Categories
IT Management

My Coupon and Porter’s Five Forces

Introduction

Why My Coupon?

This is a unique application for tablets and smart phone. MY COUPON entails not just coupon but also discount applications. It is a barcode scanner, location locator, and money saver. Our app targets all ages and interest. With our rewards system everyone will be evolved.

Categories
IT Management

Disseminating Organizational IT Security and Troubleshooting Best Practices

After several network security breaches, I have been tasked to increase the security of my company’s IT infrastructure as a part of my duties as senior systems administrator. An unauthorized individual managed to access the company’s network and several authorized users have been asked for their passwords by someone who claimed to be a member of our IT department. Therefore, I have been asked to implement IT troubleshooting best practices to improve the efficiency of solving these IT problems that are frequently experienced in this company.

Categories
IT Management

Windows 7 Workgroup Consultation

Sally Chu requires all six of her administrative staff members to have the same computer access privelages.She would like them to all be able to access the applications and use the shared printer network, but wants to prevent them from being able to make an accidental changes. To provide the most efficient method of creating user accounts for these employees, they will be each be made their own account with restricted access to certain activities that will be reserved for the administrator. The computers will be a part of a domain in which the network administrators will be able to program the security and permissions for all the computers that are a part of the network (Windows, n.d.) The easiest way to create the user accounts is to click the start option, access the control panel, click “User Accounts and Family Safety”, and then select “User Accounts”. After this screen, “Manage Another Account” should be selected and then six new accounts should be created that are unable to access administrative functions that are essential to the computer’s main functions. An individual account will be created for each employee to have access to each computer.

Categories
IT Management

A Key Concept in Information Systems

Introduction

Information is believed to be a key asset of any business today. No matter how exactly the business operates, disclosure of information to people that are not authorized to make changes to it or utilize it will be costly. The disclosure of information is a serious blow to any company, which may result in loyal customers’ loss, downgrade of the business’s reputation and image in the market, and considerable loss of business opportunities.

Categories
IT Management

Data Warehousing and Data Mining

Data warehousing is a useful tool for many companies because it creates an easily accessible permanent central storage space that supports data analysis, retrieval, and reporting (Rosencrance, 2011). Five benefits of using data warehousing include delivery of enhanced business intelligence, saving time, heightened and consistent data quality, ability to access previous information, and a high return of investment. Ultimately, data warehousing is ideal for businesses that make important decisions without consulting data. Creation of a data warehouse makes it simple for business professionals to consult various aspects of their business’s history, ranging from marketing information to profits and inventory needs. Since all of this information is located on a single system, it saves time compared to digging through paper files; in addition, this centralization will allow the IT department to focus on their other responsibilities which will increase the overall efficiency of the company. The data retrieved from a database can be made to appear in a consistent format, which will allow businesses to compare new data to data previously collected in a way that will give them a better understanding of their business’s progress. Lastly, practice has determined that data warehouse implementation allows businesses to generate more revenue than those who use other formats of data storage. Although the initial monetary investment necessary for data warehouses creation is expensive, many business owners believe that they are worth it. Databases are useful for data storage practices that support both enterprise and web-based applications. The use of this system allows company owners to collect data from the internet and convert this information into usable models that predict trends. Eventually, the company will be able to use this information to understand patterns that will help their business succeed.

Categories
IT Management

Children and Technology (PPT)

Children and Technology

Categories
IT Management

Children and Technology

Outline/Summary

The use of technology by children and adolescents spans many different activities, at school and in the home environment. This technology is available in many forms, including computers, smartphones, video gaming systems, and other devices. In many cases, these technologies offer significant benefits in the form of expanded learning and cognitive development. However, in other cases, these technologies are limiting and are often addictive, thereby impacting their lives in a negative manner. Therefore, a balance must be drawn that will encourage children and adolescents to use technologies wisely and in moderation in order to improve outcomes.

Categories
IT Management

Hardware Illustration

Personal-computer setup with at least two peripheral devices

A personal computer is a computer whose capabilities and size make it useful for users. Hardware comprises of the physical parts.

Categories
IT Management

Components of an Information Security Framework

Description: The below graph is designed to explain the importance of different aspects of information security and their place in the information security framework. It includes the main aspects and components of security frameworks, as described by Patil: (2008) people, technology and process. It highlights the necessary steps of information security in an organization to provide a visualization of data transferred and processed by IT systems.

Support: The below visual aid is designed to help those involved in information security understand the flow of information, the different processes of securing, encoding and retrieving data within information systems. It is also useful for those who would like to know how data can be filtered in order to avoid information overload and the different stages of filtering. The flowchart model was selected in order to help the audience understand which processes are involved in transforming people’s input into readable, safe and analyzable data.

 

 

            Visual Aid Script

  1. Input/People

Input is made by employees, third party and the system itself. They can be diverse based on data quality, level of procession and data type.

  1. Technology

Technology needs to be in place to pre-filter and select categories, sub-categories automatically. The technology should be designed to reduce the use of system resources and prepare data for processing. System storage is a tool that is able to securely store information before processing. While this is not necessary, it can be a useful feature. Companies need to make an informed decision considering the use of storage, resources and the regulations regarding backing up data. Post filtering and encoding is a successful method to eliminate security risks, prevent unauthorized use of data and protect customers’ details. Encoding is the oldest and most successful method of protecting written information. Pre-filtering allows users to select which type of information they would like to see and in which form.

 

  1. Process

Processing data is important for selecting visualization methods. The methods can be determined by the graphics engine, which sets the visualization based on user preferences from the encoded data. Logging and reporting is a feature of the process that allows users to share information safely and select which part of the information would be shared. The creation of graphs and reports is a good way of monitoring network security. The IDS Rainstorm is a tool that is built into data processing systems allowing administrators to identify and eliminate risk factors in the information system. Glossing is another tool that is designed to create alarm glyphs whenever a security risk is identified based on sender, data type, security certificates and source of data. Filtering is an additional tool that can be user-defined, to determine default views, the details to be processed and displayed.

 

Results

            Following the above simple and detailed information security framework has various benefits. First, it prevents information overload within organizations and internet systems. This results in a reduced use of resources; both technological and human. Time spent to filter the information can be reduced, and this can have a positive impact on the speed of processing, answering e-mails, queries and processing data sent through servers. Secondly, it is providing advanced filters that constantly measure risks associated with information transfer through servers.

           

Audience Questions

  1. How to achieve balance among organization, people, process and technology taking into consideration the risks involved in using information security systems?

A: There is a need for advanced organizational support from the management. It is important to employ people with high competency in secure data processing and information technology. Creating and communicating a security strategy and providing adequate training for employees is essential, while enabling people to participate in the design and implementation process is also important. Eliminating technological, organizational and human risk is a complex design to achieve a higher level of information security, prevent information overload and allow safe interaction within the company.

 

  1. What is an ideal information security culture like in an organization?

A: An information security culture needs to be intentional instead of functional, according to a recent ISACA report. (2009. p. 21.) Technologies need to be based on continuous risk assessment and process improvement. Security needs to be implemented into every project from the beginning. I.e. when introducing a new system for interacting with customers online through the website, the design needs to include security measurements. Creating awareness and gaining commitment regarding security is also important on an organizational level. Potential risks need to be communicated regularly.

 

  1. Which are the best security frameworks approved by government to implement in an organization?

A: There are different frameworks approved by the government, offering the same measures as seen in the visual aid. One of the most common systems is ISO/IEC 27001 & 27002 (formerly ISO 17799) used by organizations to get security certificates for their information technology, protect their data and customer information. Another framework is the Federal Enterprise Architecture Framework (FEAF). An organization needs to decide based on the level of security the system provides, industry requirements and internal policies which applies to their business most to make an informed decision. (Security architecture, 2009, 5)

References

Abdullah, K., Lee, C. P., Conti, G., Copeland, J. A., and Stasko, J. (2005, October).IDS RainStorm: Visualizing IDS Alarms. Proc. IEEE Workshops Visualization for Computer Security (VizSEC). IEEE CS Press, pp. 1-10. Retrieved from: http://www.rumint.org/gregconti/publications/20050813_VizSec_IDS_Rainstorm.pdf

Aneja, A., Rowan, C., & Brooksby, B. (2000, January). Corporate Portal Framework for Transforming Content Chaos on Intranets. Intel Technology Journal. Intel Corporation. Retrieved from: http://download.intel.com/technology/itj/q12000/pdf/portal.pdf

Burns, J. and Madey, G. R. (2001). A Framework for Effective User Interface Design for Web-Based Electronic Commerce Applications. Informing Science, Vol. 4 No. 2, 67-75. Retrieved from: http://inform.nu/Articles/Vol4/v4n2p067-075.pdf

Conti, G., Abdullah, K., Grizzard, J., Stasko, J., Copeland, J. A., Ahamad, M., et al. (2006, April). Countering Security Information Overload through Alert and Packet Visualization. IEEE Computer Society. Retrieved from: http://www.juliangrizzard.com/pubs/2006_conti_cga.pdf

Eppler, M. J. and Mengis, J. (2004).The Concept of Information Overload: A Review of Literature from Organization Science, Accounting, Marketing, MIS, and Related Disciplines. The Information Society, 20, 325-344. Retrieved from: http://www.bul.unisi.ch/cerca/bul/pubblicazioni/com/pdf/wpca0301.pdf

ISACA (2009) An Introduction to the Business Model for Information Security. Retrieved from: http://www.isaca.org/Knowledge-Center/Research/Documents/Intro-Bus-Model-InfoSec-22Jan09-Research.pdf

Juvvadi, S. (2003, June).Requirements for Managing Security Information Overload. GIAC Security Essentials Practical Assignment Version 1.4b. SANS Institute. Retrieved from: http://www.sans.org/reading_room/whitepapers/services/requirements-managing-security-information-overload_1147

Patil, J. (2008). INFORMATION SECURITY FRAMEWORK: CASE STUDY OF A MANUFACTURING ORGANIZATION. Mercy College.

Security Architecture Website. Security Management Frameworks. Retrieved from: http://securityarchitecture.com/docs/Security_Management_Frameworks.pdf

 

 

 

 

 

 

 

Categories
IT Management

Implementing Microsoft Windows Terminal Services and Remote Apps in a Branch Data Center Environment of a Small Financial Institution

Table of Contents

Review of Other Work. 1

Rationale and Systems Analysis. 6

Project Goals and Objectives. 10

Project Development:. 14

Project Deliverables. 14

Demonstrated Competencies:. 16

Competency Matrix. 17

References. 21

Additional Deliverables. 24

 

List of Tables

Table 1: Project Timeline with Milestones 30

Table 2: Demonstrated Competency Matrix. 32

Table 3: IT Competency Matrix. 33

 

List of Figures

Figure 1: Adirondack Bank 17 Branch Locations 2

Figure 2: Schematic of New Server Configuration. 24

 

Capstone Introduction

The seemingly spontaneous growth and rapid dissemination of current mobile technologies seems to have coincided with the worst global financial crisis (GFC) in history, which has grown progressively worse since its onset in August of 2007 and has had a profoundly dramatic effect on millions of businesses as well as business owners around the world (Swagel, 2009).  Bringing the failure of financial giants such the Lehman Brothers, Fannie Mae, and Freddie Mac, this GFC has made billions of people more cautious with their money and forever changed the demands on the banking indutry (Swagel, 2009).  The grip of the worst GFC on record has made people more anxious about entrusting their financial security to banks when so many have failed and mobile technology has provided the answer with new ways for people to monitor and manage their money through an explosion of mobile applications (Apps) that enables wireless devices to become mobile banking centers (Kellerman, 2002; Swagel, 2009).   Conctricted financial markets have made the already competitive financial markets so much more aggressive, which can also be  accredited to the precipitous spread of technological conveniences such as mobile banking and many financial centres, both small and large, have been required to adapt the  means for their customers to access their sensitive financial information securely while on the go using an online connection with their computing device or smart phone (Kellerman, 2002).  The dawning of the digital age ensured that the majority of businesses are computerized, but in the modern business age,  a smaller financial institution such as Adirondack Bank (AB) must have the right server configuration in order to support the mobile financial financial services today’s customer demands.

Categories
IT Management

Network Assignment

 Would you recommend using a firewall? Explain.

Firewall is considered as a baseline control for securing the network environment of any enterprise. In general, routers are equipped with built-in firewall, such as Network Address Translation (NAT) or other software based packet filtration. However, a separate hardware based firewall is recommended for small medium enterprise or a global enterprise. Hackers are now using advanced methodologies for penetrating within the network. One of the examples are Advanced Persistent Threats (APT) that uses advanced encryption algorithms and phishing techniques. Once a network is compromised, confidential information such as trade secrets may be leaked and reputation or an organization will be at stake, for instance, banks may lose their clientele or may even become bankrupt if personal information is leaked such as credit card numbers.

Would you recommend using antivirus filtering? Explain.

Antivirus is also considered as a baseline security control that is considered mandatory for a computer network to be protected.  The primary purpose of Antivirus is to detect and clean viruses from the system. Antivirus filtration is configured for detecting viruses attached to an E-mail, once the recipient open the attachment within the E-mail, virus files are executed.

 Would you recommend an intrusion detection system? Explain.

Previously, firewall and antiviruses were adequate for securing a corporate network from threats and viruses from the World Wide Web. Today, security threats are continuously increasing, as hackers are using advance techniques capable of exploiting even the smallest of vulnerabilities. Intrusion detection systems are now mandatory, as they provide alert messages prior to an attack. These alerts inform the concerned personnel to isolate the infected machines from the network or initiate an action plan to combat against the threat.

When an IDS generates alerts, it can send them to a console in the security center, to a mobile phone, or via e-mail. Discuss the pros and cons of each.

The first major benefit for transmitting these messages is the information about the security breach that is about to happen. Likewise, receiving this information early provides time to the concerned personnel to initiate an action plan, as per the scenario. Moreover, a reliable information channel is preferred, for instance, SMS on cell phone is more relevant, as it is quickly accessible. If these messages are transmitted via email and the employee is not available in office, the information will not be effective. Furthermore, if these messages are accessed via unknown personnel, they can be misused. Hence, the messages generated by IDS must be secure and must be transmitted via reliable and secure medium.

Examine the integrated log file shown in Figure 9-15 of the text.

 Identify the stages in this apparent attack, b). For each stage, describe what the attacker seems to be doing.

There are total 3 stages in this attack. The first stage incorporates a password attempt for accessing E-mails. The second stage incorporates a successful login to the SMTP server. The third stage incorporates retrieving emails from the SMTP server to the attacker’s location. The attacker has tried more than one password attempts to login the SMTP server. After gaining access to SMTP server by using the ID: Lee, the hacker deactivated host log entries. Moreover, data is also transferred from TCP.

Decide whether the actions in this stage work at human speed or at a higher speed, indicating an automated attack.

By reviewing the time sequence, it is obvious that it was a dictionary attack on the User Id: LEE. The logs are clearly demonstrating the evidence, as first login attempt was at: 08:45:07:49, the second login attempt was at: 08:45:50:18.

Decide whether the evidence in each stage is suggestive of an attack or conclusive evidence.

Logs in the figure shows that the attacker used a dictionary attack that randomly checked the password, or maybe there is a possibility of guessing the password of the user. Moreover, host logs were also disabled so that there will be no evidence of an unknown host present on the network.

Overall, do you have conclusive evidence of an attack?

There were two wrong attempts on Login ID: Lee. Moreover, host logs were also disabled, as these logs provide information of the hosts present on the network. Furthermore, data was transferred via SMTP as well as TCP.

Do you have conclusive evidence of who committed the attack?

60.3.4.5 As a suspicious IP address that guessed the password or used a random dictionary attack with 40 seconds time interval. After disabling the host logs, data was transferred via SMTP and TCP.

A firm is trying to decide whether to place its backup center in the same city or in a distant city. List the pros and cons of each choice.

The disaster recovery site must not be available in the same geographical region. One advantage is that for testing the disaster recovery site, resources are easy to manage, as the site is located within the same region. However, if a disaster hits one region, for instance, if earthquake occurs, the primary location as well as the disaster recovery site may be damaged. Whereas, if the disaster recovery site is located in geographically different location, risk is minimum.

To get out of taking exams, students occasionally phone in bomb threats just before the exam. Create a plan to deal with such attacks. This should take one single-spaced page. It should be written by you (a policy advisor) for your dean to approve and post in your college.

For dealing with this scenario, federal police helpline or bomb disposal helpline should be informed immediately. The government officials can investigate the originality of the caller and the bomb evidence can be investigated separately by the bomb disposal squad.  Moreover, for minimizing the delay of the exam timings, a separate facility needs to be arranges in a safe secondary location that must not be too far away. The secondary location must be within a reach of every student.  However, the exams must be delayed for some time in order to investigate the primary facility by bomb disposal squad. If the bomb disposal squad gives 2 hours or above for investigation, the secondary location plan will be executed, all students and their guardians must be informed about the slight change in exam timings along with the secondary location address. If the bomb disposal squad declares no bomb or bomb has been diffused, students of the second shift will conduct the exam on the primary location.

After you restore files following an incident, users complain that some of their data files are missing. What might have happened?

The plan has not addressed the recovery time objective adequately. Secondly, there is a possibility that the backup schedule is at 5:00 PM and the incident takes place on 4:30 PM, eventually the data will be available till yesterday 5:00 PM.

Categories
IT Management

Network Security

Honeypot Networks

Honey pot networks are the most advanced form of security, as they are also considered as advanced intrusion detection systems. Likewise, honeypot networks provide hackers to access the demilitarized zone and show itself as the actual network. The honeypot systems are expensive and are part of the security infrastructure of an organization. Moreover, honeypot networks can be utilized for improving an organization’s information security policy.

Categories
IT Management

Network security

1) Do you think programmers should be allowed to develop server-side dynamic Web pages, given the dangers that are involved in their doing so?

Server Side dynamic web pages pose one the largest internet security threat. The server side dynamic web pages use CGI applications and SSI-enabled web pages, but are insecure because poorly written code produces holes, leaks, and back doors on a system that would otherwise be safe. The programmers should know that CGI applications and SSI pages create the three most common security risks such as information leaks, gives access to potentially dangerous system commands or applications, and may deplete system resources.

The information leaks provide the hacker with the information that provides them with the weapons that they could use to break into the server. This brings out the fact that dynamic server side pages pose a security threat to a system because the hacker gets access to information that should be hidden to the hacker. The Server Side dynamic web pages pose security threats where hackers use the commands to gain access to the services of the server that they could use for their own gain. Example is using HTML form based script; the hacker uses this information to send fraudulent messages to client get confidential information.

Categories
IT Management

Business Impact Analysis

Section One

Establishing a successful framework for business continuity in the wake of disrupted operations or when a disaster strikes requires a comprehensive understanding of such areas as financial assets and their influence on business operations as well as information systems resources that are readily available. It is imperative that knowledgeable and experienced team members recognize the most critical priorities in these scenarios, including sustainable business functions, the availability of financial resources, and recovery time frameworks. Security policies may be in different stages of their life cycles; therefore, the stage must be evaluated to determine how to move forward in the event of a significant disruption (Johnson and Merkow, 2011). In the event that disaster strikes, the systems team should already have established roles and responsibilities to assess the damage and to take the steps that are necessary to promote recovery with as little permanent malfunction as possible (Johnson and Merkow, 2011).