Category: Computer Science

Use NIST SP 800-53 for all questions related to security controls.
1. Sarbanes-O

Use NIST SP 800-53 for all questions related to security controls.
1. Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Which title enforces IT security controls and explain how these controls can be implemented to protect banking assets.
2. Describe the critical success factors in implementing an efficient and effective information security risk assessment program.
3. The GAO Report, Information Security Risk Assessment, identified three methods of conducting and documenting the assessment. These three methods were discussed in class. Using the information from the case study provided below identify the pertinent threats, vulnerabilities, and recommended countermeasures using one of the risk assessment methods from the GAO Report.
Case Study: Recently, the Department of Veteran’s Affairs reported that an employee took a laptop computer home that contained records of millions of veterans. The computer was stolen. You were hired as an outside consultant to conduct a risk assessment and present the results to the Department’s Chief Information Security Officer so she can prepare for a Congressional testimony.
4. Based on previous discussions in class/online about FISMA security controls, answer the following questions:
a. Your IT enterprise is comprised of both host-based and network-based IDSs, application gateway firewalls, and VPN-enabled applications to support its sales department. Identify the security controls that each technology implements and explain how these controls support confidentiality, integrity, and availability.
b. Identify the appropriate security controls that apply to an organization that has medical applications. Specifically, identify 5 security controls and explain (1-2 paragraphs) how these controls help mitigate the risk of inadvertent disclosure of personal information, modification of data, or the availability of data.
c. You report to the CIO for a large financial institution and he/she tasked you to develop procedures to implement 5 Access Control mechanisms for the IT systems. Explain (1-2 paragraphs for each mechanism) how you would implement each control.
5. Using the Security Target for Bioscriipt, Version 2.1.3 (Bioscriipt, Version 2.1.3 see attached document in BlackBoard), identify the relevant security features for logical and physical access, and identify how these features would support best security practices (e.g., FISMA, SOX, or HIPAA). Select 5 security controls. Additionally, explain how these security functional requirements protect inadvertent disclosure of information, modification of data, and/or the availability of data.
6. Explain which NIST security controls enforce the Principle of Least Privilege.
7. Port scanning allows a user to sequentially probe a number of ports on a target system in order to see if there is a service that is listening. Explain how effective packet filtering can deter scanning probes from devices like FIN scanners.

In this task, you will design the capstone project approved by your instructor.

In this task, you will design the capstone project approved by your instructor. You will write a report about the security problem you identified in Task 1 and compile the information for your solution to that security problem into a report.

Discuss tools and techniques to remove Malware from infected machines; using a p

Discuss tools and techniques to remove Malware from infected machines; using a popular product to make your point.
Discuss the vulnerabilities that computer memory and computer process have that malware can take advantage of and exploit.

By the end of this lab, the student should be able to:
EO1: Apply the concepts f

By the end of this lab, the student should be able to:
EO1: Apply the concepts from APP100 to test against a company
Abstract
Bug Bounties provide a way for government and industry to provide Application Security Testing from the public and offer prizes for finding the flaws. This has implications on the black hat side, where an unethical hacker could find the flaws, not report the flaw, and try to exploit it for even bigger gains. However, the incentives for finding these flaws can encourage white hats or gray hats to find and report them, thus preventing an unethical hacker from having the opportunity.
The objective of this final APP100 lab is to use the knowledge gained so far in APP100 to conduct some of the beginning phases of a penetration test. This will be the final project for APP100.
System Requirements & Configuration
System Requirements
This lab will require a Kali Linux VM, which will be referred to as the lab machine.
Network Requirements
Internet access from the lab machine to the internet.
Software Requirements
Any browser and root access to the command prompt/terminal, along with word processing software.
Procedure – Detailed Lab Steps
Base Lab
The target organization is Uber. Uber is partnered with HackerOne. Read and understand the details of what that entails as well as scope, expectations, and rules using the following link: https://hackerone.com/uber?type=teamLinks to an external site.
Using the skills gained so far in this course and the template created in M1-1, create a penetration report for the target organization. Suggestions for questions to research are provided below. Make sure to provide evidence of what was found while creating the report:
Possible Uber Questions to Research
Question
Hint
List all of Uber’s subdomains
Recon-ng, Linux
List all of Uber’s IP addresses
Recon-ng, Linux
List all of Uber’s website technology?
Type of web server(s)
Language(s)/stack
Database(s) being used
Wapalyzer, web recon
Who hosts Uber’s DNS?
whois
Who hosts Uber’s servers?
whois
What are the MX records for Uber?
Linux
What are the whois points of contact?
whois
Identify ten people that work at Uber
Web recon
What type of corporation is Uber?
Web recon-look for certificates
How many services were discovered running on Uber’s servers and what are they?
Nmap, Nessus, Linux
What is the naming convention of employee email addresses?
Web recon, Recon-ng
What is the naming convention of Active Directory domain accounts?
Metadata recon
What employee email addresses were found?
Web recon
How many APIs were discovered?
Web recon
What are the highest risk vulnerabilities found?
Nessus
What banner information was obtained?
Ncat
Do any Uber websites support BASIC authentication?
Web recon
What breached Uber data was discovered?
Web recon
What is Uber’s biggest cyber security risk?
Submit a copy of the Penetration Test Report with all appropriate sections completed as a Word or PDF document.
Advanced Lab
Consider registering an account with HackerOne and submitting anything interesting found as a result of this lab.
References
https://hackerone.com/uber?type=teamLinks to an external site.
Rubric
Paper
Paper
Criteria Ratings Pts
This criterion is linked to a Learning OutcomeOrganization/Formatting
Was the paper was laid out properly? Was the paper properly formatted (margins, paragraphs, etc)?
10 pts
Excellent
Paper properly formatted. Contains all relevant sections, content well laid out. Executive Summary, Lessons Learned, Recommended Actions, Detailed Analysis, Relevant References (ex: Compliance Materials), Bibliography
7 pts
Good
Contains all relevant sections, layout difficult to follow. Some formatting issues.
4 pts
Fair
Some sections missing or content lacking. Formatting inconsistent throughout.
0 pts
Needs Improvement
Content not split into sections. No formatting.
10 pts
This criterion is linked to a Learning OutcomeContent
Was the content in each of the sections relevant for that audience? Executives, C-Suite, IR Team, etc.
5 pts
Excellent
All sections contained the proper detail and was written correctly for the target audience.
3 pts
Good
Content was too technical in the management sections (Exec Summary, etc.) or content not detailed enough in Lessons Learned or other sections.
2 pts
Fair
Content missing or seriously lacking for one or more sections.
0 pts
Needs Improvement
Sections left blank
5 pts
This criterion is linked to a Learning OutcomeVisuals
Was the paper visually appealing? This includes both the visual appearance and the appropriate use of charts, graphs, etc
5 pts
Excellent
Paper visually appealing, appropriate use of charts, graphs, etc.
3 pts
Good
Paper not well presented, or charts, graphs lacking appropriate detail
2 pts
Fair
Too few graphs or other visuals
0 pts
Needs Improvement
No graphs or other visuals
5 pts
This criterion is linked to a Learning OutcomeSpelling/Grammar
Appropriate spelling and grammar usage.
5 pts
Excellent
No noticeable spelling or grammar errors.
3 pts
Good
Minimal spelling or grammar errors
2 pts
Fair
Noticeable spelling or grammar errors
0 pts
Needs Improvement
Unacceptable number of spelling or grammar errors.
5 pts
Total Points: 25
Here are some samples:
https://www.offensive-security.com/reports/sample-penetration-testing-report.pdfLinks to an external site.
https://tbgsecurity.com/wordpress/wp-content/uploads/2016/11/Sample-Penetration-Test-Report.pdfLinks to an external site.
https://static1.squarespace.com/static/589316f3cd0f68e6bd715655/t/5d7ce2ed69433d1c3e3f7021/1568465657128/SAMPLE+Security+Testing+Findings.pdfLinks to an external site.
Links to an external site.http://youtube.com/watch?v=EOoBAq6z4ZkLinks to an external site. in conjunction with:
https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report/blob/master/Demo%20Company%20-%20Security%20Assessment%20Findings%20Report.docx
I did the first page I just need you to finish it please Thank you

DISCRETE MATH:
Homework problems from Section 4.3
Problem Numbers:
14, 17, 36, 3

DISCRETE MATH:
Homework problems from Section 4.3
Problem Numbers:
14, 17, 36, 38
Homework problems from Section 4.4
Problem Numbers:
13, 16, 21, 28, 29, 30
Need to be handwritten and then uploaded as a PDF file.
I recommend handwriting them legibly and then using a phone app that converts photos to PDF files.

Information Networks and Information Exchange, and The Role of Standard Terminol

Information Networks and Information Exchange, and The Role of Standard Terminology and Language in Informatics
Introduction:
Information systems/technology provide a mechanism to evaluate practice information systems and decision supports, and web-based learning or intervention tools to support and improve patient care and safety. This module will focus on understanding databases and clinical decision algorithms and how those tools benefit patient care scenarios and patient safety. The role of standardized languages in informatics will also be discussed.
Objectives:
Define the concept of health information networks
Differentiate between clinical-data networks and health information networks
Explain the value of interoperability for health information
Explain standardized healthcare terminology and its importance to nursing
Define the different types of terminology structures (NANDA, NIC, NOC, ICNP and SNOMED CT)
Describe how databases can be used in health care settings.
Describe basic principles of analytics for answering health care questions.
Reading and Lectures:
Hebda T., et al. Chapter 14 and 15
Articles:
Bates, D. W., Saria, S., Ohno-Machado, L., Shah, A., & Escobar, G. (2014). Big data in health care: using analytics to identify and manage high-risk and high-cost patients. Health Affairs, 33(7), 1123-1131.
Islam, M. S., Hasan, M. M., Wang, X., Germack, H. D., & Noor-E-Alam, M. (2018). A Systematic Review on Healthcare Analytics: Application and Theoretical Perspective of Data Mining. Healthcare (Basel, Switzerland), 6(2), 54. https://doi.org/10.3390/healthcare6020054
Ranji, S. R., Rennke, S., & Wachter, R. M. (2014). Computerised provider order entry combined with clinical decision support systems to improve medication safety: a narrative review. BMJ Qual Saf, 23(9), 773-780.
Lectures:
Chapter 14 and 15 Lectures
Websites to View:
Machine Learning in Health care https://www.healthcatalyst.com/clinical-applications-of-machine-learning-in-healthcare
Algorithms in Medicine https://www.youtube.com/watch?v=G1IsZeFR_Rk

You are a network administrator at XYZ, a large, publicly traded healthcare orga

You are a network administrator at XYZ, a large, publicly traded healthcare organization. XYZ has 25 sites across the region, 2,000 staff members, and thousands of patients.
Protecting sensitive customer information is highly important to XYZ management and stakeholders. Due to the nature of business and HIPAA requirements, XYZ is audited regularly. Your manager wants you to identify five critical controls that are typically verified during a compliance audit. The controls should be a part of the CIS Security Controls (Formerly known as the SANS Critical Security Controls for Effective Cyber Defense).
Based on this organizational scenario, complete the following tasks:
• Explain data recovery capabilities throughout the IT infrastructure that must be verified for compliance.
• Formulate a plan to help the organization strengthen data recovery capabilities.
Write a report that addresses the tasks above.
Submission Requirements for the Project document:
Format: Microsoft Word or compatible, APA format
Font: Font: New Times Roman, 12 pts,

it is a capstone project for a networking class. in the instruction, it says 2 t

it is a capstone project for a networking class. in the instruction, it says 2 tools but you only need to write about one tool which is Pfsense. I have a presentation on the paper and I have to show in a virtual machine, how the tool works and can be used as a prevention of attacks. please do not use chatgpt as this is a serious project. thank you

The first step is to create a Python programme that can write data to a file. Th

The first step is to create a Python programme that can write data to a file. The data is made up of a sequence of entries, each of which has two fields: a name of sales with its achieved target (assuming that the achieved traget should be above 500$ to be added to the file and that there is a requirement for input validation). Ideally, your program should: Allow the user to enter the number of records that they are required to enter by prompting them to do so. Example: Enter the number of records that you need to enter: 3 Enter the name: Salim Mamdouh Enter the target: 800 Enter the name: Rami Saad Enter the target: 1000 Enter the name: Sammer Marwan Enter the target: 2000 Enter the name: Hiba Fakri Enter the target: 100 The created file will be ii. Write the data to the file, making sure that each value that is entered is written on a page of its own. The following is an illustration of what the output of your programme ought to be (it is important to note that you should not utilise the same inputs): The expected output, based on the above records should be as follows: High target: 2000 Held By: Sammer Marwan Number of Scores: 3

Nested loops are used to handle any spreadsheet-type set of data, in which the o

Nested loops are used to handle any spreadsheet-type set of data, in which the outer loop manages the rows while the inner loop manages the columns.
Discuss the differences between while and for loops. Can you think of some examples of when a for loop would be the best structure to use?
Also, discuss the number of times a loop executes may depend on a constant or on a variable that changes.