Question

In: Computer Science

Q4. Out of three levels of security I.e. Infrastructure security, Application security and Operational security, we...

Q4. Out of three levels of security I.e. Infrastructure security, Application security and Operational security, we can only deal with application security. Although it is the area we work on, but overall security of even our application depends upon the organizational security policies. Do you agree? Comment using an example.

Q5. There are 4 types of security threats namely, Interception, interruption, modification and fabrication. As a software programmer, what threat is the one you may work to avoid and how?

Q6. There are 10 Design guidelines for security engineering given in the book. Which you think is the most important and should be used in your everyday software development practices.

Solutions

Expert Solution

Firstly we understand what is infrastructure,operational,Application security.firstly we know about operational security,Operational security another name is procedural security,

  • it is a risk management process the main concept of operational security that view operations from the perspective order .
  • it protect sensitive information from falling into the wrong hands.
  • different operations are done.

Then next is Application level security refers to security services that are invoked at the interface between an application and a queue manager.Application security may include hardware, software, and procedures that identify or minimize security vulnerabilities.Application level security is also known as end-to-end security/ message level security.just example of A message can be encrypted when it is put on a queue by an application .
message is decrypted when it is retrieved by the receiving application. This is an example of a application level confidentiality service.when application and queue manager are connected .it is prevent data or code within the app from being stolen or hijacked.

Network infrastructure security applied to IT industry,it protecting the underlying networking infrastructure.infrastructure by installing preventative measures to deny unauthorized access, modification, deletion.
These security measures can include access control, application security, firewalls, virtual private networks (VPN), and wireless security.

An organizational security policy is a set of rules or procedures .it is produced by an organization on its operations to protect its sensitive data.Organizational security policies are,

  •   Security policies should set out general information access strategies that should apply across the organization.
  • From a security engineering perspective, the security policy defines, in broad terms, the security goals of the organization.
  • The point of security policies is to inform everyone in an organization about security.
  • The security engineering process is concerned about implementing these goals.

fig:Security policy life cycle

Application depends upon the organizational security policies.for example the majority of your staff have little understanding of security issues, and there is no reason to expect that to change unless the organization does its part to correct the situation. the part of the organization to adequately prepare staff for making security policy a part of the work environment protect a system from threats .protect from unauthorized access.for example social media webiste the application changed based ob the organizational policy. Company ABCD must protect restricted, confidential or sensitive data from loss to avoid reputation damage .protect data of the companey.provide security.This policy outlines the requirements for data leakage prevention, a focus for the policy and a rationale.  The protection of data in scope is a critical business requirement, flexibility .It’s primary objective is user awareness and to avoid accidental loss scenarios. overall security of even our application depends upon the organizational security policies. i agree this statements.


Related Solutions

Describe each of the 5 main types of cyber security: 1) Critical infrastructure security: 2) Application...
Describe each of the 5 main types of cyber security: 1) Critical infrastructure security: 2) Application security: 3) Network Security: 4) Cloud security: 5) Internet of things security
This is to done in Java: create the infrastructure for building a word cloud application. We...
This is to done in Java: create the infrastructure for building a word cloud application. We will do so by 1) Reading the content of a text file and creating a binary tree of words in that file. When a duplicate word is encountered. we simply increase the frequency count of that word in its corresponding node. In other words, the nodes in the tree have two parts. One part maintains the word, and the other maintains the frequency count....
It is required to find out the day night equivalent noise levels at location. The three...
It is required to find out the day night equivalent noise levels at location. The three hourly day average values in dB are 45,58,50,61,64 and the three hourly night average values in dB are 48,42,28. compute Ldn.
In this course, we examined health care organizations in terms of three major aspects: Cultural, Operational...
In this course, we examined health care organizations in terms of three major aspects: Cultural, Operational and Strategic; and then looked at each of the major functional areas, such as Clinical, Physician Organization, Nursing, HR, Finance, Marketing and Strategy, Environment of Care and others. Why would it be helpful for a manager, who may be working in only one department, to understand what everyone else does?
You can use up to three levels of security and protection to control who can access...
You can use up to three levels of security and protection to control who can access and change your Excel data. Please describe two of the three levels and how you access each of them.
snowboards are typically made out of a thermosetting polymer (i.e. a three dimensionally connected glassy polymer)....
snowboards are typically made out of a thermosetting polymer (i.e. a three dimensionally connected glassy polymer). what type of mechanical behavior would you expect from that type of polymer and why do you suppose reinforcing the polymer with fiber would alleviate problems that might occur due to the mechanical behavior of the polymer?
Describe the three-schema architecture. Why do we need mappings among schema levels?
Describe the three-schema architecture. Why do we need mappings among schema levels?
This week in Chapter 3 we read about three different security measures of HIPPA: administrative, physical,...
This week in Chapter 3 we read about three different security measures of HIPPA: administrative, physical, and technical standards. Briefly describe each and give an example. Your answer must be at least 250 words in length
Suppose we observe the three-year Treasury security rate (1R3) to be 4.6 percent, the expected one-year...
Suppose we observe the three-year Treasury security rate (1R3) to be 4.6 percent, the expected one-year rate next year—E(2r1)—to be 5.2 percent, and the expected one-year rate the following year—E(3r1)—to be 6.2 percent. If the unbiased expectations theory of the term structure of interest rates holds, what is the one-year Treasury security rate?(Do not round intermediate calculations. Round your answer to 2 decimal places. (e.g., 32.16))
Suppose we observe the three-year Treasury security rate (1R3) to be 11 percent, the expected one-year...
Suppose we observe the three-year Treasury security rate (1R3) to be 11 percent, the expected one-year rate next year E(2r1) to be 4 percent, and the expected one-year rate the following year E(3r1) to be 5 percent. If the unbiased expectations theory of the term structure of interest rates holds, what is the one-year Treasury security rate, 1R1?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT