Discussion board REPLAYS, computer science homework help

User Generated

Zvxr6832

Computer Science

Description

Hello I attached a file with two discussion boards. I want one REPLAY for each discussion board please use paragraphical and in-text citations where necessary and please give me reference

Unformatted Attachment Preview

Hello I want two REPLAYS or RESPONSE for the following discussion boards. Plese give one replay for each discussion board. Please give me references and intext citations. DISCUSSION BOARD QUESTION Pick one of the 22, MIT 6.858 Computer Systems Security, Fall 2014 videos and create your own thread discussing at least three concepts presented in or that you learned from the video. DISCUSSION BOARD-1 Hello Everyone, High-level plan in consideration for security Before setting the security requirements, one should set the policies to be followed. This should be the goals one needs to achieve from planning the security. These policies will help in securing the system to ensure that there are no loopholes in the system. The system should be in a position to meet the common goals required for the success of the security protocol. It should incorporate confidentiality, availability, and integrity. This is to enhance safe and effective service delivery through the set system. The person setting and preparing the threat system should come up with a threat model which is based on what the attacker can do. This gives the person the chance to plan in the best way possible on ways of countering the attack. The system should thus be in a position to respond to an attack as the person involved prepared the best system (Rostami, Koushanfar, Rajendran, & Karri, 2013). There should also be a clear mechanism which is the knob that the system gives to assist in upholding the policy. The person planning the system should also work in accordance with the resulting goal of the system. There should be no room for challenge in the set threat model which might violate the used policies. The goals should be directed in creating a strong and secure system which will minimize the loss of information and data. The goals may not have a direct impact on the set mechanism thus there is the need to eradicate any adversary which might be available in the threat model (Rostami, Koushanfar, Rajendran, & Karri, 2013). The person setting the system should be in a position to read the mind of what the person might to breach the system. Why it is hard to meet the security targets or goals A lot of people assume the threat model which makes it hard for them to understand the ability and what the other person might do to breach security. When the person planning for security does not do enough to learn about the possible ways the attacker can break into the system. On the other hand, a lot of the threat models used do not have the boundary. It is important for the person setting the security mechanism to understand what the system can do and what in cannot do. The more secure the system is, the less the risks involved are, the weakest links of the security system matters as it helps in identifying areas which need to be strengthened (Rostami, Koushanfar, & Karri, 2014). Ways of avoiding mechanism problems The first step should be the reduction of the amount of security-critical codes so that it can reduce the reliance. A person should not rely on the whole application to enforce security as it may be easily breached. The other step or precaution is to evade the use of bugs in security-critical codes (Sgandurra, & Lupu, 2016). The person setting the security system can avoid the use of gets () but instead, use gets, this can limit the buffer length and at the same time creating a strong security mechanism. There should be a severe testing of the common security mechanisms and the person should avoid the use of mechanisms which have bugs. This is because it makes the access to the security mechanism so easy and weak. A good mechanism should be in a position to support many uses and policies (Sgandurra, & Lupu, 2016). Reference https://www.youtube.com/watch ?v=GqmQgcszw4&index=1&list=PLUl4u3 cNGP62K2DjQLRxDNRi0z2IR WnNh Rostami, M., Koushanfar, F., & Karri, R. (2014). A primer on hardware security: Models, methods, and metrics. Proceedings of the IEEE, 102(8), 1283-1295. Rostami, M., Koushanfar, F., Rajendran, J., & Karri, R. (2013, November). Hardware security: Threat models and metrics. In Proceedings of the International Conference on Computer-Aided Design (pp. 819-823). IEEE Press. Sgandurra, D., & Lupu, E. (2016). Evolution of attacks, threat models, and solutions for virtualized systems. ACM Computing Surveys (CSUR), 48(3), 46. Thanks, DISCUSSION BOARD-2 Information Security Elements Careful consideration was given to the development of the information security elements that help protect and adapt to new threats and vulnerabilities. These defined elements are as follows: Organization & Authority – Focuses on the roles and responsibilities for providing the required it leadership, objectives, and resources for the development and enforcement of appropriate governance programs. Policy – Focuses on establishing appropriate policy oversight, IT security polices, and supporting IT security efforts to set required standards, guidance, and enforcement to meet compliance and risk requirements. Audit & Compliance – Focuses on compliance and security audits within the organization to provide management and regulators with assurance that controls are adequately designed and operating effectively to meet compliance and risk management requirements for information security. Risk Management & Intelligence – Focuses on proactively identifying new threats, vulnerabilities, and risks through key strategic alliances, innovative information gathering, and information sharing practices. Also, focuses on going risk assessments, identification of risk tolerance levels, and implementation of associated risk control programs. Company will be better off if it integrates its business strategy and information security plan/strategy. Cost of information security should not exceed the cost of business, however the dramatically increasing needs and requirements of the businesses should not put the overall company’s information security in danger and the best way to do it is the balanced alignment of both sides. I would like to discuss a cyber-attack on a bank named “AXIS BANK”. It is the third largest private banks of India. This attack targeted hijacking accounts of the customers. The officials from a Russian based security firm Kaspersky Lab told about the intrusion. But the good is that no funds were stolen during this hack. Reference: csuchico.edu. (n.d). Information Security Plan. Retrieved from: https://www.csuchico.edu/isec/documents/information-security-plan-2009.pdf https://www.youtube.com/playlist?list=PLUl4u3cNGP62K2DjQLRxDNRi0z2IRWnNh
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

attached is the assignment.

Outline
Student’s response
References


Student’s response on system security
This was an interesting read. Your discussion was very informative and well-articulated
with subtitles. I learnt a lot about security and how crucial it is and the importance of handling it
with care. I now understand that, for a successful security protocol, the system should exercise
confidentiality, availability and integrity thus serving the intended purpose.
Just to add on the discussion, the employees can ...


Anonymous
Really helped me to better understand my coursework. Super recommended.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags