SRA 111 FINAL

docx

School

Pennsylvania State University *

*We aren’t endorsed by this school

Course

111

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

3

Uploaded by tahaejaz19

Report
SRA111 FINAL 30 points Please read the questions carefully. They are designed for you to apply your knowledge of SRA111 to answer them. Think about what you have read, your discussion boards, and your projects. When you have this complete, please save the document as a word document with your LAST NAME (i.e. morgan.docx) and upload the file to the FINAL. 1. After reading Week 3 (Password Article) discussion board posts and responses, why do you believe passwords should be changed every 90 days and no repeats on prior passwords? Please reference quotes from fellow classmates and/or from the article. (Please limit your answer to 100-200 words) (5 points) Based on Week 3 posts and responses, the consensus is that for passwords to be secure, it is vital to change them each 90 days and no repeat passwords. Another classmate noted, "Changing passwords regularly helps reduce the threat of unauthorized entry to your account," which is likewise the key point of the thing that the writer shows the usage of preventive security measures. Another one mentioned, “Using exclusive passwords keeps the attackers from having access to more than one debt even if one password is compromised; just like what the article has cited.” These insights are evidence why normal password modifications, and the absence of repetitions assist to reduce risks and save you facts leakages. 2. As the CEO of a 5A1 company, (reference Dun & Bradstreet for meaning), you have instructed your Chief Financial Officer and your Network Administrator to restructure your “log-in” procedures for employees, who use computer devices within your company. You noticed there are gaps. Some employees use a multi-level and some use a single sign-in. Briefly outline a structure from top to bottom defining the Authentication-Authorization-Access Control for the different groupings within the business. (Do not assume that the CEO has the highest credentials and note the reference to a “5A1 company”) (10 points) Being the CEO of a 5A1 organization and representing myself with a highest credit rating and reliability according to Dun & Bradstreet, it is of utmost importance that the company set up solid cybersecurity measures. Executive level Authentication: Biometric authentication and strong passphrase interplay. Authorization: Sensitive financial and strategic data of all levels. Access Control: Permission-based access control restricting the role-based privileges to minimum. Management Level: Authentication: Strong passphrase and MFA after specified periods. Authorization: Access to the departmental data and management tools. Access Control: Periodic access reviews under RBAC to ensure the relevance.
Staff Level: Authentication: Long passwords with periodic password changes. Authorization: The restriction of information includes specific job-based data and applications. Access Control: Enforcing role-based access with least privilege rule. Contractors/Temporary Staff: Authentication: Credentials with temporary lifespan and limited validity. Authorization: This includes restricted access to vital tools and data. Only. Access Control: Reduced access dependent on project requirements, continuous monitoring. Visitor/External Partners: Authentication: Guest credentials holding temporary access tokens. Authorization: Sensitive areas and resources only accessible by authorized personnel. Access Control: Time - bound access with escorted privileges and a visitor logs sheet. The system implemented adheres to a layered defense leading to a reduction of risks related to unauthorized access and ensuring compliance with industry standards and best practices. 3. Use a Multiplicative Cipher to decipher the message. C = 5P mod 26 (5 points) CIPHERED TEXT: IXNGH QGIBY IDUNC YHFDL AKCNH AN-AHB CE! Please complete the tables below and decipher the above code. Show all work or you will lose points. You answer will be a phrase. Plaintext a b c d e f g h i j k l m Position 1 2 3 4 5 6 7 8 9 10 11 12 13 Multiply by 5 5 10 15 20 25 30 35 40 45 50 55 60 65 Mod 26 5 10 15 20 25 4 9 14 19 24 3 8 13 Cipher text E J O T Y D I N S X C H M Plaintext n o p q r s t u v w x y z Position 14 15 16 17 18 19 20 21 22 23 24 25 26 Multiply by 5 70 75 80 85 90 95 100 105 110 115 120 125 130 Mod 26 18 23 2 7 12 17 22 1 6 11 16 21 0 Cipher text R W B G L Q V A F K P U Z
Deciphered message: SPRIN GISJU STARO UNDTH ECORN ER – ENJ OY! “SPRING IS JUST AROUND THE CORNER – ENJOY! “ 4. As a Network and Security Administrator, you are asked to monitor employee activity during the day. Your AUP policy does not permit the use of outside devices. You noticed a rogue device on your network. What procedures do you follow to eliminate and prevent future usage of this device on your network? What happens to the owner of the device, who is NOT employed at your company? (5 points) Upon discovering a rogue device, I will disable it from the network to prevent additional unauthorized access. After that I would investigate its source by means of network monitoring tools and by means of logs examination to trace its origin. I would alert the involved authorities and raise the matter to management at the same time. To prevent such incidents from recurring, I will make the Acceptable Use Policy (AUP) among employees clear and will introduce stricter access controls and update protocols for example. If it is a non-employee rogue device is identified, I will inform them of the breach and possible legal implications according to the company's policy. Extensive documentation of the occurrence, actions taken as well as any judicial processes is a must for compliance and avoidance. 5. You as a small business owner have chosen NOT to comply with the Federal credit card standards set forth. You use your smartphone for customer transactions. Your smartphone is hacked and at least 20 customer credit card/identification information is stolen. What should you as a small business owner have done to protect your customers? (5 points) (The answer is NOT “they should have complied with the standards). As an owner of a small business which relies on a smartphone to do customer transactions, some of the preventive actions can be taken to secure the customer info. Encrypting the data transmission for secure data communication is the first step. Moreover, additional layer of protection would probably be formed from paying with the reliable and strictly up- to-date payment processing apps. The utilization of two-factor authentication would be another step for improving the security on the smartphone and associated accounts. Constant software updates and training of employees regarding the security practices are the key point. Furthermore, ongoing determining of anomalies as well as creation of a complete incident response plan could minimize the consequences and prevent danger in case of a breach. The procedures encompass the protection of client credit card and identification information even without the federal compliance.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Rocket Fuel Case Study.pdf
Homework Access Week 5.xlsx
EMM301-0500 Homeland Sec.Emergency Mgt Week 3 Sean Meredith.pptx
EMM301-0500 Homeland Sec.Emergency Mgt Week 1 Sean Meredith.pptx
Week 6 .docx
Module 6 Assignment.docx
BSBWHS411_TL_Unit Workbook.pdf
Part B BSBPEF402 - Develop personal work priorities.pdf
CSSS-5220 Week 6 Assignment.docx
CSSS-5220 Week 3 Assignment.docx
CSSS-5220 Week 8 Assignment.docx
Broadcom’s Google TPU Revenue Explosion, Networking Boom, VMWare Integration.pdf