IT Security and Policies: Assignment 2
Added on 2023-01-12
10 Pages1829 Words92 Views
|
|
|
Assignment 2
Deadline: Saturday 06/04/2019 @ 23:59
[Total Mark for this Assignment is 6]
College of Computing and Informatics
Instructions:
This Assignment must be submitted on Blackboard (WORD format only) via the allocated
folder.
Email submission will not be accepted.
You are advised to make your work clear and well-presented, marks may be reduced for poor
presentation. This includes filling your information on the cover page.
You MUST show all your work, and text must not be converted into an image, unless specified
otherwise by the question.
Late submission will result in ZERO marks being awarded.
The work should be your own, copying from students or other resources will result in ZERO
marks.
Use Times New Roman font for all your answers.
IT Security and Policies
Student Details:
Name:###
CRN:###
ID:###
Deadline: Saturday 06/04/2019 @ 23:59
[Total Mark for this Assignment is 6]
College of Computing and Informatics
Instructions:
This Assignment must be submitted on Blackboard (WORD format only) via the allocated
folder.
Email submission will not be accepted.
You are advised to make your work clear and well-presented, marks may be reduced for poor
presentation. This includes filling your information on the cover page.
You MUST show all your work, and text must not be converted into an image, unless specified
otherwise by the question.
Late submission will result in ZERO marks being awarded.
The work should be your own, copying from students or other resources will result in ZERO
marks.
Use Times New Roman font for all your answers.
IT Security and Policies
Student Details:
Name:###
CRN:###
ID:###
Pg. 1 Question OneQuestion One
Question One
Q1) what is the difference between the sender and the holder of the digital
certificate? How to consider that a digital certificate is valid? How can one
obtain a digital certificate for one public key without disclosing the private key?
Answer: Digital certificates are issued by trustworthy third parties who are the
senders of the digital certificate to the receivers whereas holders of a digital certificate
may be an organisation or a person or any web entity or a software application to
whom the digital certificate is issued (Huston and Michaelson 2016). The senders of
the digital certificates or the trusted third-party authorities are considered as the private
key of the digital certificate whereas the holder of the digital certificates are considered
to be as the public key and like any other driving license or any other digital
certificates, it binds all information about its holder including the photographs.
A digital certificate is often valid for a period of 1 or 2 years from the date the
certificate is downloaded. But a subscriber needs to consider some method in order to
check the validity of the digital certificate in order to avoid some probable business
loss as a result of the expired certificate (Greene 2014)
In order to consider the validity of a digital certificate a ProxKey token is used which
notifies the subscribers about the validity balance of the certificate.
One can obtain a digital certificate for one public key without disclosing the private
key with the help of a a secured public key infrastructure. Public key cryptography is
one of the widely used secured policy infrastructure in order to protect the user by
ensuring the privacy of the private key to digitally sign the documents by only using
the public key operations by making use of modern operating systems, custom billing
systems and implementing commercial security products as its hardware and software
components.
1.5 MarksCourse Learning
Outcome(s):
Chapter 10
LO 2: Develop
security policies
and put in place
an effective
security
architecture that
comprises
modern hardware
and software
technologies and
protocols.
Question One
Q1) what is the difference between the sender and the holder of the digital
certificate? How to consider that a digital certificate is valid? How can one
obtain a digital certificate for one public key without disclosing the private key?
Answer: Digital certificates are issued by trustworthy third parties who are the
senders of the digital certificate to the receivers whereas holders of a digital certificate
may be an organisation or a person or any web entity or a software application to
whom the digital certificate is issued (Huston and Michaelson 2016). The senders of
the digital certificates or the trusted third-party authorities are considered as the private
key of the digital certificate whereas the holder of the digital certificates are considered
to be as the public key and like any other driving license or any other digital
certificates, it binds all information about its holder including the photographs.
A digital certificate is often valid for a period of 1 or 2 years from the date the
certificate is downloaded. But a subscriber needs to consider some method in order to
check the validity of the digital certificate in order to avoid some probable business
loss as a result of the expired certificate (Greene 2014)
In order to consider the validity of a digital certificate a ProxKey token is used which
notifies the subscribers about the validity balance of the certificate.
One can obtain a digital certificate for one public key without disclosing the private
key with the help of a a secured public key infrastructure. Public key cryptography is
one of the widely used secured policy infrastructure in order to protect the user by
ensuring the privacy of the private key to digitally sign the documents by only using
the public key operations by making use of modern operating systems, custom billing
systems and implementing commercial security products as its hardware and software
components.
1.5 MarksCourse Learning
Outcome(s):
Chapter 10
LO 2: Develop
security policies
and put in place
an effective
security
architecture that
comprises
modern hardware
and software
technologies and
protocols.
Pg. 2 Question OneQuestion One
Question Two
Q2) Describe the relationship between the incident response and the forensic
analysis.
Answer: Incident response: Incident response process is defined as a set processes
which aims at identifying, responding and investigating the potential incidents of
security in order to minimize the impact of the risk and by supporting rapid recovery
of the incident. Incident response plan is implemented by gathering information at any
step when possible (Schneier 2014).
Forensic analysis: Forensic analysis is defined to be a process of detailed
investigation which is used for documenting and detecting the process, culprits and
other consequences related to the incident (Pichan, Lazarescu and Soh 2015).
Incident response and forensic analysis fall under the same discipline which consists
of tools and data sets. Incident response is usually considered as the subset of the
forensic analysis discipline. Both types of researches require a strong foundation for
the analysis of the log and malware capabilities. Digital forensic analysis and incident
response process is related to each other as both of them are the applications of cyber
security forensic which is used to examine the malware attacks or any type of data
breach. The community of law enforcements uses the method of digital forensic
analysis using software and hardware in order to collect information and implement an
incident response plan from the network.
1.5 Marks
Course Learning
Outcome(s):
Chapter 11
LO 6: Recognize
processes to
implement and
enforce policy.
Question Two
Q2) Describe the relationship between the incident response and the forensic
analysis.
Answer: Incident response: Incident response process is defined as a set processes
which aims at identifying, responding and investigating the potential incidents of
security in order to minimize the impact of the risk and by supporting rapid recovery
of the incident. Incident response plan is implemented by gathering information at any
step when possible (Schneier 2014).
Forensic analysis: Forensic analysis is defined to be a process of detailed
investigation which is used for documenting and detecting the process, culprits and
other consequences related to the incident (Pichan, Lazarescu and Soh 2015).
Incident response and forensic analysis fall under the same discipline which consists
of tools and data sets. Incident response is usually considered as the subset of the
forensic analysis discipline. Both types of researches require a strong foundation for
the analysis of the log and malware capabilities. Digital forensic analysis and incident
response process is related to each other as both of them are the applications of cyber
security forensic which is used to examine the malware attacks or any type of data
breach. The community of law enforcements uses the method of digital forensic
analysis using software and hardware in order to collect information and implement an
incident response plan from the network.
1.5 Marks
Course Learning
Outcome(s):
Chapter 11
LO 6: Recognize
processes to
implement and
enforce policy.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Understanding Cryptographic Security | Reportlg...
|9
|1754
|17
Cloud Technology for Organizational Operationslg...
|14
|2628
|305
COIT20262 - Advanced Network Security Assignment 1 Submissionlg...
|7
|1514
|20
Cryptocurrencies and their IMPACTS ON MONETARY POLICYlg...
|34
|13984
|205