Please review and explain the following 8 scenarios. Each scenario must consist of 1.5 pages long with 1 citation in APA 7 format.
SCENARIO #1:
Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, share your thoughts about the degree of importance of the requirement.
SCENARIO #2:
Many cyber-attacks happen because of vulnerabilities in a system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities as noted on these sites:
- https://nvd.nist.gov/vuln/categories
- http://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
Explain a specific vulnerability and describe a famous attack that leveraged it. For example, the Morris worm leveraged the buffer overflow vulnerability. Explain, how the vulnerability can be prevented or minimized.
SCENARIO #3:
There are three main types of cryptographic algorithms:
- Secret key
- Public key
- Hash functions.
Read https://www.garykessler.net/library/crypto.html#intro to gain an understanding of the various applications of crypto. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied. For example, SSL uses 3DES or DES for message encryption.
SCENARIO #4:
An early attempt to force users to use less predictable passwords involved computer-supplied passwords. The passwords were eight characters long and consisted of lowercase letters and digits. A pseudorandom number generator produced them with 215 possible starting values. Using the technology of the time, the time required to search through all character strings of length 8 from a 36- character alphabet was 112 years. Unfortunately, this is not a true reflection of the actual security of the system. Explain the problem.
SCENARIO #5:
Because emails are the most common path used for intrusions, it is time for security professionals to take proactive steps to minimize this threat.
For this scenario, identify one countermeasure an organization could take to minimize the exposure of this threat. Be sure to indicate the process of implementing the countermeasure and the impact it would have on the organization as a whole.
SCENARIO #6:
Recently, virtualization technology has been in demand. Just like any new technology, security is an afterthought.
Explain the vulnerabilities of using virtual machines to host an operating system (OS). What steps can you take to reduce the risks associated with virtual machines?
SCENARIO #7:
You learned about database security. We will focus three topics for this discussion: (1) Inference in ordinary databases, (2) Inference in statistical databases, and (3) Database privacy (through encryption). Please pick one of these three topics and explain in your own words what the problem or issue is, how the issue is being addressed, and some of the concerns with the solutions being proposed.
SCENARIO #8:
Internet search engine providers like Google and Microsoft keep track of all the searches. The data is shared with federal government. Explain the ethical and legal ramifications of privacy pertaining to searches.
