IT Security and Policies: Assignment 2
VerifiedAdded on  2023/01/12
|10
|1829
|92
AI Summary
This assignment explores the concepts of digital certificates, incident response, and data protection laws in Saudi Arabia. It discusses the difference between sender and holder of digital certificates, the relationship between incident response and forensic analysis, and the two laws implemented in Saudi Arabia for data protection.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Assignmen
t 2
College of Computing and Informatics
Student Details:
Name:###
CRN:###
ID:###
Instructions:
This Assignment must be submitted on Blackboard (WORD format only) via the allocated
folder.
Email submission will not be accepted.
You are advised to make your work clear and well-presented, marks may be reduced for poor
presentation. This includes filling your information on the cover page.
You MUST show all your work, and text must not be converted into an image, unless specified
otherwise by the question.
Late submission will result in ZERO marks being awarded.
The work should be your own, copying from students or other resources will result in ZERO
marks.
Use Times New Roman font for all your answers.
IT Security and Policies
IT409
t 2
College of Computing and Informatics
Student Details:
Name:###
CRN:###
ID:###
Instructions:
This Assignment must be submitted on Blackboard (WORD format only) via the allocated
folder.
Email submission will not be accepted.
You are advised to make your work clear and well-presented, marks may be reduced for poor
presentation. This includes filling your information on the cover page.
You MUST show all your work, and text must not be converted into an image, unless specified
otherwise by the question.
Late submission will result in ZERO marks being awarded.
The work should be your own, copying from students or other resources will result in ZERO
marks.
Use Times New Roman font for all your answers.
IT Security and Policies
IT409
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Pg. 1 Question OneQuestion One
Question One
Q1) what is the difference between the sender and the holder of the digital
certificate? How to consider that a digital certificate is valid? How can one
obtain a digital certificate for one public key without disclosing the private key?
Answer: Digital certificates are issued by trustworthy third parties who are the
senders of the digital certificate to the receivers whereas holders of a digital certificate
may be an organisation or a person or any web entity or a software application to
whom the digital certificate is issued (Huston and Michaelson 2016). The senders of
the digital certificates or the trusted third-party authorities are considered as the private
key of the digital certificate whereas the holder of the digital certificates are considered
to be as the public key and like any other driving license or any other digital
certificates, it binds all information about its holder including the photographs.
A digital certificate is often valid for a period of 1 or 2 years from the date the
certificate is downloaded. But a subscriber needs to consider some method in order to
check the validity of the digital certificate in order to avoid some probable business
loss as a result of the expired certificate (Greene 2014)
In order to consider the validity of a digital certificate a ProxKey token is used which
notifies the subscribers about the validity balance of the certificate.
One can obtain a digital certificate for one public key without disclosing the private
key with the help of a a secured public key infrastructure. Public key cryptography is
one of the widely used secured policy infrastructure in order to protect the user by
ensuring the privacy of the private key to digitally sign the documents by only using
the public key operations by making use of modern operating systems, custom billing
systems and implementing commercial security products as its hardware and software
components.
Course Learning
Outcome(s):
Chapter 10
LO 2: Develop
security policies
and put in place
an effective
security
architecture that
comprises
modern hardware
and software
technologies and
protocols.
1.5 Marks
Question One
Q1) what is the difference between the sender and the holder of the digital
certificate? How to consider that a digital certificate is valid? How can one
obtain a digital certificate for one public key without disclosing the private key?
Answer: Digital certificates are issued by trustworthy third parties who are the
senders of the digital certificate to the receivers whereas holders of a digital certificate
may be an organisation or a person or any web entity or a software application to
whom the digital certificate is issued (Huston and Michaelson 2016). The senders of
the digital certificates or the trusted third-party authorities are considered as the private
key of the digital certificate whereas the holder of the digital certificates are considered
to be as the public key and like any other driving license or any other digital
certificates, it binds all information about its holder including the photographs.
A digital certificate is often valid for a period of 1 or 2 years from the date the
certificate is downloaded. But a subscriber needs to consider some method in order to
check the validity of the digital certificate in order to avoid some probable business
loss as a result of the expired certificate (Greene 2014)
In order to consider the validity of a digital certificate a ProxKey token is used which
notifies the subscribers about the validity balance of the certificate.
One can obtain a digital certificate for one public key without disclosing the private
key with the help of a a secured public key infrastructure. Public key cryptography is
one of the widely used secured policy infrastructure in order to protect the user by
ensuring the privacy of the private key to digitally sign the documents by only using
the public key operations by making use of modern operating systems, custom billing
systems and implementing commercial security products as its hardware and software
components.
Course Learning
Outcome(s):
Chapter 10
LO 2: Develop
security policies
and put in place
an effective
security
architecture that
comprises
modern hardware
and software
technologies and
protocols.
1.5 Marks
Pg. 2 Question OneQuestion One
Question Two
Q2) Describe the relationship between the incident response and the forensic
analysis.
Answer: Incident response: Incident response process is defined as a set processes
which aims at identifying, responding and investigating the potential incidents of
security in order to minimize the impact of the risk and by supporting rapid recovery
of the incident. Incident response plan is implemented by gathering information at any
step when possible (Schneier 2014).
Forensic analysis: Forensic analysis is defined to be a process of detailed
investigation which is used for documenting and detecting the process, culprits and
other consequences related to the incident (Pichan, Lazarescu and Soh 2015).
Incident response and forensic analysis fall under the same discipline which consists
of tools and data sets. Incident response is usually considered as the subset of the
forensic analysis discipline. Both types of researches require a strong foundation for
the analysis of the log and malware capabilities. Digital forensic analysis and incident
response process is related to each other as both of them are the applications of cyber
security forensic which is used to examine the malware attacks or any type of data
breach. The community of law enforcements uses the method of digital forensic
analysis using software and hardware in order to collect information and implement an
incident response plan from the network.
Course Learning
Outcome(s):
Chapter 11
LO 6: Recognize
processes to
implement and
enforce policy.
1.5 Marks
Question Two
Q2) Describe the relationship between the incident response and the forensic
analysis.
Answer: Incident response: Incident response process is defined as a set processes
which aims at identifying, responding and investigating the potential incidents of
security in order to minimize the impact of the risk and by supporting rapid recovery
of the incident. Incident response plan is implemented by gathering information at any
step when possible (Schneier 2014).
Forensic analysis: Forensic analysis is defined to be a process of detailed
investigation which is used for documenting and detecting the process, culprits and
other consequences related to the incident (Pichan, Lazarescu and Soh 2015).
Incident response and forensic analysis fall under the same discipline which consists
of tools and data sets. Incident response is usually considered as the subset of the
forensic analysis discipline. Both types of researches require a strong foundation for
the analysis of the log and malware capabilities. Digital forensic analysis and incident
response process is related to each other as both of them are the applications of cyber
security forensic which is used to examine the malware attacks or any type of data
breach. The community of law enforcements uses the method of digital forensic
analysis using software and hardware in order to collect information and implement an
incident response plan from the network.
Course Learning
Outcome(s):
Chapter 11
LO 6: Recognize
processes to
implement and
enforce policy.
1.5 Marks
Pg. 3 Question OneQuestion One
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Pg. 4 Question OneQuestion One
Question Three
Q3) A data breach occurs when the data for which your company /organization
is responsible suffers from a security incident resulting in a breach of
confidentiality, integrity or availability.
Law Name Description
Kind of data that
should be
protected
Fine for violation
Cyber Data
Protection
Telecom Data
Protection
Discuss the two laws implemented in Saudi Arabia for data protection by filling
the following table (www.lw.com/presentations/Data-Protection-in-the-
Kingdom-of-Saudi-Arabia).
Answer:
Law Name Description
Kind of data that
should be
protected
Fine for violation
Cyber Data
Protection
The Cyber Data
Protection law
of Saudi Arabia
is meant for
prohibiting the
interception of
data that is
transmitted via
Data contained in
any one’s personal
computer, bank or
credit information,
data that gets
transferred from
computers via
network
Accessing any one’s
computer with the
intention of
disrupting the data
stored will cause a
fine of 3,000000 in
addition to
imprisonment for a
Course Learning
Outcome(s):
Chapter 11
LO- 6: Recognize
processes to
implement and
enforce policy
1.5 Marks
Question Three
Q3) A data breach occurs when the data for which your company /organization
is responsible suffers from a security incident resulting in a breach of
confidentiality, integrity or availability.
Law Name Description
Kind of data that
should be
protected
Fine for violation
Cyber Data
Protection
Telecom Data
Protection
Discuss the two laws implemented in Saudi Arabia for data protection by filling
the following table (www.lw.com/presentations/Data-Protection-in-the-
Kingdom-of-Saudi-Arabia).
Answer:
Law Name Description
Kind of data that
should be
protected
Fine for violation
Cyber Data
Protection
The Cyber Data
Protection law
of Saudi Arabia
is meant for
prohibiting the
interception of
data that is
transmitted via
Data contained in
any one’s personal
computer, bank or
credit information,
data that gets
transferred from
computers via
network
Accessing any one’s
computer with the
intention of
disrupting the data
stored will cause a
fine of 3,000000 in
addition to
imprisonment for a
Course Learning
Outcome(s):
Chapter 11
LO- 6: Recognize
processes to
implement and
enforce policy
1.5 Marks
Pg. 5 Question OneQuestion One
information
network. Any
type of data
breach that
occurs leading
to breach of
data in the
banking sector
or within an
organisation
falls under this
law with some
strict penalties
and
imprisonment
for years (Lw
2019).
period of four years,
accessing anyone’s
bank related
credentials will cause
a fine of 2000000
with an
imprisonment of
three years and
violating the data
security policy by
causing interruption
between the data
transferred will lead
to a fine of 500000
with an
imprisonment of one
year.
Telecom Data
Protection
The Telecom
data protection
act of Saudi
Arabia is passed
by means of
protecting the
disclosure of
information of
the subscribers
or users of
telecom service
providers to the
third-party
authorities. It
also prohibits
the telecom and
internet service
providers from
monitoring the
communications
of their service
users.
It includes
protection of data
which are
transmitted via
network which
includes
information related
to the subscribers
of the telecom
provider to the
third parties.
Violating the law
will lead to a fine of
5000000 which is
about US$
1,333,333.
information
network. Any
type of data
breach that
occurs leading
to breach of
data in the
banking sector
or within an
organisation
falls under this
law with some
strict penalties
and
imprisonment
for years (Lw
2019).
period of four years,
accessing anyone’s
bank related
credentials will cause
a fine of 2000000
with an
imprisonment of
three years and
violating the data
security policy by
causing interruption
between the data
transferred will lead
to a fine of 500000
with an
imprisonment of one
year.
Telecom Data
Protection
The Telecom
data protection
act of Saudi
Arabia is passed
by means of
protecting the
disclosure of
information of
the subscribers
or users of
telecom service
providers to the
third-party
authorities. It
also prohibits
the telecom and
internet service
providers from
monitoring the
communications
of their service
users.
It includes
protection of data
which are
transmitted via
network which
includes
information related
to the subscribers
of the telecom
provider to the
third parties.
Violating the law
will lead to a fine of
5000000 which is
about US$
1,333,333.
Pg. 6 Question OneQuestion One
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Pg. 7 Question OneQuestion One
Question four
Q4) Effective information systems that can provide timely access to
comprehensive, relevant, and reliable information at the time of disasters, are
critical to humanitarian operations.
Discuss the two open source emergency management software for disaster by
filling the following table.
Emergency
Software Description Advantages Disadvantages
Sahana Eden
DisasterLAN
Answer:
Emergency
Software Description Advantages Disadvantages
Sahana Eden The Sahana
Eden software
is a free and
open kind of
emergency
software in
order to
provide
services by
helping in
solving critical
problems by
bringing in
efficiency
The features of
Sahana Eden helps
in designing the
disaster
management and
emergency
management
policies in order to
mitigate and
respond to the
disaster in an
effective manner.
As the emergency
software of Sahana
Eden is used in
different contexts it
becomes a
challenging task to
identify the specific
users and the
workflows for which
the solution is
particularly designed
for.
Course Learning
Outcome(s):
Chapter 12
LO - 5 : Analyze
and apply the
most appropriate
solutions to
problems related
to the field of
Security and
Information
Assurance.
1.5 Marks
Question four
Q4) Effective information systems that can provide timely access to
comprehensive, relevant, and reliable information at the time of disasters, are
critical to humanitarian operations.
Discuss the two open source emergency management software for disaster by
filling the following table.
Emergency
Software Description Advantages Disadvantages
Sahana Eden
DisasterLAN
Answer:
Emergency
Software Description Advantages Disadvantages
Sahana Eden The Sahana
Eden software
is a free and
open kind of
emergency
software in
order to
provide
services by
helping in
solving critical
problems by
bringing in
efficiency
The features of
Sahana Eden helps
in designing the
disaster
management and
emergency
management
policies in order to
mitigate and
respond to the
disaster in an
effective manner.
As the emergency
software of Sahana
Eden is used in
different contexts it
becomes a
challenging task to
identify the specific
users and the
workflows for which
the solution is
particularly designed
for.
Course Learning
Outcome(s):
Chapter 12
LO - 5 : Analyze
and apply the
most appropriate
solutions to
problems related
to the field of
Security and
Information
Assurance.
1.5 Marks
Pg. 8 Question OneQuestion One
towards the
response of the
disaster
coordination
between
organisations
and the victims
themselves
(Manic et al.
2014).
It can also provide
valuable solution
for practicing
emergency
management and
domains of social
development
Disaster LAN
The Disaster
LAN
emergency
software is a
web-based
incident
management
system which
provides tools
for sharing
situational
awareness and
information
related to
workflow
(Duc, Vu and
Ban 2014).
The emergency
software of
DLAN uses
tools to initiate
real time
communication
by helping
teams to
respond to
issues.
DLAN emergency
software simplifies
missions, tasks and
management
resources by
allowing critical
information to be
shared quickly
through secured
communication
features.
DLAN balances the
affordability and
the convenience of
COT system with
the capability of
providing
customized solution
to organisations.
Some characteristics
of Disaster LAN
emergency software
takes too much time
to learn and some of
the aspects of the
software interface are
not intuitive.
Another drawback of
DLAN is there are
some few strange UI
quirks in the
software.
towards the
response of the
disaster
coordination
between
organisations
and the victims
themselves
(Manic et al.
2014).
It can also provide
valuable solution
for practicing
emergency
management and
domains of social
development
Disaster LAN
The Disaster
LAN
emergency
software is a
web-based
incident
management
system which
provides tools
for sharing
situational
awareness and
information
related to
workflow
(Duc, Vu and
Ban 2014).
The emergency
software of
DLAN uses
tools to initiate
real time
communication
by helping
teams to
respond to
issues.
DLAN emergency
software simplifies
missions, tasks and
management
resources by
allowing critical
information to be
shared quickly
through secured
communication
features.
DLAN balances the
affordability and
the convenience of
COT system with
the capability of
providing
customized solution
to organisations.
Some characteristics
of Disaster LAN
emergency software
takes too much time
to learn and some of
the aspects of the
software interface are
not intuitive.
Another drawback of
DLAN is there are
some few strange UI
quirks in the
software.
Pg. 9 Question OneQuestion One
References:
Duc, K.N., Vu, T.T. and Ban, Y., 2014. Ushahidi and Sahana Eden open-source
platforms to assist disaster relief: geospatial components and capabilities.
In Geoinformation for Informed Decisions (pp. 163-174). Springer, Cham.
Greene, S., 2014. Security program and policies: principles and practices.
Indianapolis, Indiana : PEARSON IT CERTIFICATION.
Huston, G. and Michaelson, G., 2016. The Profile for Algorithms and Key Sizes for
Use in the Resource Public Key Infrastructure (No. RFC 7935).
Lw.com. (2019). [online] Available at: https://www.lw.com/presentations/Data-
Protection-in-the-Kingdom-of-Saudi-Arabia [Accessed 1 Apr. 2019].
Manic, M., Wijayasekara, D., Amarasinghe, K., Hewlett, J., Handy, K., Becker, C.,
Patterson, B. and Peterson, R., 2014, March. Next generation emergency
communication systems via software defined networks. In 2014 Third GENI Research
and Educational Experiment Workshop (pp. 1-8). IEEE.
Pichan, A., Lazarescu, M. and Soh, S.T., 2015. Cloud forensics: Technical challenges,
solutions and comparative analysis. Digital Investigation, 13, pp.38-57.
Schneier, B., 2014. The future of incident response. IEEE Security & Privacy, 12(5),
pp.96-96.
References:
Duc, K.N., Vu, T.T. and Ban, Y., 2014. Ushahidi and Sahana Eden open-source
platforms to assist disaster relief: geospatial components and capabilities.
In Geoinformation for Informed Decisions (pp. 163-174). Springer, Cham.
Greene, S., 2014. Security program and policies: principles and practices.
Indianapolis, Indiana : PEARSON IT CERTIFICATION.
Huston, G. and Michaelson, G., 2016. The Profile for Algorithms and Key Sizes for
Use in the Resource Public Key Infrastructure (No. RFC 7935).
Lw.com. (2019). [online] Available at: https://www.lw.com/presentations/Data-
Protection-in-the-Kingdom-of-Saudi-Arabia [Accessed 1 Apr. 2019].
Manic, M., Wijayasekara, D., Amarasinghe, K., Hewlett, J., Handy, K., Becker, C.,
Patterson, B. and Peterson, R., 2014, March. Next generation emergency
communication systems via software defined networks. In 2014 Third GENI Research
and Educational Experiment Workshop (pp. 1-8). IEEE.
Pichan, A., Lazarescu, M. and Soh, S.T., 2015. Cloud forensics: Technical challenges,
solutions and comparative analysis. Digital Investigation, 13, pp.38-57.
Schneier, B., 2014. The future of incident response. IEEE Security & Privacy, 12(5),
pp.96-96.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.