Project #62602 - ITEC

 

 

 

Part 2: Short Answers (10 points each). Please answer briefly and completely, and you must cite all sources of information.

 

 

 

 

 

  1. An electronic mail system could be used to leak information. First, explain how the leakage could occur. Then, identify controls that could be applied to detect or prevent the leakage.

     

  2. Respond to the allegation "An operating system requires no protection for its executable code (in memory) because that code is a duplicate of code maintained on disk."  Is the statement true?  Why?

     

  3. Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 12 characters in length.  Assume a password cracker with an encryption rate of  8 giga encryptions per second.  How many years will it take to test exhaustively all possible passwords on a UNIX system?  Note: You must show the procedures of calculation as well.

 

 

 

 

 

  1. Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann’s private and public keys respectively. The same for Bill (Billpriv and Billpub).

     

 

  1. If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)? (3 points) 

     

  2. Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)? (3 points)

     

  3. Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer. (4 points)

      

     

 

  1. As part of a formal risk assessment of the main file server for a small legal firm, you have identified the asset “integrity of the accounting records on the server” and the threat “financial fraud by an employee, disguised by altering the accounting records.”  Suggest reasonable values for the items in the risk register for this asset and threat with justifications for your choice.

     

 

 

 

 

 

Part 3: Short Essay (20 points). Please restrict your answer to three (3) pages (double spaced) or less.  You must cite all sources of information if any.

 

 

 

Steven Information Technology, Inc. (SITI) is a fictional multi-national company providing outsourced financial services to a variety of clients across many industries, including commercial and government entities. SITI specializes in billing and invoicing services, in which SITI receives relevant data from its clients and processes the data to produce the invoices, monthly statements, and other billing items that are sent to SITI's clients' customers. SITI employees serve the company's customers both on-site at customer locations and while working in SITI facilities. SITI employees routinely store data related to multiple clients on their company-issued laptops.

 

 

 

SITI's Chief Information Officer, having read of the numerous data breaches reported among commercial and government organizations, has become concerned about the risk to SITI's customers and potentially the company's reputation if SITI were to experience a similar breach. He has tasked you, the Director of Information Security, to create a new corporate policy regarding the protection of client and company confidential data stored on employee computers, particularly including laptops. Respond to each of the following, taking into account material we have studied in this course regarding threats and vulnerabilities. Cite the pertinent sources used in your answer. Be specific and briefly but fully explain and give reasons for your answers.

 

 

 

    1. Summarize the primary vulnerabilities and potential threats that exist for SITI related to the practice of storing sensitive data on laptops. Use your answer to clarify the difference between vulnerabilities and threats (if there are any). In your opinion, which of the risks SITI faces are most significant to the company?

       

    2. What measures would you propose to senior management to try to prevent a breach of data held by SITI? Your response should include recommendations for mitigating vulnerabilities identified in part (a).

 

 

 

    1. Discuss the key characteristics of a policy statement and write one specifying employee and company responsibilities for protecting client and corporate data, such as the data stored on employee laptops. Be sure to address requirements for protecting the data from theft, and for rendering the data unusable should it be compromised.

 

 

 

 

 

Note please answer the above questions a-c separately.  Your total answer to all three questions should be restricted to three (3) pages (double spaced) or less.  In addition to the answer, you must cite all sources of information if any.  

 

Subject Computer
Due By (Pacific Time) 03/17/2015 03:00 pm
Report DMCA
TutorRating
pallavi

Chat Now!

out of 1971 reviews
More..
amosmm

Chat Now!

out of 766 reviews
More..
PhyzKyd

Chat Now!

out of 1164 reviews
More..
rajdeep77

Chat Now!

out of 721 reviews
More..
sctys

Chat Now!

out of 1600 reviews
More..
sharadgreen

Chat Now!

out of 770 reviews
More..
topnotcher

Chat Now!

out of 766 reviews
More..
XXXIAO

Chat Now!

out of 680 reviews
More..
All Rights Reserved. Copyright by AceMyHW.com - Copyright Policy