Empirical Study Of Rationality Based Beliefs And Information

Loss of service and its consequences

Discuss about the Empirical Study Of Rationality Based Beliefs And Information.

1. A) List at least three kinds of harm a company could encounter from loss of service or failure of availability. List the product or capability to which access is lost and explain how this hurts the company.

The three kinds of harm that a company could encounter from loss of service are loss of transaction, drop in investor confidence along with customer frustration. For the case of online banking system, the customers can be frustrated and leave the bank if the service I down and hence this might hurt in terms of losing clients of the bank (Krutz & Vines, 2013).

1. Humans are said to be weakest link in any security system. Give an example for the following:
2. i) A situation in which human failure can lead to failure of encrypted data.

People neglects to change the key, and in that case they are given a chance to hack data.  Accordingly, humans usually fail to change the cryptographic keys when needed. Since, humans are known to careless to discarding sensitive materials which can lead to spy access to the plain text

1. ii) A situation in which human failure can lead to compromise of identification and authentication.

The authentication and identification of the user data is always done you forget the access code or entering wrong code (Stallings, Brown, Bauer, & Bhattacharjee, 2016). On the other hand, if the scenario where the passwords are wrote on paper the phone numbers as used as passwords which is a very easy where that an intruder can access their credentials.

1. b) The hash function that HAS BEEN used by two router (A&B) for authentication is (x/y+13+11). Where x is the random number and y corresponds to password. The random number which has been used by router A is 25 and the number value for the CISCO is 5. What will be the result which router B will send to A for authentication.

1. a) Using a standard terminology. Define encryption and decryption techniques. Your answer should be supported by relevant equations and diagrams.

Some of the encryption and decryption techniques are: Cryptography which is the study of creating and using encryption and decryption techniques. The plaintext is data before any encryption has been performed. The cipher text is defined as data after encryption has been performed (West-Brown, Stikvoort, Kossakowski, Killcrece, & Ruefle, 2013).

1. b) List at least 2 advantages and disadvantages of stream and block encryption algorithms.

The advantages of stream encryption algorithm is that it has a speed of transformation which is linear in time and constant in space. The second advantage is that it has low error propagation. Its disadvantages are low diffusion and susceptibility to insertions (Stallings, Brown, Bauer, & Bhattacharjee, 2016). As an illustration, all the information of a plaintext symbol is contained in a single cipher text symbol. Accordingly, the active interceptor that breaks the algorithm might insert spurious text which looks authentic.

The advantages of the block encryption are high diffusion where information from one plaintext symbol is diffused into several cipher text symbols. The second advantage is the immunity to tampering, which is difficult to insert symbols without any detection. Some of the disadvantages are slowness of encryption along with error prorogation.

1. A) Types of attacks (1) man in the browser, 2) keystroke logger, 3) page in the middle, 4) program download substitution)

The man in the browser is one of the dangerous attacks where the Trojan horse is used to gain crucial information from the users of websites (Grance, Kent & Kim, 2015). Keystroke logger attack usually steals personal identifiable information, the login credentials along with sensitive data. The page in the middle attack is where a malicious individual inserts himself into conversation between two parties to gain access of information between the two. Lastly, the program download substitution is where the attacker presents a page with a desirable program for the user to download.

1. b) A CAPTCHA puzzle is one way to enforce that certain actions need to be carried out by a real person. However, CAPTCHA’S are visual, depending not just on a person’s seeing the image but also on a person’s being able to recognize distorted letters and numbers. Suggest another method usable by those with limited vision.

Human carelessness in security

The common method is playing a spoken word. If there is something more complicated which is needed. Then the system can play audio of simple math problem which any really user is able to solve. Accordingly, the Egglue Semantic CAPTCHA usually generates text CAPTCHA challenges for protection of websites from automated spam (Cichonski, Millar, Grance & Scarfone, 2013).

1. A) In terms of protecting the memory and addressing. Briefly explain the concept of fence, fence register and base/bound registers.

Fence is usually a method to confine the users to one side of the boundary. However, it is a predefined memory address so that the operating system resided on one side while the user on the other side. The fence registers contains addresses of the end of OS. In that case, each time a user program generates an address for data modification, the address automatically compares against the fence address. Lastly, the base and bound registers is similar to fence registers but then this one has additional value since it is added to indicate the upper address limit.

b) Briefly explain the difference between link encrypting and end to end encryption.

Link encryption usually encrypts and decrypts all the traffic at each end of a communication line. On the other hand, the end-to-end encryption encrypts the message by the sender at the point of origin which is only decrypt by the respective user (Alberts & Dorofee, 2014).

1. a) Briefly explain how stateful inspection firewall works.

The stateful inspection firewall usually examine each IP packet in context. Accordingly, it always keeps tracks of the client-server sessions along with checking each packet validly owned.

1. b) Briefly explain the expansion permutation and choice permutation steps of DES. Also write down just the names of 4 steps which are being used in each round of AES.

The expansion permutation is an operation that expands the right half of the data R from 32 bits to 48 bits since it changes the order of bits as well as repeating particular bits. It usually provides longer results which can be compressed during the substitution operation. On the other hand, choice permutation usually similar functions to load C and D 28 bit registers.

The four steps which are being used in each round of the AES are as highlighted below. The first step is sub bytes for byte by byte substitution during the forward process. The second step is shift rows for shifting the rows of the state array during forward process. The third step is mix columns for mixing up the bytes in each column separately during forward process. The last step is add round key.

7) For cryptography purpose, we have used various kinds of techniques to encrypt our plain text. We have the plain text “TREATY IMPOSSIBLE”. First of all, we have used the ceaser cipher to encrypt it.

Encryption and Decryption Techniques

Then the encrypted data has been passed through Vernam cipher using the random number series”76 48 16 82 44 3 58 11 60 5 48 88 4 47 41 30. What is the ciper text?

Plain text is equivalent to “TREATY IMPOSIBLE” Ceaser cipher utilizes (X+N) mod 26 to encrypt plain text into cipher text. X is a character of the plain text and hence N defines the shift. If N=3, then alphabets are represented by numbers which starts from 0 A is 0, B is 1 and so on. T is 19, by the cipher (19+3) mod 26= 22

Similarly, R is 17. In that case, using cipher TREATY IMPOSSIBLE becomes “wuhdwb ipsrvvleoh”. When the encrypt data is passed through vernam cipher using the given number series, the cipher text becomes UQXHOERAAWRAAWRFPZDL.

1. a) List and briefly describe at least 3 requirements of implementing database security.

The database assurance arrangement needs to have these components of database security. The first one is consistency which is usually an essential piece of database arrangement. The second one is auditability where it is possible to be tracked to see who has had access to the elements in the database (Grance, Kent & Kim, 2015). The last one is the element integrity so as to make sure that all the data contained in the database is accurate (Richardson & Director, 2014).

1. b) You are opening an online store in a cloud environment. What are 3 security controls you might use to protect customer’s credit card information? Assume that the information will need to be stored.

The three controls which I might use to protect the customers credit card information are as highlighted below. The first one is the installation and maintenance of the firewall configuration in order to protect cardholder data. The firewalls usually works like filters between the computer and the internet because they are programmed to control the resource coming in or moving out of the cloud (Freiling & Schwittay, 2017). The second control is cease from using the vendor-supplied defaults for system passwords along with other security parameters. In that case, this will help to prevent the existence of backdoor in the system which can be used to gain or corrupt access to customers’ credit information.

The last control is to encrypt the transmission of cardholders’ data across open and public networks. The encryption usually helps to protect data at rest. However, the use of the encrypt data usually secure communication channel like SSL/TLS protects different attacks such a MITM attacks where data can be accessed by the invader.

References

Krutz, R. L., & Vines, R. D. (2013). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.

West-Brown, M. J., Stikvoort, D., Kossakowski, K. P., Killcrece, G., & Ruefle, R. (2013). Handbook for computer security incident response teams (csirts) (No. CMU/SEI-2003-HB-002). Carnegie-mellon univ pittsburgh pa software engineering inst.

Freiling, F., & Schwittay, B. (2017). A common process model for incident response and digital forensics. Proceedings of the IMF2007.

Richardson, R., & Director, C. S. I. (2014). CSI computer crime and security survey. Computer security institute, 1, 1-30.

Grance, T., Kent, K., & Kim, B. (2015). Computer security incident handling guide. NIST Special Publication, 800(61), 11.

Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2016). Computer security: principles and practice (pp. 978-0). Pearso

Jones, K. J., Bejtlich, R., & Rose, C. W. (2016). Real digital forensics: computer security and incident response (pp. 3-4). Addison-Wesley.

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2013). Computer security incident handling guide. International Journal of Computer Research, 20(4), 459.

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2014). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), 523-548.

Alberts, C. J., & Dorofee, A. (2014). Managing information security risks: the OCTAVE approach. Addison-Wesley Longman Publishing Co., Inc.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order