All posts by : chebby

 My task for this assignment is to use two different SCA tools “Snyk” and “Dependency-Check” to find vulnerable dependencies in open-source projects. Each tool requires a different setup method that can be found in the online documentation of the tool. You are required to follow the instructions in the online documentation to set up the environment, perform a scan, and prepare reports in a useful format. The ability to use online documentation is part of this assessment.

Required Tools

• Ubuntu Linux VM
• Snyk
• Dependency-Check

Part 1

For Part 1 of this assignment, you will be using Snyk to scan a customized ”Gemfile.lock” file (also attached below) that contains a list of modules used by an open-source Ruby application and identify vulnerable dependencies. Snyk is a security tool that enables you to find and fix known vulnerabilities in open-source software. Watch this video to learn more about Snyk:

• Create a free account with Snyk
• Setup Snyk CLI on your Linux VM. For instructions, check the “CLI – Installation” page. 
• Create a directory called “CYB505-Snyk” and copy ”Gemfile.lock” there.
• Change to the newly created directory and run a test using Snyk CLI (refer to installation documentation for more details).
• Login back to Snyk portal and observe the results. A new project should have been created by executing the test from the CLI. It will show you a summary of the findings. Clicking on the project name takes you to the finding details.
• Summarize the findings in the format of a report. See the “Deliverables” section below.

 Part 2

For Part 2, you will be using Dependency-Check, which is an open-source SCA tool from OWASP.  You are required to install this tool on your Linux VM and run a test on another open-source tool from OWASP, Juice Shop.

To complete Part 2 of the assignment, follow the instructions:

• Create a folder on your Linux VM called “CYB505-DC”.
• Download OWASP Juice Shop (if you have not already done so for Discussion 7.1). Unzip and copy it to the newly created folder.
• Download OWASP Dependency Check binaries zip file from the following link: https://bintray.com/jeremy-long/owasp/dependency-check under downloads.
• Extract the zip file and look for the executable script called “dependency-check.sh” in the bin folder.
• Run the scan and output the results into an HTML file. Use the command help option(“.dependency-check -h”) for guidance. Hints: Check out -f and -o arguments and ensure that your command line is in the directory with the .sh file.
• Summarize the findings in the report format. See the “Deliverables” section below.

Deliverables

Submit a zip file that contains the following three files:

1. A single assessment report PDF file that contains findings from both scans. The report should include:

• An executive summary that summarizes the findings for the upper-management audience using limited technical knowledge.
• Findings
  • Vulnerability overview
  • Detailed dependencies paths
  • Risk rating
  • Remediation recommendations
  • Your analysis of the proposed remediation method, ONLY for “High” rated findings. I.e., if it is possible to do, what are the challenges, etc.
• You are free to choose the report format and headings, but points are allocated for a professional-looking, industry-standard level report. The report should be readable and eye-catching, yet accurate and informative for the technical audience.
• PDF export of the Snyk report
• PDF export of the Dependency-Check HTML report.

Length: Minimum of 600 words

This assignment should be in APA format and have to include at least two references.

Chapter 3 – Quiz 3

Instructions:  There are two (2) topic areas listed below that are designed to measure your knowledge level specific to learning outcome (LO 3) shown in your course syllabus.  Please provide appropriate responses in essay form for both.  In most cases the topic area has several components. Each must be addressed to properly satisfy requirements.

Pay attention to what you are being asked to do (see Grading Rubric below). For example, to describe does not mean to list, but to tell about or illustrate in more than two or three sentences, providing appropriate arguments for your responses using theories discussed in our text.  Be sure to address all parts of the topic question as most have multiple parts. A verifiable current event (less than 4 years old) relevant to at least one of the topics you respond to is a fundamental component of your quiz as well.  You cannot use information from the text book or any book/article by the author of the text book as a current event.  Make sure that your reference has a date of publication.  For each chapter quiz and final quiz you are required to find and include at least one reference and reference citation to a current event less than 4 years old (a reference with no date (n.d.) is not acceptable) in answer to at least one question.  This requires a reference citation in the text of your answer and a reference at the end of the question to which the reference applies.  You must include some information obtained from the reference in your answer.  The references must be found on the internet and you must include a URL in your reference so that the reference can be verified. 

You should type your responses directly under the appropriate question. Be sure to include your name on your quiz. Only the first two (2) questions with answers will be graded.   Include your name in the document filename. Your completed quiz must be uploaded into the appropriate eCollege Dropbox, no later than 11:59pm on the due date.  Do well.

1. Based on what you have learned in this chapter and using appropriate components, properly construct an argument to: (1) support or refute the view that all undergraduate students should be required to take a course in cyberethics; and (2) apply the seven steps (in Section 3.8) to your argument.  Please elaborate (beyond a yes or no answer) and provide your rationale in support of your responses (comprehension)

2. Using appropriate components construct an argument for or against the view that privacy protection should be improved in e-commerce transactions.  Next evaluate your arguments against the rules for valid, inductive, and fallacious arguments.  Does your argument contain any of the common or “informal” fallacies discussed in Section 3.9?  If so, elaborate. Please elaborate (beyond a yes or no answer) and provide your rationale in support of your responses (knowledge)

Grading Rubric for Quizzes

Grading criterion                                                                                          Unit Points           Total Points

Uploaded to correct Dropbox                                                                            2                            2

Submitted on time                                                                                            15                          15

Document Filename:

Your Last Name,first and middle initial with correct quiz number                   5                            5

(Example only: Creider_RD_q1)

Rationally expressed opinions, experiences (personal or observed),                  8

arguments and premises (where appropriate) to support responses

(did not simply restate/summarize author/textbook

Clearly presented classical ethics theories relative to topic                                8

Included ‘URL’ for appropriate verifiable current event                                 12                          28

(i.e., example of topic being discussed WITH EXPLANATION)

NOTE: Must be less than 4 years old

Grammatically correct and appropriate tone                                10

(professional, non offensive language)

Typographically correct                                                               10                     20

Included full citations as needed                                                    3

Used correct APA format                                                               7                     10

Addressed each item within selected topic area                           20                     20

Maximum grade                                                                         100                   100

Evaluate the history of the Data Encryption Standard (DES) and then how it has transformed cryptography with the advancement of triple DES.  The initial post must be completed by Thursday at 11:59 eastern.  You are also required to post a response to a minimum of two other students in the class by the end of the week.  You must use at least one scholarly resource.  Every discussion posting must be properly APA formatted. 

What are the various technologies employed by wireless devices to maximize their use of the available radio frequencies? Also discuss methods used to secure 802.11 wireless networking in your initial thread.

Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following:

• Ask an interesting, thoughtful question pertaining to the topic
• Answer a question (in detail) posted by another student or the instructor
• Provide extensive additional information on the topic
• Explain, define, or analyze the topic in detail
• Share an applicable personal experience
• Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA 7)
• Make an argument concerning the topic.

At least two scholarly source should be used in the initial discussion thread. Use proper citations and references in your post.

Discussion Topic

There are common home network problems that you need to explore in your discussion response. Several common issues are:

• Your home network cannot reach certain areas of your home.
• Devices cannot see each other on the network.
• Devices cannot get on the Internet.
• Devices cannot join the network.
• Your home network is slow.
• Your home network connections drop occasionally.
• Your home network is not secure.

In your original post, pick a common issue above, and answer the following questions:

• Choose a networking troubleshooting  approach; there are several in the text. Feel free to cover another that  is not listed in the text, as long as it is a suitable network  troubleshooting approach.
• Why did you choose this networking troubleshooting approach?  
• Take your networking troubleshooting  approach, and apply it to the issue you chose. Summarize the steps you  would take to troubleshoot the issue. 

• Distinguish among character, block, and stream ciphers.
   
• Specify when to use each.
• 5 pages.

Note: Remember to cite any sources you use,  including your textbook, using the Strayer Writing Standards format. For  assistance and information, please refer to the Strayer Writing  Standards link in the left-hand menu of your course.

For the topic ‘How Oracle 12c advances the security discussion’, consider that topic as assigned to you by the Chief Information Security Officer (CISO) of your company, Vandelay Industries, to present to the technology leadership of your firm. For example, if you select “NIST Database Security Framework”, the CISO wants you to present that to the technology leadership (CTO, CIO etc.) of the firm with the expectation that the framework will be put into place within the firm. 

3. Research the topic and develop the following presentation:

• A minimum of 15 well-crafted MS Powerpoint slides that fully explain the topic at hand. Please be creative and use visuals etc. Remember, you’re presenting this to executives that need to digest this information and may not be technical. 
• A written step-by-step technical implementation guide (STIG) for the firm to effectively put the new item/issue into place and/or mitigate the issue if applicable. This could be a bulleted step-by-step plan. I will leave the length up to you, but please ensure you are covering everything that needs to be covered on the topic you’ve selected. This should be done within a MS Word document. 

4. How you will be graded:

• Points total for the final project is 200. 
• 50% of the points will be related to how well you’ve researched the topic for the presentation. 
• 20% of the points will be related to how creative and dynamic your presentation is. 
• 20% of the points will be related to your technical implementation guide and how well that is put together. 
• 10% of the points will be related to your use of references, organization, grammar, etc. , consider that topic as assigned to you by the Chief Information Security Officer (CISO) of your company, Vandelay Industries, to present to the technology leadership of your firm. For example, if you select “NIST Database Security Framework”, the CISO wants you to present that to the technology leadership (CTO, CIO etc.) of the firm with the expectation that the framework will be put into place within the firm. 

3. Research the topic and develop the following presentation:

• A minimum of 15 well-crafted MS Powerpoint slides that fully explain the topic at hand. Please be creative and use visuals etc. Remember, you’re presenting this to executives that need to digest this information and may not be technical. 
• A written step-by-step technical implementation guide (STIG) for the firm to effectively put the new item/issue into place and/or mitigate the issue if applicable. This could be a bulleted step-by-step plan. I will leave the length up to you, but please ensure you are covering everything that needs to be covered on the topic you’ve selected. This should be done within a MS Word document. 

Choose one of the following terms for their research for Journal Article Summary:

authority, competition, confrontation, dependency, empowerment, inter-group conflict, negotiation, organizational politics, power, or rational model. 

Instructions:

Journal Article Summary & Discussion:

Within each module, there is a list of key terms. Select one of the key terms and conduct a search of Campbellsville University’s online Library resources to find 1 recent peer reviewed article (within the past 3 years) that closely relate to the concept.

Your submission must include the following information in the following format:-

DEFINITION: a brief definition of the key term followed by the APA reference for the term; this does not count in the word requirement.

SUMMARY: Summarize the article in your own words-this should be in the 150-200-word range. Be sure to note the article’s author, note their credentials and why we should put any weight behind his/her opinions, research or findings regarding the key term.

Make sure to write the information on the author’s credential and why we should place any weight on this author’s writings

DISCUSSION: Using 300-350 words, write a brief discussion, in your own words of how the article relates to the selected weekly reading assignment Key Term. A discussion is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.

REFERENCES: All references must be listed at the bottom of the submission–in APA format.

Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.

Assignment Instructions: (USE REFERENCES PROVIDED ON ATTACHMENT)

In your own words, explain the concept of the Executive Dashboard. How would a poorly constructed Executive Dashboard impact the business?

Describe how you would build an effective analytics program – describe competitive intelligence tips and best practices.

In your own words, describe what is meant by the trinity mindset. How does the trinity mindset impact the Executive Dashboard and contribute to an effective program?

Word Doc, 500 words or more, and use APA references in support of your answers.

***For references please check attachment.