assignment need completed

nyrkabqvar
timer Asked: Sep 21st, 2014

Question Description

classes 1&2 

we agree on 450

Unformatted Attachment Preview

INFORMATIOIN SYSTEM CONTROLS AND AUDITING (CLASS 1) Unit 1 IP After further review of the situation, you determine that this will be the first review that LSS has conducted or been subjected to. An audit procedure needs to be established. • • • Describe the steps that need to be followed to establish auditing functions for LSS. Describe the audit areas that would be applicable to your contracted audit. Describe which information systems would be considered part of the scope for the audit. Unit 2 IP To assist LSS, your contract has been expanded to also perform an access control audit. • Describe the process needed to perform the audit. For a typical network environment (that includes a database with health care information, an HR database and application, and call center workstations that access private information), describe some typical devices or assets and issues that might be encountered when auditing them. • List and describe at least 4 possible examples. Unit 3 IP You have been asked to develop an access control policy for LMJ-Star Services (LSS) based on your understanding of the sensitivity of financial data and health care data. Research access control policies, and tailor a policy specifically for LSS. • • Ensure that all appropriate sections of a formal policy are put in place. Discuss how this policy can be converted or interpreted into control in terms of an audit. Unit 3 will also be graded by extra criteria as follows Unit 4 IP Group Discussion #1: In the Unit 2 Individual Project, you were tasked to identify 4 vulnerabilities for various assets. Using all of these for each group member, consolidate the list of vulnerabilities and assets into a Discussion Board, and discuss the reality of an exploit of each the vulnerabilities. Rank the top 6 most vulnerable assets. Group Discussion #2: Review the 3 controls/policies for each group member from the Unit 4 Discussion Board, and pick 3 that you will use in your group submission, one from each of the areas (user, acceptable use, and database access). Explain in the Discussion Board area why each was chosen. Group Discussion #3: Describe valid safeguards that could be implemented to address the findings from the audit in Group Discussion #2. Group Submission: Simulate an audit of the information systems. Describe how the team would approach an audit of the 6 assets from Group Discussion #1 against the controls from Group Discussion #2, and then list the safeguards from Group Discussion #3 to help resolve the findings. Individual Portion: Create an audit report showing the results from the audit in an acceptable format. Unit 5 IP As you review the audit report and assess the findings and safeguards that the audit team proposed, you wonder how management will choose to address the findings. Managers have options when presented with findings from an audit. Describe the following options: • • • • Reduce Accept Avoid Transfer For each of your findings and safeguards, try to anticipate the management reaction, and suggest the plan of remediation that the managers should take. WEB APPLICATION SECURITY STRATEGIES (CLASS 2) Unit 1 IP Your company developed an Order Entry Intranet application for its sales personnel to enter orders for processing on behalf of their customers. Now your company wants to make a version of this Order Entry application accessible over the Internet so that customers can enter their orders directly by themselves without the assistance of a sales person. As the resident security expert in your company, you are asked by the CEO of the company to: • • Contrast security context of the proposed Order Entry Internet web application from the security of its Intranet version of the same application Identify and explain at least four reasons that make Internet web applications more susceptible to hacking than their Intranet counterparts Write a 2-3 page word document to present your analysis and finding to the CEO of your company. Unit 2 IP Visit the Open Web Application Security Project (OWASP) web site located in the Unit's web resources. Search for the list of the OWASP Top 10 security risks. In a 2-3 page word document, complete the following: • • Examine the list and then select five security risks from the list and for each security risk. For each security risk, define the risk and the vulnerabilities involved. • Propose countermeasures to prevent risk’s vulnerabilities. Unit 3 IP Your company developed an Order Entry Intranet application for its sales personnel to enter orders for processing on behalf of their customers. Now your company wants to make a version of this Order Entry application accessible over the Internet so that customers can enter their orders directly by themselves without the assistance of a sales person. Your company CEO and its board of directors approved the proposed Order Entry Internet web application. However the CEO was not comfortable with two aspects of the Internet application security risks and wanted to know more about them. These two risks are SQL injection and cross-side scripting. The CEO asked you, as the resident security expert, to write a document on the following: • • Compare these risks and their vulnerabilities Provide an example of how they could compromise the security of the proposed Order Entry Internet web application Unit 4 IP Download the popular browser proxy tool called Fiddler and the HTTP Sandbox web site. Web links are located in the web resources for this Unit. Using both, complete the following: Devise a scenario of tampering and manipulating HTTP requests and responses to and from this HTTP Sandbox web site using Fiddler, collect the results you received, and document your work. Your documented work must include: • • • • Your designed scenario of manipulating HTTP requests and responses and how you implemented them using Fiddler A screenshot of the HTTP request you send to the Sandbox web site showing the details of what you sent A screenshot of the HTTP responses you received from the HTTP Sandbox web site showing the details of what was received Your conclusions You can use this video about Using Fiddler for Simple Request Tampering as a resource for this assignment. The link to this video is located in the web resources for this Unit. Unit 4 will also be graded with the following criteria Unit 5 IP Your company developed an Order Entry Intranet application for its sales personnel to enter orders for processing on behalf of their customers. Now your company wants to make a version of this Order Entry application accessible over the Internet so that customers can enter their orders directly by themselves without the assistance of a sales person. The company CEO learned that input validation of user entered data to Order Entry Internet web application is one major security risk that the company must address comprehensively and thoroughly. He asked you, as the resident security expert, to propose several techniques to protect against and secure user input to the Order Entry Internet web application. Go to the Web Resources for this Unit and download the vulnerability scanner application. After installing evaluate its features and answer in a Word document the following: • • Discuss five application vulnerabilities it could possibly detect in the Order Entry application. Discuss three database vulnerabilities it could possibly detect in the Order Entry application. • Compare its features with the features of Fiddler debugging tool that you used for Individual Project for Unit 4.
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors