Aaron Elliott
Forum Replies Created
-
Posts
-
I have had many vices that was formed addictions, like nicotine, and caffeine. I recognize that I am blessed to not have been swallowed by worse vices, being controlled by worldly substances is not how I want to live. I have prayed for the willpower to curb and ultimately quit my vices, and I am blessed in that I have given up nicotine, but I maintain my prayers for strength as I do not want to start the habit again.
To effectively prevent fires, housekeeping must be kept to an expected standard set by the security officer. Routines in cleaning and guidelines on how working areas should be kept will need to be developed. Detecting any accidental fires faster will help reduce the cost and the risk of harm to people, so fire alarms in locations that fire can start, and areas of air flow will help in this matter. Also having the proper fire extinguisher on location for the type of fires that can occur, along with the training for what fires require what kind of fire suppression. Regular fire drills for associates need to be conducted on a regular basis, and fire marshals designated for all work areas to assist in managing procedures in case of a real fire.
A specific cyber security crime can be initiated by a disgruntled employee, who feels like they have been wronged by the company and wishes to get back at their employers. In a scenario like this the employee has credentials to sensitive information and wishes to hurt the company before leaving. The employee finds a discussion thread for hackers on the dark web and posts an offer of valuable information for a cut of the profit after selling the stolen data. Once a hacker accepts the offer, who wishes to take corporate information and sell it to competitors or other interested parties, the employee provides their secure credentials and paths to the data.
With a crime where information is stolen, the reputation and financial costs for the company could largely impact the company, to the point of bankruptcy. The information could be payment information of customers, which the company would be liable for. On top of the financial loss, company trust from consumers would take a plummet as well.
A security officer will want to develop a Business Continuity Plan. In the plan countermeasures to prevent a shutdown of the capability to perform critical business services will need to be implemented. Fault tolerancing and redundancies are needed, hard drive failure and many critical devices wear over time, so a plan to countermeasure any data loss or breach in security is needed. Fire safety measures, policies on how to react to fires and fire suppression are also common countermeasures, along with insurance that is reviewed consistently. In case of a catastrophic failure at the main facility, having a backup facility will be required, or a way to contract the business out until repairs are made. A hot site, where the business can pick up in a few days and get operational again, or a cold site that will need refurbished with equipment can be used as well. Contingency plans for security will need to be maintained when disaster occurs, especially if business operations are moved off the original site, the same level of security needs to be upheld still.
I was always taught that God would not hand you more than you can handle, but there’s plenty of times that it feels like there is no hope. I understand now that I am not meant to handle life’s challenges alone but ask for Jesus to be with me and pray when I feel hopeless. I beleive I have made it where I am in life thanks to Jesus and my beleif in him.
Advanced attacks are thefts done by side channels, which is using data regarding systems that perform tasks and give off readings that can be tracked by bad actors like power usage and heat given off by the device. When the attackers know a sensitive process is being performed, they can use the byproduct of the process to find an entry point. Third party attacks are dangerous due to the trusted nature and attackers gain access through means out of the scope of the base company.
Security Officers would need to be able to separate the sensitive data from what is being leaked. Perhaps through the use of a honeypot to distract attackers in to thinking they found valuable data while keeping the critical data safe. Proper shielding of equipment from heat and energy data being recorded from unauthorized parties.
Database security faces serious threats including theft of data. This would damage the company’s integrity and trust with clients and customers, potentially ruining the company. Data theft has the potential to earn a lot as the data could be very valuable to competitors or on the black market if they contain personal information. The company would be responsible to correct the breach in security, and also reimburse any lose to costumers due to the breach.
Another common threat to all data would be from the inside, being the employees. Associates with access could be approached by competitors to acquire data that is confidential to the current company, essentially stealing data. Employees can also be compromised through bad actors in phishing emails and have their credentials stolen and giving the thieves access to the database.
The software development cycle is important to security officers since security needs to be involved in every step of the process and not baked in at the last minute. The handling of data and systems that were previously in place will also need to be taken care of by security officers, by deciding how to retire equipment and what data can be discarded and the proper way of erasing the data. The SDLC is a software development framework that specifies the steps in the development process. The SDLC is important to security officers since not all officers may be programmers, but oversight and peer review can be implemented into the steps of coding to audit security measures. The steps being laid out for teams to follow help all members work together to create a program that is efficient and meets company and user needs.
In today’s world Satan’s work of dividing God’s people is easy to see, news headlines focus on controversies of war or hate and rallying people against beliefs they do not agree with. God’s people holding resentment for each other for how they worship God is not in their opinion correct is also heartbreaking. I will do the best I can to follow the morals of the Bible to love my neighbor and spread this message to those in my life.
I beleive the most harmful threat would be backdoors. Backdoors are created in order to speed up development and hotfixes, which is a benefit to developers and will be reluctant to remove so they can have an easier job in the future, also to meet deadlines a faster solution is needed. Usually, developers are not the one in charge of security concerns, so it is treated as an afterthought. A way to prevent such threats would be to properly tag such shortcuts and remove before pushing the code into production.
Three important cybersecurity issues are malware. phishing, and denial of service attacks. These attacks are commonly performed, as well as malware and phishing attacks involve the companies’ own associates to neglect security policies or not have adequate training to recognize such attacks. Both phishing and malware aim to steal company data and put the company at risk of large costs to correct such data loss. Denial of service attacks can ransom the companies’ entire network or keep the network unavailable and has the chance to put the company out of business.
Proper training of staff to spot network attacks is required to lessen the possibility of malware and phishing attacks. As well as filtering packets with external sources to lessen the chance of denial-of-service attacks.
Fire walls block ports from unverified connections and protects one network from another. Fire wall types include:
Generation 1: performs packet filtering and forms of access controls. Involves router settings and works on layer three of the OSI model.
Generation 2: Is a proxy firewall that stands between trusted and untrusted devices. Working at the application layer and follows specific protocols.
Generation 3: Is a stateful firewall, so settings for what is allowed and not, and anomalies have to be set up before use is needed.
Generation 4: A packet filtering firewall that includes stateful qualities as well as proxy firewalls. Packets are screened for expected packets which increases security, but proper settings are needed to reduce the effect on performance.
Generation 5: Works in the kernel of a system and has direct integration with the operating system and has more control over security.It is important to understand firewalls as they are the first line of defense for networks. With many variations of firewalls, it is important to know what type and where in the network a firewall is best served for efficient protection. Firewalls do not protect against malicious programs but malicious traffic (CISA, 2023). It is important to understand what firewall is capable of since most come preconfigured.
Reference:
Cybersecurity & infrastructure security agency, (2023) Understanding Firewalls for Home and Small Office Use. https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use.Ring topology has all users connected to one another in a ring style connection. The issue with ring topology is if one node is defective then the whole topology is unable to send data past the defective node, as a signal ring set up sends data in one direction. A work around for this issue would be a dual ring topology. The second ring would provide redundancy and availability, so when one ring fails the other nodes can still receive data via the additional ring.
Partial mesh topology allows for failure in an area of the network and allows for communication between the remaining network, but any other device in the failed sector will not be able to communicate. The better option would be to go full mech so that every device is connected in the network, allowing for fault tolerancing when one device goes down, no other device is affected.
CMMI framework is the Capability Maturity Model Integration is required by the United States Government contracts in software development. Ownership belongs to CMMI Institute and was created at Carnegie Mellon University. This framework is a process level improvement and appraisal program. The CMMI framework is intended to provide and organization qualified individuals who are certified and help secure contracts by best practice training and identifying the strength and weaknesses of a company (CMMI Institute).
ISO 42010 is the International Standards Organization recommended best practice for creation, analysis and continuation of software architecture. This framework focuses on the description of the framework along with definitions of key concepts and terminology. ISO 42010 is the requirements of a frameworks concepts to support the design of a framework (ISO).
Reference:
ISACA (2023) What is CMMI? CMMI Institute. https://cmmiinstitute.com/ISO (2022) ISO/IEC/IEEE 42010:2022 Software, Systems and Enterprise Architecture Description. Internation Standards Organization. https://www.iso.org/standard/74393.html
It is common to see others act as if they are sinless and show ill will to those, they beleive to be sinners. I have no delusions in that I am imperfect and a creature of sin, and I want to be the best support to others who beleive themselves unworthy of God’s grace and help bring them to God’s house, since it is easy to be put down and feeling not welcome by our fellow man.
