Description
professionally paraphrase this Portfolio paper add new references and create 15 slides ppt.
Unformatted Attachment Preview
1
Course Title: Information Assurance
Paper Title: Portfolio
Portfolio Paper
In our detailed study on the broad spectrum of Information Assurance, I had the opportunity
to undertake various projects for the course and delve into topics that technically appraised us
on the core details and critical information concerning Information Assurance (IA) as well as
other relative Information Systems (IS) electives. Further note that this paper will also
endeavor to highlight diverse ideas through a comparative analysis model on the legislative
provisions of the General Data Protection Regulation (GDPR) as well as those articulated
within the California Consumer Privacy Act (CCPA).
In 2018, the Digital Guardian distinguished and contrasted different aspects of Information
Assurance and information protection. Lord, N affirmed that these two functions were key
and crucial in the field of Information Technology. The definition of Information Assurance
(AI), is focused on measures adopted by organizations and individuals to protect and defend
information systems through the integration of non-repudiation, confidentiality, integrity,
availability, and authentication features within the information systems. Therefore,
organizations undertake to provide an environment that protects data and handles it in a
quality and reliable manner that facilitates ease of retrieval.
In this Information Assurance class, we point out progressive ways to be used in the
safekeeping of sensitive data while facilitating risk management in a way that maintains the
quality of data. In the end, we looked at information management systems and policies, the
development, and implementation of policies, as well as audits that ensure the effective use
2
of network infrastructure to protect systems from malicious attacks. As per the National
Security Agency, Information Security Assessment Methodology is exhibited through
auditing, data backups, contingency plans, training and awareness programs, and
configuration management (Lord, N., 2018).
While focusing on the Client – Server Security domain and case study, we collectively
managed to showcase a PowerPoint presentation that used digital forensics to present a case
on robbery fiction and a security class on a Database application. These Information
Assurance study sessions were designed to showcase how the Python tool can read the text in
the form of a captcha within text boxes during the Electronic–Commerce segments.
Similarly, we explored Intrusion Detection and Prevention, Data Analytics, Systems that
focus on advanced cases of Cryptography, as well as Information Technology Risk
Management and Security Policy.
Comparative Analysis of the Provisions of the General Data Protection Regulation
(GDPR) and those of the California Consumer Privacy Act (CCPA).
While undertaking the enlightening Client – Server Security classes, I had the privilege of
having an in-depth study on diverse comparisons that arose from the application of the
General Data Protection Regulation (GDPR), as well as the California Consumer Privacy Act
(CCPA). First and foremost, we affirm that all business operations have been based around
the critical detail of privacy and to be specific on the aspect of handling organizational data
records, as well as those of their esteemed consumers and customers. It is also worth noting
that a greater percentage of an organization’s success depends on how the holder of this
information handles, uses, or even stores it. As such, data protection experts have encouraged
these organizations that hold sensitive consumer information to not only protect the said
information at all costs but also ensure that this information remains secure and private at all
3
times. This, therefore, propels us to the point of noting that these two Acts of the Government
that focus on data protection must facilitate the protection and security of the customers’ data
from malicious breaches, and prohibited access or even use of the customer’s information by
unscrupulous users from within the organization or outside
In April 2016, the European Union approved and adopted ‘The General Data Protection
Regulation’ into law with the key objective of facilitating progressive data protection reforms
within the European Union and member states. In other words, the adoption of the GDPR
marked the dawn of a new era within the digital space in the EU within which the authorities
developed common standards and legislation that sought to protect consumer data from
breaches. Drafters of this legislation within the European Union envisioned a digital future
that was primarily enshrined in the aspect of trust. This, therefore, prompted the development
of an Act that would enable consumers to have control over their detail(s) and information.
As such, provisions of the General Data Protection Regulations (GDPR) have been
formulated to only allow organizations to obtain and utilize their customers’ data within strict
and regulated spaces which are bound by legal consequences. This is to ensure that
inappropriate and unregulated exploitations as well as misuse of consumer data are limited
and is while adhering to the legislation that focuses on the protection of consumer rights.
This, therefore, means that the GDPR will ensure that all procedures employed in the
processing of the collected customer data, such as names, biometric data, images, physical
addresses, as well as IP addresses remain to be compliant with the law(s), secure and
acceptable as from 25th May 2018 when this legislation came into effect.
On the 1st day of January 2020, the state of California adopted the California Consumer
Privacy Act (CCPA) which came into effect from this date, to address numerous grievances
and issues raised by consumers in line with the handling and use of their private and
4
confidential information by companies and organizations within this developed state in the
United States of America. A classic example of a high-ranking organization that was put in
the spotlight about data breaches concerning their consumers was Yahoo. Such companies
were said to have exposed their clients’ sensitive data to malicious attackers who ended up
prompting online pilferage that triggered scandals. With this leak that triggered online
scandals, most of the online subscribers to a series of platforms were seen to question how
these companies that collected their private details were handling and protecting them.
Having drawn inspiration from the General Data Protection Regulation (GDPR) that had
been passed into law in the European Union, authorities in the United States of America
developed the urgency of coming up with a similar law that would focus on protecting their
consumers’ rights to privacy and prevent malicious attacks. In that wavelength, the
authorities came up with the California Consumer Privacy Act (CCPA) which sought to
foster stronger privacy measures that accommodated openness and transparency in handling
individuals’ data. In the end, the California Consumer Privacy Act came up as a platform that
enabled consumers to exercise their right to security, ownership as well as control of their
private information while presenting the consumer with the opportunity to sue organization(s)
if their private information is traded off and/or presented to other actors without the consent
of the owner.
In the end, quite a several organizations with an annual revenue volume of amounts north of
$25 million were economically destabilized. Most of these companies were said to have
served more than fifty thousand consumers whose data they had turned into a gold mine that
they would present for sale to the highest of bidders. Based on this legislation, authorities put
in place punitive measures for cases of a data breach that would involve the misuse of
consumer data. A good example is the effecting of fines of $7,500 for a breach that involved
5
the inappropriate use of consumer data without their express consent as of 1st July 2020. In as
much as we have highlighted the primary and core objectives of these two Acts on Data
Protection, we also noted that they share several differences, as well as similarities based on
the legal space, area of enforcement, specific rights, as well as a mode of enforcement within
these two diverse jurisdictions.
The Significance of Decision Support Systems in the Field of Information Assurance
Under this detailed section of Information Assurance, we managed to delve into aspects of
Big Data Analytics, Business Process and Transactional Databases, Dimensional Modeling,
CUBE Design, Data Visualization, Extract Transform Load, Association Analysis, as well as
Cluster Analysis Predictive Analytics. During these interactive class sessions, we were also
exposed to the use of tools like Tableau, JMP, GEPH, SSDT for Visual Studio, and MS SQL
Server which are crucial in the analysis of significant amounts of data. Last but not least, we
managed to get into contact with several decision support systems that focus on fostering
levels of interaction as well as efficacy when it comes to the provision of services within the
organization(s). With data visualization skills, individuals can process information more
efficiently.
The Place of Convenient, Safe, and Secure E-Commerce in the 21st Century
While terming the world a global village, the authors of the phrase envisaged a scenario
where Electronic – Commerce took over the contemporary ways of doing business. In other
words, people are now able to transact, buy and sell goods and/or services over the internet
within a flick of a second. This form of transaction has majorly taken the global web by
storm since people are now able to obtain goods from thousands of miles away by just keying
commands and channeling money across both mobile and web money services to complete
these transactions. In this interesting class session, we managed to cover several online
6
Electronic – Commerce channels that seek to foster Business Business (B2B), Customer to
Customer (C2C), Customer to Business (C2B), as well as Business to Customer (B2C).
While focusing on these distinct forms of business transactions, we delved into aspects of
Electronic Commerce automation alongside the application of API integration in most
electronic commerce software(s). During a project for the entire group, we managed to use
the Python tool to not only read ‘captcha’ but also type or rather insert text in the text box(s).
We noted the ‘Completely Automated Public Turing Test to Tell Computers and Humans
Apart (CAPTCHA)’ to be a test that focuses on the challenge – responses to differentiate
between human and machine input. The study further revealed that we have several captchas
that are used to differentiate between human and machine input by permitting persons to
make corrections to a series of letters to come up with a sensible word or form. To pass this
test, one is required to match the letters in the form to those in the distorted image. While this
sounds easy to people, the same remains to be a difficult venture for a computer to input such
letters in the text box to match the case for the distorted image. In very special instances,
programs can be uploaded into the computer(s) to complete such kinds of tasks. From the
group project, we managed to develop a captcha solver with the aid of python tools like
Amazon Rekognition and OpenCV. The solver was able to write and debug several codes
which also ended up reading ‘captcha’ and writing an appropriate solution within a text box.
Such kind of skills has in one way or another other advanced the electronic commerce space
since they have fostered security authentication while fostering the online marketing space by
encouraging new users to come aboard and exploit the available pool of customers while
keeping in mind the fact that their data options are safe and protected through different forms
of authentication and security features. Last but not least, participants and users of these
platforms are considered to enjoy a wide array of benefits that range from advanced
7
advertisement options to their potential customers to convenient and fast ways of conducting
business within the comfort of our homes.
Safe Security Policy in the Space of Information Technology (IT) Risk Management
Under this detailed part of Information Assurance, we had the opportunity to interrogate
different types of risks that individuals and organizations tend to face when they opt to store
their private and confidential information digitally or in internet-based spaces. In other
words, we were able to point out numerous security issues that can be associated with the use
of internet cloud technology to store sensitive credentials and the need to come up with
credible, strong, and impenetrable measures to facilitate appropriate risk management when it
comes to data protection. Similarly, we managed to interrogate the policies put in place by
authorities to contain breaches as well as measures to constantly develop security policies
that are up to date with the changing forms of risks and threats to internet security.
Earlier in this paper, we noted that most businesses in this modern era tend to rely more on
technology to facilitate key operations and activities. In as much as technology tends to pose
greater advantages to the business domain, we noted that security threats were constantly
evolving with the change in internet trends. As such, for us to reduce costs as well as the risk
that organizations are subjected to, we noted the need to not only come up with agile
measures to foster proper risk management but also protect the organization from potential
threats from viruses, hackers, attackers, as well as infrastructure failures that may result in
loss of internet which eventually disrupts the normal operations of the businesses. In other
cases, we were able to point out several human errors that were likely to cause system failure
or even trigger computer crashes which eventually disrupt specific aspects of service
delivery, business continuity, and safety of the equipment and infrastructure, as well as
8
tarnishing the reputation of these organizations which tentatively fail to attain their set goals
and targets.
To properly manage risks, organizations are required to point out the specific threats
affecting them and then assess their impact on the output of the organization, as well as their
general impact on the operations of the business before highlighting notable ways of securing
the systems. Our study revealed that managing IT risks within the company and/or
organization ought to start with the training of employees and equipping them with skills that
enable them to prevent triggering any possible risks to the organization(s).
Research further showed that organizations are required to have in place a written set of rules
and regulations that stipulate the key steps to be followed and executed to either protect the
organization from threats or contain such threats if they have been witnessed within the
organizational space. These provisions are usually set out in an elaborate step-by-step
procedure on how to handle risky situations within the organization.
For organizations that rely on technology to effectively run their day-to-day activities, several
policies need to be put in place, and these include; Business Continuity Plan, Remote Access
Policy, Access Control Policy, Information Security Policy, Communication Policy, Change
Management Policy, Acceptable Use Policy, Incident Response Policy, as well as a Disaster
Recovery Policy.
Similarly, experts in Information Assurance are required to have several Certifications to
enable them to tackle these security risk issues and these are; Certified Cyber Threat Hunting
Professional, Certified Expert Penetration Tester, Certified Security Awareness Practitioner,
Certified Data Recovery Professional, Certified Computer Forensics Examiner, Certified
Cloud Penetration Tester, Certified Mobile Forensics Examiner and Certified Reverse
Engineering Analyst. At the end of the training, knowledge in the field of Security Policies
9
and Risk Management within the sphere of Information Technology will play a big role in
protecting and securing the data of individuals and organizations through the setting up of
water-tight security systems which are safe and up to date.
Utilizing Digital Forensics in the Era of Information Assurance
When we refer to Digital Forensics, our main area of focus majorly revolves around the class
of Forensic Science which primarily highlights related to computer usage. Additionally, the
revelation of such crimes entails detailed processes of identification, collection, and analysis
of samples of evidence to arrive at a conclusive result and analysis. After identifying the
specific results, experts will go ahead and document or even report such results with the aid
of digital devices. Digital Forensics has majorly focused on bettering crime research by way
of fostering efficiency and accuracy when it comes to investigations within the digital and
internet spaces.
Based on the details of our study, we can confidently point out that Digital Forensics is
majorly utilized in the examination of digital devices to identify samples and specimens and
preserve and analyze these samples before presenting the evidence in digital format. Digital
forensics has majorly been used to examine and analyze samples and evidence obtained from
autopsy exercises and thereafter digitally present the results. As such, the entire process of
conducting investigations through the digital forensic method encompasses the identification
of evidence, careful collection of samples, and analysis and documentation of the samples,
before the presentation of the actual results.
Research further indicated that Digital Forensics can be articulated through 4 notable classes
and these include; software forensics, media forensics, cyber forensics, as well as mobile
forensics.
10
In line with Digital Forensics, we had the opportunity to look at a fictional incident of
robbery which was referred to as the ‘Windsor Locks Robbery. In the scenario, we had two
parties namely; Joe and Marry. The two managed to rent out a section of their house through
the Craigslist website. Similarly, two friends, CJ, and Smith posed as potential individuals to
lease out the property and considered the opportunity as a perfect one to go ahead and
defraud Joe and Marry. After reaching out to Joe and Marry, CJ and Smith went ahead to
inspect the house and in the process, they took pictures of the door locks and any other details
necessary to enable them to break in and rob the couple. A few days later, the house was
broken into and money, as well as jewelry, was stolen. Joe and Marry went ahead to report
the robbery with CJ and Smith being the main suspects. While conducting investigations,
investigators questioned the two suspects and discovered an excel sheet showing the amount
of money they had stolen from a series of other robberies, alongside pictures of door locks
and jewelry from Joe and Marry’s house. They had also left a message on the computer
noting their intention to steal. Investigation indicated that CJ and Smith had also conducted
searches on how to break door locks and this was on the computer’s search history.
With the series of prints obtained from the crime scene, investigators noted that the same
matched the fingerprints of CJ and Smith. This was thus evident that the two had broken into
Joe and Marry’s house and thereafter stole the jewelry and money. In the end, we were able
to point out the notable application of diverse forensic data analysis methods alongside skills
used by experts to analyze evidence, as well as the resources required to conduct the detailed
forensic examination from the point of collecting samples to that of analyzing them and
coming up with conclusive results to the crime scene.
Intrusion Detection and Prevention of Malicious Attacks in Online Networks
11
During our Information Assurance class sessions, we managed to look into the specific
details in line with the detection of any intrusion of computer networks from malicious
network traffic as well as ways of handling cases of such intrusions to restore normal
operation or even prevent such forms of intrusions shortly. This class also exposed us to the
use of firewalls as well as antivirus software to curb and prevent malicious and targeted
attacks from hackers.
There were some critical topics of study that we managed to study and these included;
Introduction to Suricata IDS/IPS, the Introduction to IPTables & HoneyNet, advanced
Intrusion Detection Environment, Introduction to TCPdump, Introduction to Zeek (Bro) IDS,
as well as the Intrusion Detection and Prevention Concepts + Rhapis IDS Simulator. With
these reputable skills, individuals can handle equipment used to detect malicious intrusion
and attacks which eventually results in securing organizations’ information technology
systems while coming up with programs that focus on risk mitigation for the business and
eventually minimize losses.
Safety and Security of Database Management Systems in Organizations Security
To perfectly protect the state of data presented by consumers to organizations, we identified
the use of the Database Management System (DBMS) that focuses on curtailing many
malicious attacks launched against private data through the internet. In our IA class, we
managed to work as a group to point out some of the crucial Database Management Systems
that can be used by organizations to enhance data safety. Similarly, we had the opportunity to
interrogate the effectiveness of the Oracle NoSQL, Cassandra DB, CouchDB, as well as the
MongoDB. These Database Management Systems were noted to have different and diverse
approaches when it comes to effecting security details in line with data protection. Be that as
it may, we were also able to compare the different security features of these Database
12
Management Systems based on features of access control, authentication, security groups,
backup and restoration services alongside encryption of data while in transit. In the end, we
discovered that every independent Database Management System had a unique set of
strengths and weaknesses in the plot to safeguard client data. As such, organizations should
choose DBMS that perfectly cater to their security requirements and therefore protect their
data sets. Similarly, learners can undertake specific data transformation sessions with the aid
of these Database Management Systems (DBMS) which eventually transform data entered
into the DBMS system and matches it to the needs of the end user.
Developing Safe and Secure Cryptography Protocols
With the increasing number of online data attacks, experts have highlighted the essence of
protecting data with the aid of cryptography-related methods to ensure that encrypted
information gets to the intended use without any form of pilferage or tapping from
middlemen across the web. Cryptography protocols have been noted to enable users to not
only transmit data in a safe manner but also in a way that ensures that the intended recipient
will be the only person to access such data. Under this specific branch of Information
assurance, we managed to look at the Caesar cipher, Asymmetric – Key algorithms,
Symmetric – Key algorithms, Hill and Rail Fence Cipher, Block Ciphers as well as the Data
Encryption Standard. The key objective of utilizing these algorithms was to ensure that the
users were able to secure organizational data and communication from malicious attackers at
their level best.
Having undertaken this set of projects throughout our Information Assurance class,
we are well placed to acknowledge the place of the key components of information
assurance, and these focus on fostering confidentiality, availability of information, the
authenticity of the information, integrity of the processes, as well as acknowledgment of the
13
principle of non – repudiation. Based on these class sessions, learners are exposed to the
notable application of a wide array of tools used to foster the safety of our credentials and
information across online platforms while also developing the skills to handle these different
and critical skills in different environments and scenarios. When the government takes
initiative to work alongside learning institutions to provide students with skills that enhance
creativity and confidence, then the chances of graduates coming forth to resolve some of
these complex issues relating to data security breaches are generally on an advanced sphere.
As such, these experiences will not only furnish us with the skills to address information
assurance issues but also pump us with the confidence to address such issues with significant
amounts of zeal and energy. In the end, we look forward to an era whereby graduates from
this program are not only able to secure the digital space of organizations but also make the
global sphere a safe space to safely transact with your data while acknowledging the safety of
the systems.
Advanced CIA Triad System of Data Protection
When we talk about the “CIA Triad” system, we are generally referring to an advanced
model that focuses on Information Technology Security. In other words, this system ensures
that the system is in a position to tick the crucial and necessary boxes concerning the terms of
IT Security. Based on the initial of the CIA triad, we noted that C stood for Confidentiality,
whereas I and A represented Integrity and Availability respectively.
When we talk about Confidentiality checks, we note that users can protect sensitive data from
unauthorized access while also pointing out different forms of information based on different
levels that allow specific users to only access information that is designated for them. Under
this system, users can analyze the impact of the breach of confidentiality, as well as evaluate
the amount of damage occasioned through unauthorized access points while also highlighting
14
the perfect ways of countering such breaches. To boost confidentiality concerning data
protection, individuals and organizations are implored to undertake training in Database
Application Security.
On the aspect of ‘Integrity’, we focus on protecting the data from intrusive and
destructive measures that encompass deletion, edition, or even modification of data from its
original setting and format. In this Triad system of data protection, organizations can
designate specific users as being the only ones who can do any form of editing whereas the
other parties remain within the read-only space. A good example of this type of data
protection method that fosters integrity is that of cryptography which ensures that data is not
distorted by any other third party before the message or data reaches its designated recipient.
This also affirms that the levels of encryption in such systems are on another level and
therefore preventing middlemen interruptions.
Last but not least, we managed to highlight the bit of Availability of data which has
been made possible by the development of user-friendly software that is fast, secure, and easy
to use. Such programs are meant to ensure that cases of power outage and connectivity are
addressed in a highly effective manner that ensures that data is freely available to its users
and without any unexpected interruptions.
Summary and General Trends and Prospective of the IA Field
The 21st Century boasts of progressive advancements made possible through the adoption of
technology. Similarly, the internet has significantly transformed how individuals and
organizations transact and even relate. While several businesses are working towards
15
collecting their consumers’ data to enable them to serve the clients more effectively, we
observe that most of the details and confidential information collected are either used for
inappropriate reasons and more so without the express of the owner(s). This form of data
abuse may arise from cases of data phishing and is thereafter used to inappropriately direct
traffic based on the preference of the consumer.
In as much as this data is supposed to make the online trading experience easy and lively for
the consumer, organizations have gone further to undertake indirect tracking of the customer
information without permission or even from third parties who sell it at the expense of the
owner’s privacy detail. In these modern times, we noted that numerous businesses had
popped up with the key objectives of collecting and selling consumer information. Most of
this information is usually tapped from some social media platforms that allow their users’
information to be collected and used at a fee by other third-party organizations.
These organizations will then analyze the data and come up with a business-related
advertisement plan for the specific consumer which is dependent on the customer’s behavior
and preferences. The organization then aligns its business plan through the advertisement that
fosters increased sales and profits. In as much as some of these details are used for a good
cause, some of the people who procure these details might opt to engage in malicious
activities that target specific accounts and even money wallets for their fraudulent activities.
In the last few years, we saw companies like Facebook and Yahoo in the spotlight for
exposing their users’ data to malicious attacks and pilferage from hackers.
With the development of legislations like the GDPR in the European Union and CCPA in the
United States of America, authorities have come up with policies to protect the customers’
data as well as stipulating restrictions for individuals who intend to cause havoc through
malicious attacks based on individuals’ data. In as much as there is a major surge in the
16
number of hackers and attackers, we are encouraged to focus on practices that instill aspects
of integrity, availability, confidentiality, and authentication while working alongside
Information Assurance (IA) experts.
Last but not least, we encourage organizations to restore trust on the part of their consumers
by giving assurance that their confidential data is well taken of. As we embrace numerous
aspects of technological advancements, we should also remember that we need to adapt to
change and train experts to meet the emerging trends in the technological space and
eventually protect our data across the globe.
Purchase answer to see full
attachment
