The Highest Prioritized Risks for a Bank

/in /by

What are the Highest Prioritized Risks for a Bank(Chase), please list 4, and answer each question. Your position will be a CISO.

  • Potentially Impacted Asset(s)
  • Threat or Threat Actors
  • Vulnerability(ies)
  • Impact if Realized
  • Duration of active risk

Please don’t copy answers

Why is Cyberterrorism difficult to define?

/in /by

Why is Cyberterrorism difficult to define? Many cybersecurity professionals believe the likely application of “cyber terrorism” to be an asymmetric attack against some portion of this nation’s critical infrastructure. Which critical infrastructure do you think to be a likely target and why? Who should be responsible for protecting that infrastructure, and why? Would this vary based on whom the attacker is—a state actor, a non-government organization, or an individual?

Information security practices

/in /by

What is the standard of good practice or “the gold standard” of information security practices? How do organizations measure the effectiveness of best practice information security practices and IT Risk Management measures?

Level of security risk

/in /by

What level of security risk do you estimate for the following threat-asset matrix entries for the ACME Software Company

Question 1
C, PD – Confidentiality of Product Development. This includes disclosing information, tools, systems and data related to product development such as source code, documentation, and tool information to unauthorized individuals or groups.

High

Medium

Low

Microsoft SQL server

/in /by

 MICROSOFT SQL SERVER: Identify the edition. provide a rationale for identifying the server component best for the following business scenarios. (A) Questionable meds pharmaceuticals have been collecting sales data for five years. Sales tremendously increase over the last two years. Jason is asked to look for trends to explain the increase. (B) Jason of questionable med pharmaceuticals must provide sales information to the senior managers on a weekly basis. Senior management has requested that they received the information in the same format and using the same organization each week.

Cryptography and computer security

/in /by

In cryptography and computer security, a man-in-the-middle attack (MITM), is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
(i) Describe how a man-in-the-middle attack may be performed on a Wi-Fi network and the consequences of such an attack.
(ii) Explain how a man-in-the-middle attack on a Wi-Fi network can be defeated.

Security information and event management

/in /by

How to implement a security information and event management (SIEM) solution? What is one methodology for applying security controls to ICSs and SCADA systems? How to implement a SIEM solution for a Water Distribution Facility SCADA system? Please provide three references to help with summarizing the process and the supporting the explanation.

Data Encryption Standard

/in /by

Data Encryption Standard (DES)

Part A:

4.1 Briefly define a nonsingular transformation.

4.2 What is the difference between a block cipher and a stream cipher?

4.3 Why is it not practical to use an arbitrary reversible substitution cipher of the kind

shown in Table 4.1?

4.4 Briefly define the terms substitution and permutation.

4.5 What is the difference between diffusion and confusion?

4.6 Which parameters and design choices determine the actual algorithm of a Feistel

cipher?

4.7 What are the critical aspects of Feistel cipher design?

 

Part B: 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Refer to the above figure. Each group has a different input for “Left”, “Right” and “Round Key” as shown in the following table:

 

 

Group NumberLeftRightRound Key
118CA18ADB8089591194CD072DE8C
25A78E394236779C24568581ABCCE
34A1210F6A9FC20A306EDA4ACF5B5
4B80895912E8F9C65DA2D032B6EE3
5236779C2CF26B47269A629FEC913
6A15A4B87387CCDAAC1948E87475E
72E8F9C6522A5963B708AD2DDB3C0
8A9FC20A3A15A4B873330C5D9A36D
9308BEE975A78E394181C5D75C66D
1010AF9D374A1210F699C31397C91F

 

Each group need to find the value of L1 and R1?

 

Advanced Encryption Standard (AES)

6.1 What was the original set of criteria used by NIST to evaluate candidate AES ciphers?

6.2 What was the final set of criteria used by NIST to evaluate candidate AES ciphers?

6.3 What is the difference between Rijndael and AES?

6.4 What is the purpose of the State array?

6.5 How is the S-box constructed?

6.6 Briefly describe SubBytes.

6.7 Briefly describe ShiftRows.

6.8 How many bytes in State are affected by ShiftRows?

6.9 Briefly describe MixColumns.

6.10 Briefly describe AddRoundKey.

6.11 Briefly describe the key expansion algorithm.

6.12 What is the difference between SubBytes and SubWord?

6.13 What is the difference between ShiftRows and RotWord?

6.14 What is the difference between the AES decryption algorithm and the equivalent inverse cipher?

6.4 Given the plaintext {0F0E0D0C0B0A09080706050403020100} and the key

{02020202020202020202020202020202}:

a. Show the original contents of State, displayed as a 4 * 4 matrix.

b. Show the value of State after initial AddRoundKey.

c. Show the value of State after SubBytes.

d. Show the value of State after ShiftRows.

e. Show the value of State after MixColumns.

Formal risk assessment of the external server

/in /by

As part of a formal risk assessment of the external server in a small Web design company, you have identified the asset "integrity of the organization’s Web server" and the threat "hacking and defacement of the Web server." Assume that their website uses common CGI programs, such as guestbook or blog software, which we know often contain exploitable bugs leading to command injection and/or cross-site scripting attacks. Also, assume that the Web design company’s IT support carefully tracks reports of such bugs and patches when found. Question 17 (4 points) Suggest reasonable values for the items in the risk register for this asset and threat, and provide justifications for your choices. HINT? Refer to the Risk Likelihoods and Consequences Format V B I U V V 3: f + V Threat/Vulnerability hacking and defacement of the Web server Existing Controls (if any) Likelihood value" Justification: Value: Consequence Justification: Level of Risk Value: I Justification:

The issue of cyber safety

/in /by

We continue this week looking at the issues associated with safety and delve further into the issue of cyber safety. As teachers, we have a responsibility to ensure our students are equipped with the skills and awareness of safe practices online. Additionally, you will also be exploring a great online tool, Canva, which hopefully you will see as a useful tool for your future teaching.

Primary Educations

By the middle to upper primary, most of today’s young people are fully fledged internet users. The following paper concludes that there is a “…need for school-based digital learning to move beyond the protectionist discourse of cyber safety in order to address the challenges and opportunities pre-teens face through their everyday use of digital media” (p.62).

  • What is your opinion of this statement?

 

Pangrazio L, Gaibisso LC. Beyond cybersafety: The need to develop social media literacies in pre-teens. Digital education review. 2020;(37):49-63. doi:10.1344/DER.2020.37.49-63