Category: Cyber security

Instructions
In order to complete assignment #3 you will need to answer the below questions. Please complete the questions in a Word document and then upload the assignment for grading. When assigning a name to your document please use the following format (last name_Assignment #3). Use examples from the readings, lecture notes and outside research to support your answers. The assignment must be a minimum of 1-full page in length with a minimum of 2 – outside sources. Please be sure to follow APA guidelines for citing and referencing source. Assignments are due by 11:59 pm Eastern time on Sunday.
Chapter 4
1. Should dissatisfied consumers have the right to establish gripe sties that use the trademark of the offending company in the domain name? How likely is it that consumers will be confused as to the “origin, sponsorship, or approval” of the gripe site by the offending company? Whether or not you think that confusion is likely, should a gripe site be considered to tarnish the targeted company’s trademark and thereby violate the Federal Trademark Dilution Act? Why or why not?
Chapter 5
2. It is common practice for recipients of email messages to sometimes forward those messages to others. Does such forwarding constitute copyright infringement? In your answer, be sure to specify which, if any, of the exclusive rights may have been violated by the act of forwarding and whether the doctrine of fair use applies. What remedies, if any, might a successful plaintiff be able to obtain
3. Read the following laws and standards:
Sarbanes-Oxley and
PCI DSS .
Develop a plan for an imagined “online payment company” to comply with Sarbanes-Oxley law and implement the Payment Card Industry Data Security Standard (PCI DSS)

Instructions
In order to complete assignment #1 you will need to answer the below questions. Please complete the questions in a Word document and then upload the assignment for grading. When assigning a name to your document please use the following format (last name_Assignment #1). Use examples from the readings, lecture notes and outside research to support your answers. The assignment must be a minimum of 1-full page in length with a minimum of 2 – outside sources. Please be sure to follow APA guidelines for citing and referencing source. Assignments are due by 11:59 pm Eastern time on Sunday.
Privacy is a concept that is rapidly evolving in relation to the most public of mediums, the Internet, which became even more super-charged with social networking websites. In a recent California election, one ballot measure, Proposition 8, asked voters a question on marriage. Donors to the Prop 8 campaign found that their names, addresses, and amount of contribution were masked up with Google Maps and thus rendered into a format showing the world a map image of donors’ names, street addresses, and dollar contributions. All this data is public record information already, but still quite inconvenient to access. What are the side effects of this action?

## Assignment
Review the attached “Assignment” document for further information on rubric, requirements and competencies to meet.
Review the attached “TechFite Case Study” for information on the company being investigated. You should base your responses on this scenario.
## INTRODUCTION 
Information security professionals must understand how to apply ethical security principles and processes to their organizations. These standards should define the organization’s specific needs and demands to assure data confidentiality, integrity, and availability. An organization’s employees must be aware of the security challenges it is facing. 
## Task 
Analyze ethical challenges related to information security and develop a training plan for an organization, which will raise awareness of these challenges, convey strategies, and prevent unwanted developments. 

Purpose:
The European Union (EU) has one of the most robust privacy laws in the world.  In 2016 the EU passed the General Data Protection Regulation (GDPR).  This regulation is a comprehensive law that protects the privacy of all citizens that live in the EU.  Further more, this regulation also reaches beyond the countries that make up the EU.  Any organization that resides outside of the EU also has to abide by the GDPR when dealing with citizens living in the EU.  This means that any website that does business with just one individual living in the EU has to be in compliance with certain aspects of the GDPR.
Knowledge: 
This assignment will help you to become familiar with the following important content knowledge in this discipline:  
What the GDPR is
What is protected under the GDPR
What organizations in the US must do to comply with the GDPR
Tasks:
You are a new hire for a company in their compliance department.  One of the first tasks you have been given is to make a new brochure for your programming department.  This brochure should detail what companies in the US need to do to comply with the GDPR.   
Requirements:
Tri-fold brochure
Front and back
Minimum of 6 different sections
Focus on both content and design
List of all references used
Additional Requirements:
Keep in mind that fonts and styles are not always transferable from computer to computer.  To prevent any font or layout issues when uploaded your assignment to CANVAS it is recommended that you convert your brochure to a PDF and upload that file.   
Criteria for Success: 
See grading rubric below
Note: The presentation rubric is used to grade this brochure.  The organization tab mentions that the PowerPoint must have the minimum number of slides.  For this assignment that can be translated to “The tri-fold brochure must contain a minimum 6 different sections.”

See attached file for instructions and my written outline on how I would like the paper to be organzied

FOR THE THREAT MODEL SECTION OF THE PAPER I NEED A GRAPHIC OF A THREAT MODEL CREATED USING MICROSOFT THREAT MODELING TOOL. PLEASE DO NOT IGNORE THIS VERY IMPORTANT STEP.
CHOSEN TOPIC IS CROSS-SITE SCRIPTING AKA XSS
I WILL HANDLE THE COVER PAGE, I JUST NEED YOU TOO HANDLE TO PAPER AND THE WORKS CITED.
Secure Web Application Architecture Design – Final Project
Learning Objectives
Research a secure web application architecture accounting
for application and operating system
vulnerabilities based on the Common Vulnerability Scoring
System (CVSS). The base operating system
will be RedHat Linux, Apache, MySQL, and PHP. Known as the
LAMP stack this development stack will
provide the opportunity to model a real-world secure
architecture.
Note: Include vulnerabilities specific to your topic when
possible. In some cases, the
topic will not have specific web server or operating system
vulnerabilities associated
with it. In those cases, an unrelated vulnerability is
acceptable.
Overall Assignment Requirements
You will be assigned one of the OWASP top ten web
application vulnerabilities as the topic of your final
project.
CHOSEN TOPIC – CROSS-SITE SCRIPTING
Once assigned a topic you research the vulnerability and
provide an overview of the vulnerability
including a threat model on threats associated with your
topic, and finally an applicable ASVS controls
that help secure a web application from your specific
vulnerability. On a more abstract level, design a
secure and resilient application architecture to protect
transactions as they pass through an enterprise
environment. Think of it in eliminating any single points of
failure. For example, a single firewall or
database server would cause a transaction to fail if one of
those components were unavailable.
Report Sections
Include the following sections in your Report:
Introduction
This section will include specific information about your
topic and why it is dangerous.
Vulnerability
This section will focus on the LAMP stack and 2
vulnerabilities from each component of WAMP.
Threat Model
Secure Architecture Design – Final Project
Version 4
This section will contain a threat model showing STRIDE
threats specific to your project topic.
Proposed Resilient Architecture
This section will show a secure and resilient architecture
designed by you to ensure the web
application is available and secure to the users.
Compensating Controls
This section includes ASVS controls applicable to the topic
you were assigned.
Conclusion
Closing thoughts and summary.
Final Project Paper Requirement
Introduce the paper and what it will cover. Research and
provide any vulnerabilities currently available
for the software stack on the web server. Provide a threat
model diagram and associated logic to
support the model. Define a multi-tier, enterprise security
architecture based on a resilient components
that eliminate any single points of failure. Provide
compensating controls that cover a least four ASVS
items relevant to the OWASP vulnerability selected.
Requirements:
• Provide a detailed background on the topic assigned.
• Maximum of two vulnerabilities per system component: OS,
Web Server, Database, and
Language for a total of eight items.
o Example: Linux vulnerability x2 = 2, Apache vulnerability
x 2 = 2, MySQL vulnerability x2
= 2, and PHP vulnerability x2 = 2 for a total of 8 items.
• Complete threat model including at least five STRIDE
threats that can affect the overall system.
• Proposed secure and resilient architecture including
multitier application, security devices,
database, and multiple security zones. You must include
Threat Model and proposed
Enterprise Architecture DIAGRAM in your paper. These are NOT
the same diagram.
• Minimum of four ASVS 4.0 controls to be implemented to
secure the system(s) against the
vulnerabilities discovered.
Secure Architecture Design – Final Project
Version 4
Possible Points
200 Points possible for the assignment (20% of final grade)
• 150 points possible for the paper (final paper submission)
• 50 points possible for the presentation (final
presentation submission)
Required Resources
Any websites, references, or tools discussed in class or
retrieved from research.
Do not copy and paste directly from websites, synthesize the
information in your own words. Any
information found to be directly copied from any public
source without proper citation and reference
will be considered plagiarism.
Submission Requirements
Format: Microsoft Word
Font: Times New Roman, Size 12, Double-Spaced
Citation Style: APA (https://library.cscc.edu/apa)
Length: 4-5 pages not including the title or reference pages
Filename: FLast_FinalAssignment.docx (Example: John Smith |
JSmith_FinalAssignment.docx)

For this assignment, you
must explain how the layers of the cyber domain interrelate.
Submit an MS Word
Document.
Write a 5 page Microsoft
Word document Presentation which includes:
Page (1) Title page,
Page (2) introduction of the topic/assignment, what the document is about, and what the
document will cover.
Page (3) The Body of the
assignment (worksheet each questions research and answers – 75-90 words):
Research and
include your answers inside your MS Word assignment page
Questions to answer Answer each question :Must
be in a question format on this page
1. Is one layer of
the cyberspace domain more important than another? If yes, explain which layer
is the most important. If not, explain why.
2. .What security
threats or risks can impact multiple layers? Explain your answer.
3.     
How can the layers help to manage the security
threats or risks individually?
4.     
How can the layers work collectively for the
same purpose, managing security threats or risks?
5       
Which layer of cyberspace is the most targeted
or vulnerable?
6       
How do culture and ethics play a role in
cyberspace?
Page (4) your
conclusions, take away, or lessons learned, what was the paper
about, what was covered, and
Page (5) List references
cited if used, needed, or required APA Format

In this task, you will choose one case study from the attached “Case Studies” document. You will analyze the case study using the concepts covered in Section 1 of the course (the Iceberg Tool and the Behavior Over Time graph). You will apply the principles and foundational theory of systems thinking to the chosen case study by using the Iceberg Tool to identify the case’s key events, patterns, and underlying structure. Next, you will use the attached “Case Study 1 Graphs” or “Case Study 2 Graphs” for the case study you chose, and you will select the Behavior Over Time graph that best represents the patterns you identified. Finally, you will write an analysis that discusses what the Iceberg Tool and Behavior Over Time graph reveal about the problem in the case study as well as the interconnections among the key events, patterns, and underlying structure of the system.
Note: You must use one of the given case studies and both the Iceberg Tool and the Behavior Over Time graph.
A.   Analyze one of the given case studies from the attached “Case Studies” document by doing the following:
1.  Using the Iceberg Tool, write a summary of the analysis identifying key events, patterns, and the underlying structure that causes the identified events and patterns to occur.
2.  Choose the Behavior Over Time graph that best represents the patterns you identified using the attached “Case Study 1 Graphs” or “Case Study 2 Graphs” for the case study you chose.
a.  Discuss why the chosen Behavior Over Time graph best represents the patterns present in the chosen case study.
3.  Write an analysis that discusses what the Iceberg Tool and Behavior Over Time graph reveal about the problem in the case study as well as the interconnections between the key events, patterns, and underlying structure of the system.
B.  Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
C.  Demonstrate professional communication in the content and presentation of your submission.
If you need anything , please let me know 
The Systems Thinker – Behavior Over Time Diagrams: Seeing Dynamic Interrelationships – The Systems Thinker

PUBA solutions utilize machine learning algorithms and behavioral analytics to detect anomalous behavior and potential insider threats among privileged users. By analyzing user activity patterns, access requests, and system interactions, PUBA tools can identify suspicious activities indicative of credential misuse or unauthorized access.