Question

Question 1: Authorization [30%]
Consider the parts department of a plumbing contractor. The department maintains an inventory database that includes parts information (part number, description, color, size, number in stock, etc.) and information on vendors from whom parts are obtained (name, address, pending purchase orders, closed purchase orders, etc.). In an RBAC system, suppose that roles are defined for ‘accounts payable clerk’, ‘installation foreman’, and ‘receiving clerk’. For each role, indicate which items should be accessible for read-only and read-write access.
Some notes to help with interpretation (terms you may not have encountered before):
 Purchase orders are a request to purchase an item. They are opened once the vendor has been given a request for the item. They are closed once the item has been delivered AND it has been paid for.
 An accounts payable clerk is a person responsible for paying out money from an organization, such as when an organization buys an item from a vendor.
 A receiving clerk is responsible for accepting and processing the delivery of items from vendors.
Question 2: Malware [70%]
Choose two of the following major historical malware:
1. CodeRed
2. ILOVEYOU (No, the description was not hacked; this was the actual name of a major malware)
3. Nimda
4. MyDoom
For each of the malware you’ve chosen, answer the following questions:
1. How did it spread? (i.e. what was its propagation mechanism)
2. What was the payload? (i.e. what did it do, other than spread)
3. What was the trigger for its payload (when did it do its action? Did it start doing it from the start, or did it trigger on a given condition?)
4. What was the estimated total damage caused by this malware, in dollars?
5. Identify two strategies which could have stopped, or reduced the spreading of the malware?
6. In terms of recovery, would removing the virus be sufficient (e.g. by running an antivirus program), or should the whole system be reinstalled and restored from backup?
Why?

Solution Preview

This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.

Question 1
Creating roles (RBAC approach) makes the administration tasks easier at database level because the permissions (e.g. on tables) won’t be granted individually (e.g. per user), but only once at role’s level (and they propagate for all users who were assigned to the same role). A potential assignation of access modes for the provided example (based on the provided description) can be like below:
- Installation foreman role – this requires read-only access for part information;...

This is only a preview of the solution. Please use the purchase button to see the entire solution

Assisting Tutor

Related Homework Solutions

Laws and Regulations from Cybercrime and Security
Homework Solution
$50.00
Law
Regulation
Cybercrime
Security
PET
Privacy
Enhancing
Technogloy
PII
Breach
Notification
Letter
European
Union
Data
Protection
Directive
Principle
Personal
Disclosure
NIST
Identifiable
Information
Social
Media
Concept
User
Fa
Cybercrime - Case Audrey Elaine Elrod
Homework Solution
$13.00
Cybercrime
Security
Case
Suspect
Audrey
Elaine
Elrod
Report
FBI
FTC
Federal
Bureau
Investigation
Trade
Commission
Department
Justice
Name
Pseudonym
Date
Title
Description
Place
Incident
Motivation
Target
Individual
Attack
Group
Digital Forensics FISA Assignment
Homework Solution
$20.00
Digital
Mobile
Forensics
FISA
Report
US
Department
Justice
Congress
FISC
Application
Access
Calendar
Year
Request
National
Security
Letter
Authorities
Attorney
General
Surveillance
Appeal
Judge
Patriot
Act
District
Columbia
Pre
Get help from a qualified tutor
Live Chats