Question

Question 1: Authorization [30%]
Consider the parts department of a plumbing contractor. The department maintains an inventory database that includes parts information (part number, description, color, size, number in stock, etc.) and information on vendors from whom parts are obtained (name, address, pending purchase orders, closed purchase orders, etc.). In an RBAC system, suppose that roles are defined for ‘accounts payable clerk’, ‘installation foreman’, and ‘receiving clerk’. For each role, indicate which items should be accessible for read-only and read-write access.
Some notes to help with interpretation (terms you may not have encountered before):
 Purchase orders are a request to purchase an item. They are opened once the vendor has been given a request for the item. They are closed once the item has been delivered AND it has been paid for.
 An accounts payable clerk is a person responsible for paying out money from an organization, such as when an organization buys an item from a vendor.
 A receiving clerk is responsible for accepting and processing the delivery of items from vendors.
Question 2: Malware [70%]
Choose two of the following major historical malware:
1. CodeRed
2. ILOVEYOU (No, the description was not hacked; this was the actual name of a major malware)
3. Nimda
4. MyDoom
For each of the malware you’ve chosen, answer the following questions:
1. How did it spread? (i.e. what was its propagation mechanism)
2. What was the payload? (i.e. what did it do, other than spread)
3. What was the trigger for its payload (when did it do its action? Did it start doing it from the start, or did it trigger on a given condition?)
4. What was the estimated total damage caused by this malware, in dollars?
5. Identify two strategies which could have stopped, or reduced the spreading of the malware?
6. In terms of recovery, would removing the virus be sufficient (e.g. by running an antivirus program), or should the whole system be reinstalled and restored from backup?
Why?

Solution Preview

This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.

Question 1
Creating roles (RBAC approach) makes the administration tasks easier at database level because the permissions (e.g. on tables) won’t be granted individually (e.g. per user), but only once at role’s level (and they propagate for all users who were assigned to the same role). A potential assignation of access modes for the provided example (based on the provided description) can be like below:
- Installation foreman role – this requires read-only access for part information;...

This is only a preview of the solution. Please use the purchase button to see the entire solution

Assisting Tutor

Related Homework Solutions

Technology & Product Review for Identity Governance & Administration (1080 words)
Homework Solution
$35.00
Technology
Product
Review
Identity
Governance
Administration
Centrify
Risk
Assessment
Software
Development
Strategic
Threat
Control
Security
Management
IGA
Access
Least
Privilege
Separation
Duties
Intellectual
Insider
Attack
Discl
Laws and Regulations from Cybercrime and Security
Homework Solution
$50.00
Law
Regulation
Cybercrime
Security
PET
Privacy
Enhancing
Technogloy
PII
Breach
Notification
Letter
European
Union
Data
Protection
Directive
Principle
Personal
Disclosure
NIST
Identifiable
Information
Social
Media
Concept
User
Fa
Two Digital Archaeology Questions
Homework Solution
$15.00
Art
Science
Digital
Forensics
Archaeology
Accurate
Analysis
Exculpatory
Incriminating
Evidence
Acquisition
Preservation
Get help from a qualified tutor
Live Chats