11.1 - The Role of the Operations Department

Companies perform important pieces of “due care and due diligence” efforts which include correct policies, procedures, standards, and guidelines. These due diligence efforts require responsible, careful, cautious, and practical company practicing. It is important to identify systems and operations that are sensitive (meaning they need to be protected from disclosure) and critical (meaning they must remain available at all times). Organizations consider many threats including disclosure of confidential data, theft of assets, corruption of data,...

10.3 - Software Development Life Cycle

The Software Development Life Cycle consists of requirements gathering, design, development, testing/validation, and release/maintenance. Requirements gathering: Determines the why create this software, the what the software will do, and the for whom the software will be created Design: deals with how the software will accomplish the goals identified Development: programming software code to meet specifications laid out in the design phase Testing/validation:...

10.2 - System Development Life Cycle

A life cycle is a representation of development changes. Systems have their own developmental life cycle, which is made up of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal. These together are referred to as a system development life cycle (SDLC). Initiation: Need for a new system is defined Acquisition/development: New system is either created or purchased Implementation: New system is installed into production environment Operation/maintenance: System is used and cared for Disposal:  System...

10.1 - Where Do We Place Security?

Different Environments Demand Different Security - Network and security administrators are overwhelmingly having to integrate various applications and computer systems to keep up with company demand. Environment vs Application - Application controls and are very specific to their needs and in the security compromises they understand. Functionality vs Security - Code security and functionality is inherently built-i...

9.3 - Ethics

Ethics are based on many different issues and foundations because of this they are interpreted differently on an individual basis. Computer Ethics Institute is a nonprofit organization that works to help advance technology by ethical means. The Computer Ethics Institute has developed its own Ten Commandments of Computer Ethics: Thou shalt not use a computer to harm other people. Thou shalt not interfere with other people’s computer work. Thou shalt not snoop around in other people’s computer files. Thou shalt not use a computer to steal. Thou...

9.2 - Intellectual Property Laws

Intellectual property laws do not always concern themselves with what is right or wrong. Its main focus is on how organizations and individuals protect what they rightfully own from unauthorized use. This provides these entities options for what they can do if these laws are violated. Trade Secret This is something that is proprietary to an organization and vital for its profitability  and survival. For example, the trade secret that Coca-Cola owns is the formula used for their soft drink. This resource is highly confidential and protected...

9.1 - Complexities in Cybercrime

A majority of cyber attackers rarely caught because they mask their identities and addresses, this is known as spoofing. As we know, these attackers hack into networks, retrieve any resources they sought, and wipe clean all logs that may have tracked their activity. Often times, companies do not even know they have been violated. The Evolution of Attacks In the early days of computing, hackers were mainly made up of people who just enjoyed the thrill of hacking. True hackers saw this as a challenging game without any real intent of harm or damage....

8.1 - Business Continuity and Disaster Recovery

The goal of a business after a disaster is recovery. The steps required to minimize the effects of a disaster and disruption means that necessary actions are enacted to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner. This differs from continuity planning, which provides procedures for dealing with long-term outages and disasters. The goal of a disaster recovery plan is to handle the disaster...

7.5 - Internet Security

A common misconception that people tend to have is that the Web is the Internet, it is not. The Web actually runs on top of the Internet, it is the collection of servers that process websites. The Internet is the collection of physical devices and communication protocols that interact with these websites. Web browsers understand protocols because they have the capability to process the various types of commands; however, they do not understand all of them. For those protocols or commands the user’s browser does not know how to process, the user...

7.4 - Link Encryption vs. End-to-End Encryption

Encryption is performed with different types of protection and communication levels. Two general types of encryption implemented are link encryption and end-to-end encryption.  Link encryption, or online encryption, is provided by service providers and integrated into their network protocols. All of the information is encrypted, the packets must be decrypted at each point to the router to send the packet next. The router must decrypt...

7.3 - Public Key Infrastructure

Public key infrastructure contains programs, data formats, procedures, communication protocols, security policies, and public key cryptography working together. The public key establishes trust within an environment. This ISO framework uses public key cryptography it sets up authentication across various networks and the Internet. Public key cryptography is alternatively named as asymmetric algorithms. We need e-mail clients, e-mail servers, and e-mail messages, which together build a type of infrastructure—an e-mail infrastructure. PKI is made...

7.2 - Methods of Encryption

There are several parts to an encryption process; however, it should be noted that there are two main pieces: algorithms and keys. Algorithms used in computer systems are complex mathematical formulas enforce rules of how the plaintext will be turned into cipher-text. Keys are strings of bits that use these algorithms and add randomness for encryption. To allow entities to communicate through encryption, these entities must use the same algorithm...

7.1 - History of Cryptography

Cryptography is believed to originate in Egypt, around 2000 B.C. Hieroglyphics, at the time, were used to decorate tombs which told the life story of the deceased. This practice was to portray the story in a noble and ceremonial manner than to actually hide the messages themselves. Over time, encryption evolved from being visual representations of storytelling and into applications used to obscure information from others. For example, substitution cipher (replacement of characters with another characters), became a cryptographic method used....

6.5 - Networking Devices

There are several types of networking devices. These include LANs, MANs, and WANs that  provide intercommunication among computers and their networks. These different networking devices vary based on their capabilities and intelligence Repeaters These provide the most basic type of connectivity, by only repeating electrical signals between cable segments which enables it to extend a network at the physical layer. Additionally, repeaters are add-on devices that extend network connection over further distances. The device amplifies signals. Bridges Bridges...