Hello I attached a file with two discussion boards. I want one REPLAY for each discussion board please use paragraphical and in-text citations where necessary and please give me reference
replays.docx
Unformatted Attachment Preview
Hello
I want two REPLAYS or RESPONSE for the following discussion boards. Plese give one replay for each
discussion board. Please give me references and intext citations.
DISCUSSION BOARD QUESTION
Pick one of the 22, MIT 6.858 Computer Systems Security, Fall 2014 videos and create your own
thread discussing at least three concepts presented in or that you learned from the video.
DISCUSSION BOARD-1
Hello Everyone,
High-level plan in consideration for security
Before setting the security requirements, one should set the policies to be followed.
This should be the goals one needs to achieve from planning the security. These policies will
help in securing the system to ensure that there are no loopholes in the system. The system
should be in a position to meet the common goals required for the success of the security
protocol. It should incorporate confidentiality, availability, and integrity. This is to enhance
safe and effective service delivery through the set system. The person setting and preparing
the threat system should come up with a threat model which is based on what the attacker can
do. This gives the person the chance to plan in the best way possible on ways of countering
the attack. The system should thus be in a position to respond to an attack as the person
involved prepared the best system (Rostami, Koushanfar, Rajendran, & Karri, 2013).
There should also be a clear mechanism which is the knob that the system gives to
assist in upholding the policy. The person planning the system should also work in
accordance with the resulting goal of the system. There should be no room for challenge in
the set threat model which might violate the used policies. The goals should be directed in
creating a strong and secure system which will minimize the loss of information and data.
The goals may not have a direct impact on the set mechanism thus there is the need to
eradicate any adversary which might be available in the threat model (Rostami, Koushanfar,
Rajendran, & Karri, 2013). The person setting the system should be in a position to read the
mind of what the person might to breach the system.
Why it is hard to meet the security targets or goals
A lot of people assume the threat model which makes it hard for them to understand
the ability and what the other person might do to breach security. When the person planning
for security does not do enough to learn about the possible ways the attacker can break into
the system. On the other hand, a lot of the threat models used do not have the boundary. It is
important for the person setting the security mechanism to understand what the system can do
and what in cannot do. The more secure the system is, the less the risks involved are, the
weakest links of the security system matters as it helps in identifying areas which need to be
strengthened (Rostami, Koushanfar, & Karri, 2014).
Ways of avoiding mechanism problems
The first step should be the reduction of the amount of security-critical codes so that it
can reduce the reliance. A person should not rely on the whole application to enforce security
as it may be easily breached. The other step or precaution is to evade the use of bugs in
security-critical codes (Sgandurra, & Lupu, 2016). The person setting the security system
can avoid the use of gets () but instead, use gets, this can limit the buffer length and at the
same time creating a strong security mechanism. There should be a severe testing of the
common security mechanisms and the person should avoid the use of mechanisms which
have bugs. This is because it makes the access to the security mechanism so easy and weak.
A good mechanism should be in a position to support many uses and policies (Sgandurra, &
Lupu, 2016).
Reference
https://www.youtube.com/watch
?v=GqmQgcszw4&index=1&list=PLUl4u3
cNGP62K2DjQLRxDNRi0z2IR
WnNh
Rostami, M., Koushanfar, F., &
Karri, R. (2014). A primer on
hardware security: Models,
methods, and
metrics. Proceedings of the
IEEE, 102(8), 1283-1295.
Rostami, M., Koushanfar, F.,
Rajendran, J., & Karri, R. (2013,
November). Hardware security:
Threat models and metrics.
In Proceedings of the
International Conference on
Computer-Aided Design (pp.
819-823). IEEE Press.
Sgandurra, D., & Lupu, E.
(2016). Evolution of attacks,
threat models, and solutions for
virtualized systems. ACM
Computing Surveys
(CSUR), 48(3), 46.
Thanks,
DISCUSSION BOARD-2
Information Security Elements
Careful consideration was given to the development of the information security
elements that help protect and adapt to new threats and vulnerabilities. These defined
elements are as follows:
Organization & Authority – Focuses on the roles and responsibilities for providing the
required it leadership, objectives, and resources for the development and enforcement of
appropriate governance programs.
Policy – Focuses on establishing appropriate policy oversight, IT security polices, and
supporting IT security efforts to set required standards, guidance, and enforcement to meet
compliance and risk requirements.
Audit & Compliance – Focuses on compliance and security audits within the organization to
provide management and regulators with assurance that controls are adequately designed and
operating effectively to meet compliance and risk management requirements for information
security.
Risk Management & Intelligence – Focuses on proactively identifying new threats,
vulnerabilities, and risks through key strategic alliances, innovative information gathering,
and information sharing practices. Also, focuses on going risk assessments, identification of
risk tolerance levels, and implementation of associated risk control programs.
Company will be better off if it integrates its business strategy and information
security plan/strategy. Cost of information security should not exceed the cost of business,
however the dramatically increasing needs and requirements of the businesses should not put
the overall company’s information security in danger and the best way to do it is the balanced
alignment of both sides.
I would like to discuss a cyber-attack on a bank named “AXIS BANK”. It is the third
largest private banks of India. This attack targeted hijacking accounts of the customers. The
officials from a Russian based security firm Kaspersky Lab told about the intrusion. But the
good is that no funds were stolen during this hack.
Reference:
csuchico.edu. (n.d). Information Security Plan. Retrieved from:
https://www.csuchico.edu/isec/documents/information-security-plan-2009.pdf
…
Purchase answer to see full
attachment
Recent Comments