All posts by : chebby

1. How do the different views look at the problem of objectivity?

This is a required assignment worth 75 points (75-points/1000-points). Assignment must be submitted by the due date. No late assignments are allowed. Please discuss the following topics and provide substantive comments to at least two other posts. Select from the following list four (4) topics and discuss. Use only 50-words max per topic to discuss and present your answer.  The discussion questions this week are from Chapter’s 1 & 2  (Jamsa, 2013).Chapter 1 topics:

• Define and discuss cloud computing.
• Discuss how cloud computing has changed how companies budget for software solutions.
• Compare and contrast SaaS, PaaS, and IaaS, and provide an example of each.
• Define scalability and discuss how the cloud impacts it.
• List three advantages and three disadvantages of cloud computing.
• Define virtualization and discuss how the cloud impacts it.
• Describe three cloud-based solutions for individuals and three cloud-based solutions for businesses.
• Discuss how Web 2.0 has driven the growth of the web.
• Compare and contrast public, private, community, and hybrid clouds.

Chapter 2 topics:

• Define and describe PaaS
• List the benefits of PaaS
• Describe the potential disadvantages of PaaS
• Describe how a cloud-based database management system differs from an on-site database.
• List the computing resources normally provided with PaaS.
• Assume your company must deploy a .NET solution to the cloud.  Discuss the options available to developers.  Research on the web and estimate the costs associated with deploying a PaaS solution.
• Assume your company must deploy a PHP or Java solution to the cloud.  Discuss the options available to developers.  Research on the web and estimate the costs associated with deploying a PaaS solution.

 1. An annotated bibliography of at least five sources. The annotations must be at least five sentences long.

2. A power point with at least 12 slides not including the title and references addressing the topic IAM Compliance Management  .

3. A 750 word summary on topic IAM Compliance Management 

For the final project, you will be conducting a forensics investigation using one of the following items:

1. A smartphone
2. A network (ideally, a wireless network)

 You may use either for your investigation. However, be aware of legal issues surrounding your data gathering. If you are using any system you do not personally control and have authority to investigate/discover, please get written permission from the owner/operator of the system or refrain from your forensics analysis of that systems and use a personal system. For a network, you can use your own personal home network. For a smartphone, consider using an image from the Internet or a personal device. There could be issues related to using a live, active, personal device (example: corruption of the device). If using a personal device, consider using an old, outdated phone, if available.

 You will review various forensics tools used with your selected system. Select a tool and use that tool to gather forensics data for analysis. You are simulating the process of gathering this data, so you do not need to investigate a compromised device or system. The project deliverables are as follows:

 Week 7 – Prepare an investigative report of the forensics data capture conducted using the tool selected for this purpose. The paper should provide the following information: 

• Executive Summary of your investigation, including a description of the device or systems and the tool used for the forensics analysis
• Step-by-step description you used to gather data for analysis
• Report on the information that was obtainable from the device
• Graphics evidence that you conducted the forensics data gathering and analysis

 The paper should be in a form that would be used for reporting to a court or a law enforcement agency. Be sure to provide graphics evidence of your forensics investigation effort (Screenshots, reports, etc.). References should be in APA format.

Acme Enterprise Scenario Residency Week

Acme Enterprise is a private company that is gearing up for an initial public offering (IPO). Prior to going public Acme must be in compliance with: GDPR, PCI DSS, and SOX. Acme is in the water purification business with new technologies that purify water in any form whether it is sewage, ocean, lake etc. 

Part of its IPO process is to show due diligence and due care. Acme has identified your team to conduct a risk assessment and analysis of its information technology infrastructure to uncover any threats and exposures and provide mitigations and controls to reduce those uncovered threat/exposures, so it can have a successful IPO. 

Using the Network Infrastructure design of the Acme Enterprise you are to assess risk of Acme’s:

1. Perimeter Security

2. Network Security

3. Endpoint Security

4. Application Security

5. Data Security

6. Operations

7. Policy Management

Acme Perimeter Security

Acme is currently protected by two dual Dynamic Stateful Inspection Firewalls that are configured in active and stand by mode. Acme is also configured to use PAT (port address translation) where 200.200.200.1 represents Acme on the public Internet. Acme translates this public IP through its clustered firewall to the internal IP space of 10.100.0.0/16 giving Acme 65334 useable IP addresses. 

As part of Acme’s infrastructure, it also accesses cloud services for its business office tools through Office 365 and uses Dropbox for end user’s storage. Acme uses a web hosting service for its web front end and ecommerce which is connected to a back-end Oracle Database using enterprise MySQL. The database administrators have full access to all database information, but they lack oversight from anyone else. 

There are two DMZ’s, but they are not utilized. 

Network Security

Acme has a collapsed core design which means all internal LAN routing and Internet access occurs on its distribution level devices. This means, wireless access, web proxy access, access control lists and entries are located at this layer of the infrastructure. Currently Acme is using WPA 2 (wireless protected access 2) for is wireless security. The web proxy is configured with the following: General, Limited, and Exclusive Internet access. Each of these categories dictates what type of Internet access an end user will experience if belongs to one of these groups. 

The Local area network uses the IP block in the following way: 10.100.1.0/24 User VLAN, 10.100.2.0/24 Research and Development VLAN.

Current access control lists are permit 10.100.2.0 0.0.0.255, permit 10.100.1.0 0.0.0.255. All other devices use the rest of the unallocated IP block of 10.100.0.0/16. 

Also, all IP space is statically assigned. There is one default route to Internet but users of complain about access to internal services. 

Endpoint Security

There is a mixture of MAC and Windows systems, XP, 7, and 10. JAMF is used to control and monitor MAC systems, the Windows devices rely on its end users to patch and update systems. The current endpoint security is signature-based MacAfee with no centralized control. 

Application Security

DevOps is responsible for secure coding and development of applications, but it has no formal oversight. Policy for application monitoring tracking is adhoc there are no formalized procedures. The server farm houses all applications, the operating systems range from Server 2003 to 2016. Mobile device management, media server, content management, file server, directory services, database, are all the services being offered from the server farm. This server architecture is all hardware based there are no hypervisor systems in place. 

Data Security

Data has not been classified, identity access management relies on one factor authentication; encryption, digital signatures, PKI rely on self-signed certificates, protection in the cloud is also missing and there is a lack of DLP (data loss prevention). Acme does store financial information in its data center as well as personal identifiable information. 

Operations

Information technology is responsible for security however there is a security team under the IT department. The Chief Information Security Officer reports to the Chief Information Officer. 

Policy Management

Acme has one Information Security Policy that addresses its information security architecture and program. It is not based on any of the existing information security management frameworks such as: IS0 27002, NIST CSF, or COBIT 5. 

You are going to conduct a risk assessment on Acme Enterprise using the risk assessment concepts we have learned about thus far. Each of the areas of the infrastructure mentioned above is where you will concentrate your assessments. After you have completed your risk assessment, you will then provide recommendations for each area that you assessed to reduce risk, exposure, and threat. Also, as part of your final submission demonstrate through a redesign where your mitigations will take place within the architecture. You can use the image below as guide for your risk analysis of each area.

PPT:

 Develop an 8 to 10 slide PowerPoint presentation with notes to summarize your written assignment. Be careful not to copy and paste excerpts exclusively from your written assignment 

1. Research 14-1 – Application security or penetration testing methodology.   APA formatting is expected.  Research various application security testing or penetration testing methodologies.  Compare and contrast the pros and cons of each methodology and recommend your preferred approach. 
2. By submitting this paper, you agree: (1) that you are submitting your paper to be used and stored as part of the SafeAssign™ services in accordance with the Blackboard Privacy Policy; (2) that your institution may use your paper in accordance with your institution’s policies; and (3) that your use of SafeAssign will be without recourse against Blackboard Inc. and its affiliates.

Description: The university maintains course schedules at http://appsprod.tamuc.edu/Schedule/Schedule.aspx for different semesters (spring, fall, winter, etc ). You will develop a Python program to dynamically complete certain tasks, such as list, find, sort, and save, in course listings from schedule portal. You will mainly use “request” and “BeautifulSoup” libraries (or similar, see exercise 12.1). The program will operate at different level: Semester and Department.  Your program will be a menu based application. Assume that you project file is myproject.py. Once you run, it will show last 5 semester (fall, spring, summer only, (not winter, may mini))

> python myproject.py
Choose a semester: 1) Sprint 2021   2)Fall 2020  3)Summer II  4)Summer I 5)Spring 2020 
Selection: 2

Here, your program will parse the data from website and show only last (most recent) 5 semesters. User will make selection, then, you will show departments for the selected semester (Fall 2020). Note that selected semester is visible before a “>” sign.

Fall 2020> Select a department:
1) Undeclared
2) Accounting and Finance
3) Art
4) Ag Science & Natural Resources
…
…
30) Social Work
31) Theatre
Q)Go back

Selection: 3

Fall 2020> Art > Select an option:
1) List courses by instruction name
2) List courses by capacity
3) List courses by enrollment size
4) List courses by course prefix
5) Save courses in a csv file
6) Search course by instruction name
7) Search courses by course prefix
Q)Go back
Selection: ??

Here, your program will parse the data from website and show all available department then list of tasks. Q (go back) option will take user to previous level. 

Course listing output should show the following fields. For instance for course listing for “Fall 2020> Computer Science & Info Sys> List the course by prefix ” should show

PrefixIDSecNameInstructorHoursSeatsEnroll.COSC130101WIntro to CompuLee, Kwang33510COSC143601EIntro to Comp Sci & ProgBrown, Thomas44036COSC143601LIntro to Comp Sci & ProgBrown, Thomas4036COSC143601WIntro to Comp Sci & ProgHu, Kaoning44543COSC143602EIntro to Comp Sci & ProgHu, Kaoning43532

as first 5 rows.

You will follow above headers and order (prefix (col. width 6), ID (5), Sec (5) ,Name (25), Inst (20), Hours (5), Seats (5), Enroll. (7) ) for other listing selections too. Data cell should be aligned with column header and left justified. A course name should not have a word more than 5 chars. For instance Algorithms should be abbreviated as “Algor”. The length of course name will not exceed 25 chars. In option 5, the above format should be used to save a listing to a file as .csv format. User will be able to provide a filename for csv file.

For this program you need to develop at least one class (chapter 10) with (possible) many methods.

(1). FORENSIC DESIGN ASSESSMENTS

This task relates to a sequence of assessments that will be repeated across Chapters 6, 7, 8, 9 and 10. Select any example of a visualisation or infographic, maybe your own work or that of others. The task is to undertake a deep, detailed ‘forensic’ like assessment of the design choices made across each of the five layers of the chosen visualisation’s anatomy. In each case your assessment is only concerned with one design layer at a time.

For this task, take a close look at the data representation choices:

1. Start by identifying all the charts and their types
2. How suitable do you think the chart type choice(s) are to display the data? If they are not, what do you think they should have been?
3. Are the marks and, especially, the attributes appropriately assigned and accurately portrayed?
4. Go through the set of ‘Influencing factors’ from the latter section of the book’s chapter to help shape your assessment and to possibly inform how you might tackle this design layer differently
5. Are there any data values/statistics presented in table/raw form that maybe could have benefited from a more visual representation?

Assignment Link: http://book.visualisingdata.com/chapter/chapter- 6

EXPERT KINDLY MENTION “” ARDUNIO IN PYTHON”

This is the Practical Connection Assignment for this course. The purpose of this assignment is to help connect the concepts learned in this course to real-world situations that you may face as an IT professional.

For this assignment, you will write an essay addressing the applications and implications of a law or regulation discussed in this course to the conduct of your duties as an Information Technology professional. Your essay should address the following.

• a definition and overview your selected law or regulation
• consideration of the duties of an Information Technology professional
• an analysis of the application of that law or regulation in the context of the identified duties
• a reference page(s)

To complete this assignment, upload a Microsoft Word document (.doc or .docx) that contains your complete paper. This is not a formal paper, but should maintain scholarly tone and rigor, and you MUST cite your references in the body of the paper using APA in-text citation format. A source is any paper or article that you will reference in your paper. If you need more information on APA format (for references list AND in-text citations), visit this reference: https://owl.english.purdue.edu/owl/resource/560/01/

This assignment must be YOUR OWN WORK!  This is an individual assignment. Plagiarism detected in your work will be addressed as discussed in the plagiarism section of the syllabus. 

Here are a few details about the overall research paper.

• Your paper does not require a Title page.
• Your paper must include a Reference page.
• Your paper should NOT include an abstract.
• Your paper must include a minimum of 4 peer-reviewed resources (articles or papers)
  • Cited sources must directly support your paper (i.e. not incidental references)
• Your paper must be at least 500 words in length 
  • Reference pages are NOT included in calculating the paper length. (Neither are Title pages or abstracts if present).

If you are not sure how to identify peer-reviewed papers or articles, please visit the following resources:

http://diy.library.oregonstate.edu/using-google-scholar-find-peer-reviewed-articles
http://libguides.gwu.edu/education/peer-reviewed-articles