Wednesday, January 11, 2012
CS507-Information Systems assignment 4 solution
Q.1 What are the problems that system engineers face while designing a secure information system?
[5 marks]
Solution
(Put your email at Subscription option to get solution in your email box)
A. Natural Disasters
Natural disasters, such as floods, lightning, brown-outs, fire and earthquakes, are the most obvious security problems for most organizations. Since the source of these problems is generally uncontrollable, one must plan for the possibility. Physical location of computer systems, control of
electrical surges or spikes and clean fire suppression methods are possible techniques to discuss when dealing with this topic. A pre-defined disaster plan, including appropriate off-site backup, helps to avoid regret.
B. Accidental Problems
Many threats to a system result from unintentional errors created either by a user or by the system itself. Examples include the accidental disclosure of data, inadvertent modification or destruction of data, faulty software that may produce incorrect data, residual data left in the system and that may contaminate new data, and wrong parameters that get passed inappropriately. The most common forms of accidental threats are employee mistakes. On-going training programs, both formal and informal, can help prevent many of these problems.
Malicious threats are deliberate attempts to circumvent or defeat the system’s protection mechanisms, or exploit weaknesses in such mechanisms. A trapdoor is a “special element that when inserted in a program or system allows the intruder to bypass protective features safeguarding the secure functioning of a system.” The Trojan horse technique of penetration “consists of supplying the computer with what is perceived appropriate and acceptable information, but in reality contains secret instructions for unauthorized behavior.”
Q2. How security vulnerabilities can be over come by using the technique presented by the authors?
[5 marks]
Solution
Security center carries out distribution of vulnerability related information. It conducts analysis, establish countermeasures, provides PR documents, materials and develop support tools to counter vulnerability.
Collection / Analysis of Information on Vulnerabilities, Analysis of Attacking Methods
Information on vulnerability and attack methods released via the Internet is collected for the purposes of various research, verification, and evaluation of the impact.
Reduction of Vulnerabilities
For the development of safe software, our compilation of know-how titled, "A Secure Programming Course," is presented on our website. Furthermore, research, study, and the development of technology and supporting tools are carried out to reduce the vulnerabilities.
Report / analysis of Vulnerability-related information, and reports of spreading of countermeasures for vulnerabilities.
IPA operates “Information Security Early Warning Partnership” for vulnerability-related information distribution in cooperation with JPCERT Coordination Center (JPCERT/CC), and other related organizations/bodies.
IPA co-operates the JVN portal site, with JPCERT/CC, which provides the action status being taken by the vendors for the vulnerability which has been uncovered, and distributes countermeasure when it becomes available.
[5 marks]
Solution
(Put your email at Subscription option to get solution in your email box)
A. Natural Disasters
Natural disasters, such as floods, lightning, brown-outs, fire and earthquakes, are the most obvious security problems for most organizations. Since the source of these problems is generally uncontrollable, one must plan for the possibility. Physical location of computer systems, control of
electrical surges or spikes and clean fire suppression methods are possible techniques to discuss when dealing with this topic. A pre-defined disaster plan, including appropriate off-site backup, helps to avoid regret.
B. Accidental Problems
Many threats to a system result from unintentional errors created either by a user or by the system itself. Examples include the accidental disclosure of data, inadvertent modification or destruction of data, faulty software that may produce incorrect data, residual data left in the system and that may contaminate new data, and wrong parameters that get passed inappropriately. The most common forms of accidental threats are employee mistakes. On-going training programs, both formal and informal, can help prevent many of these problems.
Malicious threats are deliberate attempts to circumvent or defeat the system’s protection mechanisms, or exploit weaknesses in such mechanisms. A trapdoor is a “special element that when inserted in a program or system allows the intruder to bypass protective features safeguarding the secure functioning of a system.” The Trojan horse technique of penetration “consists of supplying the computer with what is perceived appropriate and acceptable information, but in reality contains secret instructions for unauthorized behavior.”
Q2. How security vulnerabilities can be over come by using the technique presented by the authors?
[5 marks]
Solution
Security center carries out distribution of vulnerability related information. It conducts analysis, establish countermeasures, provides PR documents, materials and develop support tools to counter vulnerability.
Collection / Analysis of Information on Vulnerabilities, Analysis of Attacking Methods
Information on vulnerability and attack methods released via the Internet is collected for the purposes of various research, verification, and evaluation of the impact.
Reduction of Vulnerabilities
For the development of safe software, our compilation of know-how titled, "A Secure Programming Course," is presented on our website. Furthermore, research, study, and the development of technology and supporting tools are carried out to reduce the vulnerabilities.
Report / analysis of Vulnerability-related information, and reports of spreading of countermeasures for vulnerabilities.
IPA operates “Information Security Early Warning Partnership” for vulnerability-related information distribution in cooperation with JPCERT Coordination Center (JPCERT/CC), and other related organizations/bodies.
IPA co-operates the JVN portal site, with JPCERT/CC, which provides the action status being taken by the vendors for the vulnerability which has been uncovered, and distributes countermeasure when it becomes available.
For more detail Please follow the below links
http://www.ipa.go.jp/english/security/third.html
http://www.ipa.go.jp/security/english/first.html
http://www.ipa.go.jp/security/english/third.html
http://www.ipa.go.jp/english/security/third.html
http://www.ipa.go.jp/security/english/first.html
http://www.ipa.go.jp/security/english/third.html
SHARE THIS POST
Author: Mohammad
Subscribe to:
Post Comments (Atom)
Posts
0 $type={blogger}:
Thank you for your visit.