Monthly Archives: January 2024

In 175 words or more discuss how to make sure systems align with the business objective.

 Write an assembly language program that reads move review information from a text file and reports the overall scores for each movie as well as identifying the movie with the highest total score. There are four movie reviewers numbered from 1 to 4. They are submitting reviews for five movies, identified by the letters from “A” through “E”. Reviews are reported by using the letter identifying the movie, the review rating, which is a number from 0 to 100, and the reviewer’s identifying number. For example, to report that movie B was rated a score of 87 by reviewer 3, there will be a line in the text file that looks like this:

B,87,3

The fields within each record are separated from each other by a comma.

Your program must store the movie review scores in a two-dimensional array (4 rows by 5 columns). Each row represents a reviewer. Each column represents a movie. Initialize the array to zeroes and read the movie review information from a file. After reading and processing the whole file, display a report that shows the total score for each movie and the movie that had the highest total score.

Section 9.4 of our textbook discusses two-dimensional arrays. Section 9.4.2 discusses Base-Index Operands and even contains an example of how to calculate a row sum for a two-dimensional array.

Chapter 11 contains an example program named ReadFile.asm that will show you how to prompt the user for a file name, open a file, read its contents, and close the file when you are done. Look in section 11.1.8, Testing the File I/O Procedures.

Each record in a text file is terminated by the two characters, Carriage Return (0Dh) and Line Feed (0Ah).

Assume that you wish to process a text file named “reviews.txt” that is stored on the “C:” drive in the “Data” folder. If you are using a Windows computer, you have two ways to identify the path to the file’s location:

C:/Data/reviews.txt        OR C:\Data\reviews.txt

Double backslash characters () are needed because a single backslash is defined as being the first part of an escape sequence such as newline (n).

This code can be used to load a reviewer’s score into the array of movie reviews:

; Insert score at reviews[rowIndex][colIndex]

mov      edx,rowSize           ; row size in bytes

    mov      eax,rowIndex         ; row index

    mul      edx                   ; row index * row size

    mov      index,eax             ; save row index * row size

    mov      eax,colIndex         ; load col index

    shl      eax,2                 ; eax = colIndex * 4

    add      eax,index             ; eax contains offset

    mov      edx,score             ; edx = reviewer’s score

    mov      ebx,OFFSET reviews   ; array of review scores

    mov      [ebx + eax],edx       ; Store score for movie

Sample Data for Review.txt

D,84,2

A,90,3

A,87,4

B,35,4

B,100,1

C,75,1

D,84,1

B,87,2

A,0,2

C,25,2

D,45,3

E,35,3

A,90,1

B,100,3

C,75,3

E,35,1

C,78,4

E,35,2

D,100,4

E,0,4

You have just been hired as the Security Manager of a medium-sized Financial Services company employing 250 people in New Hampshire, and have been asked to write two new security policies for this company. The first one is an e-mail policy for employees concentrating on personal use of company resources. The second policy is that of WIFI and Internet use within the company.

There are many resources available on the web so researching these topics and policies should be easy. The most difficult part of this exercise will be determining how strict or how lenient you want to make these policies for this particular company.

Acme Enterprise Scenario Residency Week

Acme Enterprise is a private company that is gearing up for an initial public offering (IPO). Prior to going public Acme must be in compliance with: GDPR, PCI DSS, and SOX. Acme is in the water purification business with new technologies that purify water in any form whether it is sewage, ocean, lake etc. 

Part of its IPO process is to show due diligence and due care. Acme has identified your team to conduct a risk assessment and analysis of its information technology infrastructure to uncover any threats and exposures and provide mitigations and controls to reduce those uncovered threat/exposures, so it can have a successful IPO. 

Using the Network Infrastructure design of the Acme Enterprise you are to assess risk of Acme’s:

1. Perimeter Security

2. Network Security

3. Endpoint Security

4. Application Security

5. Data Security

6. Operations

7. Policy Management

Acme Perimeter Security

Acme is currently protected by two dual Dynamic Stateful Inspection Firewalls that are configured in active and stand by mode. Acme is also configured to use PAT (port address translation) where 200.200.200.1 represents Acme on the public Internet. Acme translates this public IP through its clustered firewall to the internal IP space of 10.100.0.0/16 giving Acme 65334 useable IP addresses. 

As part of Acme’s infrastructure, it also accesses cloud services for its business office tools through Office 365 and uses Dropbox for end user’s storage. Acme uses a web hosting service for its web front end and ecommerce which is connected to a back-end Oracle Database using enterprise MySQL. The database administrators have full access to all database information, but they lack oversight from anyone else. 

There are two DMZ’s, but they are not utilized. 

Network Security

Acme has a collapsed core design which means all internal LAN routing and Internet access occurs on its distribution level devices. This means, wireless access, web proxy access, access control lists and entries are located at this layer of the infrastructure. Currently Acme is using WPA 2 (wireless protected access 2) for is wireless security. The web proxy is configured with the following: General, Limited, and Exclusive Internet access. Each of these categories dictates what type of Internet access an end user will experience if belongs to one of these groups. 

The Local area network uses the IP block in the following way: 10.100.1.0/24 User VLAN, 10.100.2.0/24 Research and Development VLAN.

Current access control lists are permit 10.100.2.0 0.0.0.255, permit 10.100.1.0 0.0.0.255. All other devices use the rest of the unallocated IP block of 10.100.0.0/16. 

Also, all IP space is statically assigned. There is one default route to Internet but users of complain about access to internal services. 

Endpoint Security

There is a mixture of MAC and Windows systems, XP, 7, and 10. JAMF is used to control and monitor MAC systems, the Windows devices rely on its end users to patch and update systems. The current endpoint security is signature-based MacAfee with no centralized control. 

Application Security

DevOps is responsible for secure coding and development of applications, but it has no formal oversight. Policy for application monitoring tracking is adhoc there are no formalized procedures. The server farm houses all applications, the operating systems range from Server 2003 to 2016. Mobile device management, media server, content management, file server, directory services, database, are all the services being offered from the server farm. This server architecture is all hardware based there are no hypervisor systems in place. 

Data Security

Data has not been classified, identity access management relies on one factor authentication; encryption, digital signatures, PKI rely on self-signed certificates, protection in the cloud is also missing and there is a lack of DLP (data loss prevention). Acme does store financial information in its data center as well as personal identifiable information. 

Operations

Information technology is responsible for security however there is a security team under the IT department. The Chief Information Security Officer reports to the Chief Information Officer. 

Policy Management

Acme has one Information Security Policy that addresses its information security architecture and program. It is not based on any of the existing information security management frameworks such as: IS0 27002, NIST CSF, or COBIT 5. 

You are going to conduct a risk assessment on Acme Enterprise using the risk assessment concepts we have learned about thus far. Each of the areas of the infrastructure mentioned above is where you will concentrate your assessments. After you have completed your risk assessment, you will then provide recommendations for each area that you assessed to reduce risk, exposure, and threat. Also, as part of your final submission demonstrate through a redesign where your mitigations will take place within the architecture. You can use the image below as guide for your risk analysis of each area.

PPT:

 Develop an 8 to 10 slide PowerPoint presentation with notes to summarize your written assignment. Be careful not to copy and paste excerpts exclusively from your written assignment 

Question 1

Describe, in your own words, what caused the accidents with Therac-25?

Question 2

Identify and describe 5 communication failures discussed in the article. For each failure, discuss what led to that failure happening and what could have been done to prevent it.

Some of these communication failures are obvious, but some are more subtle. Communications failures include any instance where somebody tried to transmit information to somebody else but couldn’t, regardless of the specifics.

It helps to remember that communication failures are often mediated through systems (i.e. we build things to communicate for us and these can fail to give our message when they should). For example, if I was trapped on a desert island and put a message in a bottle, that’s an attempt at communication. If the bottle sank 5 months later in a storm, that’s a communication failure.

Using the internet, search for an enterprise company (i.e Amazon) that you feel follows this enterprise architecture and consider the implications of each function represented. For each function in this diagram, define the purpose and interaction with other function, give examples. Define and discuss credible attack surfaces for each function, if any. Does the function include interactions with third party systems? If so, should they be trusted at the same level as the internal systems. Discuss threat agents and what targets may be of interest.  

Conceptual Sample Enterprise Architecture (attached diagram): Representations of the business functions and their interrelationships.

Project Report:

•Report should be no less than 10 pages of content. 

•You need to include outside sources and properly cite and reference your sources. 

•You must have at least 10 references, 5 of which must be scholarly peer-reviewed articles. 

•In addition to the 10 pages of content, you will want a title page and a reference sheet. 

•Please ensure to use the proper APA citations.

Report format:

Title Page

Introduction of Company and brief background (Establish date, Location, what makes this company an enterprise, etc.)

Company Architecture (What exactly does this company do…)

Company Functions (define each function that relates to the company)

Function Integration (how/if the functions integrate with other functions)

Discuss Credible Attack Surfaces for the functions 

Discuss interactions with 3rd party systems and trust levels

Discuss Threat agents and targets

Your thoughts/improvements/gaps, etc.

Conclusion

References

attached-presentation format

Examine the survey results downloadable from the link below. Choose one of the items, determine the descriptive statistic that is reported, and indicate what it means. For example, “What is the highest level of education of this group?” (Please do not repeat the same topic as your classmates.)

Please find the attached.

Task 1 : –  In 150 words comment on attached two presentations  reflecting on your own experience, challenging assumptions, pointing out something new you learned, and offering suggestions. 

Task2 : –   Write an essay of at least 450 words discussing discussing how a blockchain implementation would improve data security in a military, education, or other context. 

For this project, select an organization that has leveraged Data Mining technologies in an attempt to improve profitability or to give them a competitive advantage.

Research the organization to understand the challenges that they faced and how they intended to use Data Mining to overcome their challenges. The paper should include the following sections each called out with a header.

• Company Overview: The section should include the company name, the industry they are in and a general overview of the organization.

• Challenges: Discuss the challenges that limited their profitability and/or competitiveness and how they planned to leverage Data Mining to overcome their challenges.

• Solution: Describe the organization’s Data Mining implementation and the benefits they realized from the implementation. What was the result of implementing Data Mining? Did they meet their objectives for fall short?

• Conclusion: Summarize the most important ideas from the paper and also make recommendations or how they might have achieved even greater success.

1. Develop a personal “operative paradigm” based on a review of the paradigmatic assumptions and concepts involved in each of the three basic methodological approaches in organization and management research. First, a brief review of the three basic methodological approaches in organization and management research is conducted. Second, the preferred personal “operative paradigm” is covered based on the following components: assumptions, concepts, propositions, hypotheses, variables, and operational definitions.
2. The body of your paper should be 8 pages long, written in good APA, and with at least 10 references.