User Account

All Pages

What is the definition of security accountability

Assignment Help Management Information Sys
Reference no: EM132117085

DFSC 5325 Organizational System Security

Questions

1. What is the definition of Security Accountability? Make sure to briefly explain the security goals and requirements. 

2. Answer the following questions about accountability in an organization.

a) What is a basic rule to minimize the potential risk as far as collecting information from consumers is concerned?

b) What is the main responsibility of an Information Security Officer (ISO)?

c) What are some of the challenges that an ISO may be facing in a corporation?

3. Which act aims to protect the privacy of consumers' personal financial information? According to this act, are consumers made aware of the privacy policies that financial institutions follow? Are financial institutions allowed to disclose consumer's personal financial information to a nonaffiliated third party?

4. What is the counterpart of the GLB act in health systems? What is main purpose of this act?

5. The HIPPA security standard requires four key areas that the entities covered must address. Briefly discuss these four areas and especially discuss how security accountability can be implemented through compliance to the standard. In answering this question, you might want to link these area(s) to the security goals and requirements of Security Accountability.

6. Suppose you are involved in a project to design the security model for a very large company (e.g. an international investment bank) where there may be frequent changes to the company infrastructure (e.g. through merger or expansion) and users (e.g. due to hiring, firing, transfers, etc.), and you were given the instructions to increase productivity, lower the administrator's workload as well as the administrator to enduser ratio, which security access control model (MAC, DAC, or RBAC) would you use?

Justify your answer by discussing the pros and cons of each model, introduce the elements and relationships among elements of the model you prefer, and discuss why it will fit well in the above scenario. You should provide a detailed, thorough answer.

7. According to Michael Butler, the author of "Extending Role Based Access Control", what is the major drawback of RBAC when it comes down to implementation in operating systems?

8. Do some research to find out what protection mechanism is implemented by Fedora Linux that disallows executing code stored in the stack? Next, list a security feature implemented by the latest GCC compiler (Gnu C Compiler) and by the bash shell to prevent buffer overflow attacks. Why would such protection mechanisms be required?

9. Which statement in the C program "bufferVul.c" below has a buffer overflow vulnerability and why? Can you "patch" this vulnerability? Perhaps, it is a good idea to briefly go through Aleph One's "Smashing The Stack For Fun And Profit" .

//bufferVul.c
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int someFunction(char *str)
{
char buffer[12];
strcpy(buffer, str);
return 1;
}

10. Read about the return-to-libc attack and briefly describe how one might use the return-to-libc attack to obtain root privileges on a victim machine?

11. Almost everybody seems to agree that WEP has been "completely" broken and is consequently insecure. I'd like you to explain in very simple terms the implementation mistakes in the RC4 stream cipher used by WEP that led to this insecurity.

What can you tell me about the current state of security for WPA (TKIP) and WPA2 (CCMP/AES)? Which wireless encryption protocol do you use in your home network?

Reference no: EM132117085

Questions Cloud

Describe the hashing security mechanism : Describe the hashing security mechanism and how it is different from the encryption mechanism.
Discussion of target market alternatives for new commodore : HC2022 Market Research Assignment - A discussion of the target market alternatives for the new Commodore. Recommend one
Design a system to measure and record the costs : Managing Financial Principles and Techniques - Describe one other investment appraisal technique the company might have used and discuss why
What price should the bonds sell for : The bonds pay semi-annual coupon payments at a coupon of 8%. The yield to maturity (YTM) on these bonds is 9%. What price should the bonds sell for?
What is the definition of security accountability : What is the definition of Security Accountability? Make sure to briefly explain the security goals and requirements.
What is the default risk premium : Keys Corporation's 5-year bonds yield 5.10% and 5-year T-bonds yield 4.40%. The real risk-free rate is r* = 2.5%, the inflation premium for 5-year bonds
Employer right to exercise control of employees work life : An employer’s right to exercise control of employees’ work life is often dictated in a company code of conduct, employee handbook or policy.
Period for determination of the time value of money : You may choose any period as the base period for determination of the time value of money. Provide your work in detail and explain.
Amount of additional funds : If all assets and current liabilities are expected to grow with sales, what amount of additional funds will Wind Em need from external

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd