CS507 Assignment # 6's Solution

MUST CHANGE IT IN YOUR OWN WORD ___ AS EVERYONE (almost 8000 students) COPIED FROM THIS SITE

VU Help Desk..

www.vusolutions.blogspot.com

______________________________________________

Question # 1

Five major phases to control over the attacks on your online business as follows:

A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data that they are supposed to see. Confidentiality has several different aspects:

• Privacy of Communications
• Secure Storage of Sensitive Data
• Authenticated Users
• Granular Access Control

• Authentication Oracle Standard Edition,
• Oracle Enterprise
• Edition: Passwords,
• Password management
• Oracle Advanced Security:
• Tokens, smart cards,
• Kerberos and so on.
• PKI: X.509 Certificates
• Unauthorized access to data Limit access to data Access control Oracle Standard Edition
• Oracle Enterprise Edition:
• Virtual Private Database

User Responsible for using the system for legitimate purposes, protecting sensitive data to which she has access, and managing her passwords securely. Database Administrator Responsible for creating and administering database users, granting system and object privileges, and assigning local roles to users. Operating System Administrator Responsible for maintaining the underlying security of the operating system. Network Administrator Responsible for ensuring the security of data in transmission. Application Administrators Responsible for deploying applications in such a way as to ensure security. Trusted Application Administrator Responsible for creating and administering users of trusted applications, and their associated privileges. Enterprise Security Manager Responsible for maintaining the security of the directory and for implementing centralized enterprise user security.

Question # 2

WHAT IS ENCRYPTION?

Encryption is the process used to hide our data, or the contents of a message, from prying eyes throughout the internet. During transmission (such as through a secure socket layer), the data is disguised using codes so that no one along the chain of networks that the data passes though to get to its source can understand the information being sent. When the data arrives at its destination, it is decrypted to reveal the information being transmitted. Called encryption and the process of revealing the data from its encrypted form is called decryption. Both of these are common techniques used in cryptography - the scientific discipline behind secure connections. The processes are done using mathematical logic, or algorithms.

However, it is very difficult to keep the logic behind any given algorithm truly secret, so it's prudent to also rely on alternative forms on protection for your data. Algorithms will keep your information private from anyone not interested in exerting the effort to decode the data, but encryption won't always hide your personal information from a highly motivated hacker.

HOW ENCRYPTIONS WORKS?

Encryption is the conversion of data into a form, called a cipher text, which cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. The use of encryption/decryption is as old as the art of communication. In wartime, a cipher, often incorrectly called a code, can be employed to keep the enemy from obtaining the contents of transmissions. (Technically, a code is a means of representing a signal without the intent of keeping it secret; examples are Morse code and ASCII.) Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling" of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital signals. In order to easily recover the contents of an encrypted signal, the correct decryption key is required. The key is an algorithm that undoes the work of the encryption algorithm. Alternatively, a computer can be used in an attempt to break the cipher. The more complex the encryption algorithm, the more difficult it becomes to eavesdrop on the communications without access to the key. Encryption/decryption is especially important in wireless communications. This is because wireless circuits are easier to tap than their hard-wired counterparts. Nevertheless, encryption/decryption is a good idea when carrying out any kind of sensitive transaction, such as a credit-card purchase online, or the discussion of a company secret between different departments in the organization. The stronger the cipher -- that is, the harder it is for unauthorized people to break it -- the better, in general. However, as the strength of encryption/decryption increases, so does the cost. In recent years, a controversy has arisen over so-called strong encryption. This refers to ciphers that are essentially unbreakable without the decryption keys. While most companies and their customers view it as a means of keeping secrets and minimizing fraud, some governments view strong encryption as a potential vehicle by which terrorists might evade authorities. These governments, including that of the United States, want to set up a key-escrow arrangement. This means everyone who uses a cipher would be required to provide the government with a copy of the key. Decryption keys would be stored in a supposedly secure place, used only by authorities, and used only if backed up by a court order. Opponents of this scheme argue that criminals could hack into the key-escrow database and illegally obtain, steal, or alter the keys. Supporters claim that while this is a possibility, implementing the key escrow scheme would be better than doing nothing to prevent criminals from freely

Question # 3

Integrate Risk Management with WATER FALL MODEL:

Enterprise risk management deals with risks and opportunities affecting value creation or preservation, defined as follows: Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

The definition reflects certain fundamental concepts. Enterprise risk management is:

1. Effected by people at every level of an organization
2. Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk
3. Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
4. Able to provide reasonable assurance to an entity’s management and board of directors
5. Geared to achievement of objectives in one or more separate but overlapping
   
   

Everyone in an entity has some responsibility for enterprise risk management. The chief executive officer is ultimately responsible and should assume ownership. Other managers support the entity’s risk management philosophy, promote compliance with its risk appetite, and manage risks within their spheres of responsibility consistent with risk tolerances. A risk officer, financial officer, internal auditor, and others usually have key support responsibilities.