2% and the other half is take care by the employer. Medicare is the US health care program for people aged 65years and above. It is also a pay as you go program as current health benefits for people age 65 and older funded by current tax revenue from 2.9% Medicare tax on earnings and 3.8% investment surtax on wealthier investors. Half amount if paid by the employer and the other half is applied to all earnings....
Words: 322 - Pages: 2
...Week 1: Understanding IT Infrastructure Security Case Study Hello my name is YGS and I am an Independent contractor for TJX, they have requested my assistant and I will be in charge of all IT matter at TJX. In recent happenings at TJX you should by now be aware that this company was breached by a hacker by the name of the Albert Gonzalez. He stole over $170 million dollars of customer’s credit card information. As a result TJX has taken a major financial loss and our honor and credibility is in question. The reason we are in question is because it turns out the matter was not discovered until an outside source (our gateway/payment-card processing) partners came in and performed an audit to then discover we were breached. Before the audit we should have caught the transfer of 80 GB of stored data by Mr. Gonzalez. Prior to any breach of this company TJX should have been compliant with the payment card industry compliance and validation regulations. In complying with the Federal Trade Commission (FTC) under FTC jurisdiction our IT team should be consistently taking measures in place to keep customer information secure at all times. By being on top of things we would have been less vulnerable to an attack of this size and speared the embarrassment of not discovering the breach for over seven months. To of eradicated this from ever happening TJX should have made sure that our payment gateway client was compliant with their firewall configuration, protect stored cardholder...
Words: 361 - Pages: 2
...Security Threats And Attacks Week 4 Case Study Dustin Soria Security Threats And Attacks Week 4 Case Study Dustin Soria 2014 2014 Recent statistics show that a large percentage of people have the idea that computer security is an issue that only affects organizations. Many people believe that, at a personal level, there is little that one can have to do with their information especially because they don’t see if someone will need their information. In contrast, there is a lot of useful information that a third party may obtain from a personal computer that the user may not even realize. For instance, a user may have sensitive information that would lead to his or her private life, secrets, or even important financial information. Such information can be used by attackers to monitor their internet activities, whether they are logged into their own personal computer on a local network, or even the internet. The victim’s sensitive information can be sold over the internet, or even to third parties such as advertisers and criminals among others. As such, it is important that serious security measures are taken to protect one’s personal computer from such security issues. There are numerous security threats that can be on a personal computer. One of the most common threats is a Virus. A Virus is a piece of software that can replicate itself and infect a computer without the permission or knowledge of the user. A Virus can only spread when it is transmitted by a user...
Words: 796 - Pages: 4
...Case Study: Mobile Device Security and Other Threats Strayer University Authors Note This paper was prepared for CIS 502 – Theories of Security Management Abstract Mobile communication and computing devices are integral part of today’s business. This provides the executives the opportunity to work from virtually anywhere anytime and became one of the most valuable tools to make business communications. However, due to the nature and size of the device and communication methods, the devices are prone to be lost or compromised and can fall into the hands of unauthorized persons, which makes these devices a very big security concern for the businesses. In this paper the nature of IT related threats faced in 2014 are discussed along with the security issues of mobile devices. a) Security threats presented within the “Security Threat Report 2014” report: The security report of Sophos (Security Threat Report 2014 Smarter, Shadier, Stealthier Malware. (n.d.). Retrieved August 19, 2014, from https://blackboard.strayer.edu/bbcswebdav/institution/CIS/502/1144/Week8/sophos-security-threat-report-2014.pdf) highlights the emerging security risks in the world. It the report, they have identified the following concerns for 2014: a. More efficient Botnets: The botnets become more resilient and stealth by the year 2014. Along with many known attributes, the sharing and copying botnet codes have resulted in emerging new botnets which are being used for various attacks...
Words: 1993 - Pages: 8
...Case Study 1: The Critical Need for Information Security Due Week 2 and worth 100 points Access the ACM Digital Library by following the steps below: Students: 1. Login to iCampus. 2. From iCampus, click STUDENT SERVICES>> Learning Resources Center >> Databases. 3. Scroll down to "Information Systems/Computing". 4. Select “ACM Digital Library” below the heading. 5. Enter your library username and password. Faculty: 1. Login to Blackboard: bb.strayer.edu. 2. Click the "Resource Center" tab at top right of page. 3. From the list on the left, click "Databases". 4. Scroll down to "Information Systems/Computing". 5. Select “ACM Digital Library” below the heading. 6. Enter your library username and password. Download and read the following articles available in the ACM Digital Library: Bernier, M., Chapman, I., Leblanc, S. P., & Partington, A. (2011). An overview of cyber-attack and computer network operations simulation. Proceedings from MMS ’11: Military Modeling & Simulation Symposium. Boston, MA. Maughan, D. (2010, February). The need for a national cybersecurity research and development agenda. Communications of the ACM, 53(2), 29-31. Write a four to five (4-5) page paper in which you: 1. Identify at least three (3) benefits or key knowledge points that could be derived from using cyber-attack simulator systems and research, and suggest how this insight could assist in defining the...
Words: 1615 - Pages: 7
...XVI. Securities Regulation - 1933 Act A security is a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of a promoter or a third party (Howey test) Provide investors with information for securities offered for sale and to prohibit fraud in the sale of securities. The 1933 Act governs the public distribution of securities. It prohibits the offer or sale of securities to the public unless the offering is properly registered. A. Persons covered are underwriters, dealers and issuers. 1. Underwriter purchases securities from an issuer with the intent to distribute to dealers and/or the general public. E.g. UBS 2. Dealer sells or trades securities. E.g. Charles Schwab 3. Issuer is an entity whose securities are being sold. E.g. IBM B. Section 5 of the 1933 Securities Act It governs sales through interstate commerce. A registration statement must be filed with the SEC and a prospectus prepared. Periods are: 1. Pre-filing: It is unlawful for issuers, underwriters or dealers to sell securities. 2. Filing: The registration statement is effective 20 days after filing with SEC. Securities cannot be sold during the waiting period but offers such as “tombstone” ads are allowed. They include the name of the company, kind ...
Words: 2861 - Pages: 12
...A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies Joash Muganda American Public University System ISSC640 – Prof. Belkacem Kraimeche November 12, 2014 Abstract The cases of cybersecurity breaches reported by federal agencies have sharply increased in recent years due to a combination of factors. This study seeks to examine the current trends in cybersecurity breaches documented and reported by federal agencies, analyze the various factors responsible for this trend and their impacts, as well use currently available data to predict a future trend. A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies The number cybersecurity breaches reported by federal agencies has been on the increase owing to the variety of factors. According to a report by U.S Government Accountability Office, GAO (2014), federal agencies have reported increasing number of cybersecurity breaches that have put sensitive information at risk, with potentially serious impacts on federal and military operations. GAO (2014) further stated that the increase in this number is due to the fact that obtaining hacking tools has become easier, there is dramatic increase in reporting security incidents, and steady advances in the sophistication and effectiveness of attack technologies. The table below shows the number of cybersecurity breaches since 2006 to 2012 as reported by GAO (2014). Number of Incidents | 5503 | 11911 |...
Words: 987 - Pages: 4
...Before 9/11, airport security was not as tightly as controlled. It was only when the lives of nearly 3,000 people including 19 terrorist on September 11th that created a major worldwide change in the way that airport security should be perceived. Prior to 9/11, there were major problems in airport security that terrorist saw and took advantage of to enable them to successfully commit the terrorist attack. Despite all the changes to airport security since 9/11, airport security has been one of the key concerns for airport management ever since. Airliners are still a favourable target for terrorist and one effective way to stop terrorist is firstly from the measures implemented in airport security. The tragic events of 9/11 have certainly provided...
Words: 442 - Pages: 2
...A COMPARATIVE STUDY OF "FUZZY LOGIC, GENETIC ALGORITHM & NEURAL NETWORK" IN WIRELESS NETWORK SECURITY (WNS) ABSTRACT The more widespread use of networks meaning increased the risk of being attacked. In this study illustration to compares three AI techniques. Using for solving wireless network security problem (WNSP) in Intrusion Detection Systems in network security field. I will show the methods used in these systems, giving brief points of the design principles and the major trends. Artificial intelligence techniques are widely used in this area such as fuzzy logic, neural network and Genetic algorithms. In this paper, I will focus on the fuzzy logic, neural network and Genetic algorithm technique and how it could be used in Intrusion Detection Systems giving some examples of systems and experiments proposed in this field. The purpose of this paper is comparative analysis between three AI techniques in network security domain. 1 INTRODUCTION This paper shows a general overview of Intrusion Detection Systems (IDS) and the methods used in these systems, giving brief points of the design principles and the major trends. Hacking, Viruses, Worms and Trojan horses are various of the main attacks that fear any network systems. However, the increasing dependency on networks has increased in order to make safe the information that might be to arrive by them. As we know artificial intelligence has many techniques are widely used in this area such as fuzzy logic, neural...
Words: 2853 - Pages: 12
...A Study of the Causes of the Failure of the National Security Personnel System Andre Zephrine M. Pantaleo, Ph.D., M.B.A. Strayer University April 25, 2010 Context of the Problem The National Security Personnel System (NSPS) is a pay system based upon the caveat of being paid for performance. It was created in 2006 through Congressional authorization especially for the Department of Defense (DoD). Implementation of the system began in 2006 as a replacement for the General Schedule grade and step (GS) system used by the rest of the federal government. NSPS’s policies differ concerning hiring, reassignment, pay, promotion, tenure and recognition. Under the GS system, there are automatic pay increases which do not exist under NSPS. On October 29, 2009, President Obama signed legislation that repealed NSPS and restored DoD employees to the GS pay system. Full implementation of the switch back to the GS system is to occur no later than January 1, 2012. This research proposal proposes that NSPS did not succeed because of poor consideration for review boards, self evaluation, and allowances of discrimination through intention – speculatively – and more importantly unintentionally. This research proposal also posits that because of adverse impacts, similar systems would also be unsuccessful. Statement of the Problem The National Security Personnel System (NSPS) is a pay-for-performance pay system which replaced the General Schedule (GS) grade and step system for the...
Words: 4626 - Pages: 19
...A Study of CAPTCHA for Web Security Abstract— As the increase of Internet usage in term of available services provided, user gains more convenience but also face a challenge. Online services such as Email, search engine, social networking may be abused by the automated program or web bots. To ensure the service is used by human, most of them use Completely Automated Public Turing test to tell Computers and Human Apart (CAPTCHA) methods to securing their web services. This paper will discuss the various types of CAPTCHAs and issues in designing the good CAPTCHA in term of security and usability. Keywords: CAPTCHA, TEXT-Based, GRAPHIC-Based, AUDIOBased, Robustness, Usability Online Polls: Result of any online poll can only be trusted if the poll system ensures that only humans can vote. Preventing Dictionary Attacks: CAPTCHAs can also be used to prevent dictionary attacks in password systems. Search Engine Bots: Configuring the website as nonindexed page is important to prevent others from finding them easily. This is why CAPTCHA is important Worms and Spam: CAPTCHAs also offer a reasonable solution against email worms and spam which only accept if the sender is a human [2]. I. INTRODUCTION A CAPTCHA which is stand for Completely Automated Public Turing test to tell Computers and Human Apart is a challenge response test which gives a challenge to the users. It is one of Human Interaction Proofs. When the user gives accurate answer he is considered as...
Words: 2733 - Pages: 11
...Exercise #10: Suggestions 1. Suggestions for “SECURITY DEPOSITS” Each tenant agrees to pay a security deposit in the amount specified in the dwelling lease. When the lease has been terminated, the housing authority can use the security deposit if the dwelling unit requires cleaning and/or repairs for any damages beyond normal wear and tear that may have been caused by the tenant, his/her family, and/or dependents or guests. In addition to this, the housing authority can use the security deposit toward reimbursement of any rent or other charges owed by the tenant or the tenant's remaining family. If there happens to be an unused amount of the security deposit, the housing authority must refund the money to the tenant within thirty (30) days after...
Words: 765 - Pages: 4
...1. Why did some previous attempts to use artificial intelligence technologies fail? What key differences of the new AI-based applications versus the old cause the authors to declare that automated decision making is finally coming of age? One reason that previous attempt to use artificial intelligence failed was because it was difficult to extract knowledge from the experts. It was also very expensive to keep running,so this definitely played a role in the demise of previous attempts. Due to limited capabilities there was a lack of business applications. There was also a lack of interest in the technology all together. Some of the key differences were the reduction of overhead, which primarily was due to maintenance. The new AI also was embeded directly into the workflow and was not a separate step in the process. The new one also translates into action. 2. What types of decisions are best suited for automated decision making? Provide several examples of successful applications from the companies in this case to illustrate your answer. There are many decisions best suited for automated decision making, but the first that stands out to me is that inputs are available electronically rather than human input. There is also more frequency in automated decision making. The automated decision making problems are not so broad, but are more narrow and well defined. One example of successful application is bank credit customers can complete the application within five minutes, at which...
Words: 527 - Pages: 3
