Data and System Security Assignment: Comprehensive Solution and Review

Verified

Added on 2020/03/04

AI Summary

This document presents a comprehensive solution to a data and system security assignment. It addresses various aspects of data and system security, including examples of confidential information, SQL injection, and buffer overflow. The solution explores security models like the Take-grant protection model, Bell-La Padula model, and others. It also covers essential components of a security policy, the role of a security architect, the concepts of authentication and authorization, and SQL commands for managing database object permissions. Furthermore, the assignment discusses network architectures (client-server and peer-to-peer), the use of encryption, and the design of a typical enterprise hierarchical LAN campus network. Finally, it examines the role and benefits of intranets in organizations. The document is well-structured and referenced, providing a thorough understanding of the subject matter.

Running head: DATA AND SYSTEM SECURITY
Data and System Security
Name of the Student
Name of the University
Author’s note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1DATA AND SYSTEM SECURITY
Table of Contents
Answer to question 1:.....................................................................................................2
Answer to question 2:.....................................................................................................2
Answer to question 3:.....................................................................................................2
Answer to question 4:.....................................................................................................2
Answer to question 5:.....................................................................................................3
Answer to question 6:.....................................................................................................3
Answer to question 7:.....................................................................................................4
Answer to question 8:.....................................................................................................4
Answer to question 9:.....................................................................................................5
Answer to question 10:...................................................................................................5
Answer to question 11:...................................................................................................5
Answer to question 12:...................................................................................................5
Answer to question 13:...................................................................................................6
Answer to question 14:...................................................................................................6
References......................................................................................................................7

2DATA AND SYSTEM SECURITY
Answer to question 1:
The examples of confidential information are- name, date of birth, age, sex and
address, individual plans, current contact details of closed ones, reports or assignments,
medical history or records, personal health and cure issues, service records and document
advance notes (Hannah & Robertson, 2015).
Answer to question 2:
SQL Injection is "a code mixture procedure that enterprises a security shortcoming
that occurs in the database layer of a software application". SQL Injection is a champion
among the most understood web hacking techniques (Shar & Tan, 2013). SQL infusion is the
position of harmful code in SQL Injections, through site page input. SQL Injections can
control data and deteriorate or delete tables of the database.
Answer to question 3:
Buffer overflow alludes to any case in which a program composes past the finish of
the memory designated for any support including on the load, and not simply on the stack
(Pang et al., 2016). For instance, while coding if any coder composes past the finish of an
array apportioned from the heap, at that point the coder has caused a buffer overflow.
Answer to question 4:
Organizations need to guarantee that their associations know about controls, create
approaches to fuse the necessities, and create systems to guarantee consistence with the
directions. The dangers to one’s association of noncompliance are criminal, common,
statutory, administrative or authoritative punishments (Spring, 2014). The improvement
and execution of authoritative security arrangements and measures will augment consistence
and limit the assets your association needs to spend to experience inward and outer

3DATA AND SYSTEM SECURITY
consistence reviews. Therefore, the information security professionals need to know the laws
counterfeit cybercrimes.
Answer to question 5:
Take-grant protection model, Bell-La Padula model, Lattice-based access control
(LBAC), Biba model, Brewer and Nash model, Multi-level security (MLS), Clark-Wilson
model and Graham-Denning model, Mandatory access control (MAC), Harrison-Ruzzo-
Ullman (HRU), High-water mark (computer security), Non-interference (security,) Object-
capability model, Role-based access control (RBAC), Protection ring, Discretionary access
control are some other security models other than CIA traid (Alexeev et al., 2017).
Answer to question 6:
The four components of a security policy are purpose, scope, responsibilities and
compliance
Purpose involves the goals of the program, as Advanced recuperation times, Lessen
expenses or layoff because of mislaying of information, Diminishment in mistakes for both
framework alteration and operational actions, Management of overall availability, integrity
and confidentiality and Regulatory consent (Spring, 2014).
Scope involves Procedures, Facilities, Technology, Employees, Lines of business.
Responsibilities regarding the usage and administration of the arrangement are
appointed in this section. Hierarchical units are possible task candidates.
Compliance accommodates the arrangement's implementation. Depict neglected
exercises and punitive contemplations plainly. In any case, the substance of this area is inane
unless a powerful mindfulness program is set up.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4DATA AND SYSTEM SECURITY
Answer to question 7:
It is the duty of a security architect to get an entire comprehension of an organization's
innovation and data frameworks, plan, research and outline strong security structures for any
IT anticipate, perform weakness testing, hazard investigations and security appraisals,
examine security models, security frameworks and verification conventions, create
prerequisites for local area networks (LANs), wide area networks (WANs), routers, design
public key infrastructures (PKIs), firewalls, and related network devices, virtual private
networks (VPNs), including use of certification authorities (CAs) and digital signatures, get
ready cost evaluates and recognize mix issues (Spring, 2014).
Answer to question 8:
Authentication is the way toward recognizing a client's character. It is the
mechanism of associating an approaching solicitation with an arrangement of recognizing
qualifications.
Authorization is the way toward conceding or denying access to a system resources.
The main stage is authentication, which guarantees that a client is who he or she
claims to be (Ayed et al., 2014). The second stage is authorization, which permits the client
access to different resources in view of the client's personality.
Answer to question 9:
SQL GRANT REVOKE Commands, SQL GRANT Command, SQL REVOKE
Command are the three orders for overseeing database object permissions.

5DATA AND SYSTEM SECURITY
Answer to question 10:
Network architectures are classified into two broad categories- client-server
architectures and peer-to-peer architectures (Spring, 2014). Client-server architectures are
commonly organized into Two-tier architecture, Three-tier architecture and Multi-tier
architecture.
Answer to question 11:
Encryption is not used in the core layer, if used it will slow down the connectivity
within the network campus (Carrie & Wilshire, 2013). The employees or the workers within
the intranet will have to access the system via login id, password, if they want to
communicate with each other they will have to communicate with each other through secure
encrypted tunnel.
Answer to question 12:
A typical enterprise hierarchical LAN campus network design can be classified into
three layers:
Access layer: Workgroup/client entry to the network is provided by the access layer.
Distribution layer: Policy-based connectivity is provided by the distribution layer
and it controls the limit between the core and access layers (Beletskaya et al., 2013)
Core layer: Quick transport is provided between appropriation switches within the
enterprise campus
Answer to question 13:
Encryption is not utilized as a part of the core layer, if utilized it will back off the
availability inside the network campus (Carrie & Wilshire, 2013). The employees or the

6DATA AND SYSTEM SECURITY
workers inside the intranet should get to the framework by means of login id, secret word, in
the event that they need to speak with each other they should speak with each other through
secure encrypted tunnel.
Answer to question 14:
Intranet is utilized for profitability, corporate interchanges, streamline process, goad
cooperation, learning administration; it permits a focal correspondence region for the whole
organization (Beletskaya et al., 2013). Many individuals work in remote areas, hence, it helps
give a feeling of connectedness to the organization overall paying little mind to where
somebody is found.
Intranets have been very successful in keeping correspondence open with
representatives, obviously, it is fundamental that your workers sign into the intranet a few
times every day. Many organizations make the intranet the default start-up page from any
browser inside organization, which makes it simpler for workers to make sure to sign in for
critical data.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7DATA AND SYSTEM SECURITY
References
Alexeev, V. S., Bavykin, D. V., Fedorov, A. V., Gleyzerman, E. A., Ilyushin, A. V.,
Kazarkin, L. A., ... & Yakovlev, E. A. (2017). U.S. Patent No. 9,690,944.
Washington, DC: U.S. Patent and Trademark Office.
Ayed, D., Bichsel, P., Camenisch, J., & den Hartog, J. (2014, June). Integration of data-
minimising authentication into authorisation systems. In International Conference on
Trust and Trustworthy Computing (pp. 179-187). Springer, Cham.
Beletskaya, S. Y., Zolnikov, V. K., Kravets, O. J., Lapshina, M. L., & Podvalny, E. S. (2013).
Specific features of modeling and developing the mathematical and program software
for designing intranet-interfaces during competitive development of information
systems. World Applied Sciences Journal, 23(12), 64.
Carrie, M., & Wilshire, J. C. (2013). U.S. Patent No. 8,612,650. Washington, DC: U.S. Patent
and Trademark Office.
Hannah, D. R., & Robertson, K. (2015). Why and how do employees break and bend
confidential information protection rules?. Journal of Management Studies, 52(3),
381-413.
Pang, J. N. K., Watts, M. S., Parandehgheibi, A., & Yadav, N. (2016). U.S. Patent
Application No. 15/136,791.
Seo, J. H., & Emura, K. (2013, January). Revocable Identity-Based Encryption Revisited:
Security Model and Construction. In Public Key Cryptography (Vol. 7778, pp. 216-
234).
Shar, L. K., & Tan, H. B. K. (2013). Defeating SQL injection. Computer, 46(3), 69-77.
Spring, M. (2014). Toward realistic modeling criteria of games in internet security.

1 out of 8

Data and System Security Assignment: Comprehensive Solution and Review

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Database Security: SQL Injection, Authentication and Authorization

Analysis of Security Concepts, Network Architecture, and Threats

SQL Injection Attack Techniques and Database Security Analysis

Griffith University 7002ICT: Australian Post ERP System Design

+13062052269

info@desklib.com