Académique Documents
Professionnel Documents
Culture Documents
COURSE NAME:
Planning and Managing IT
Infrastructure
HOMEWORK 4
• Centralized Architecture:
Software Application resides on a Central Server. For full redundancy, the
computer system is backed up by another system. The system allows access
and forward events to other consoles on network. The centralized
Architecture for distributed application, which may involve multiple
processes and depends on one central process to serialize all events.
Serialization is necessary to make sure that actions performed by multiple
participants in a conversation are in a single consistent order, so that all
participants will perceive a consistent view of the order of events.
Client-server architecture:
• Not Fail
• Extensible to extent.
• Easily Maintained.
• Easily debuggable.
• Loosely coupled among integrated components/modules.
• Platform independent if possible.
• Documented enough so that can be viewed in papers.
• Optimizable coding
PART B:
Q.4) various ethics standards are set for the ethical officer of a
corporate? What are those standards and what are the potential
advantages of following those standards?
Answer:
Principles, which when followed, promote values such as trust, good
behavior, fairness, and/or kindness. There is not one consistent set of
standards that all companies follow, but each company has the right to
develop the standards that are meaningful for their organization. Ethical
standards are not always easily enforceable, as they are frequently vaguely
defined and somewhat open to interpretation ("Men and women should be
treated equally," or "Treat the customer with respect and kindness."). Others
can be more specific, such as "Do not share the customer's private
information with anyone outside of the company."
• Determine corporate values
• Create ethics & compliance training programs
• Guide employees in making the right decision
• Create reporting systems
• Investigate reports of unethical activity
• Report to executive management and the Board of Directors
Duties of the Ethics Officer
The duties of the city Ethics Officer include, but are not limited to the
following:
5. Conduct meetings with any or all of the departmental and agency ethics
officers as well as senior management to discuss or provide advice on ethics
issues;
6. Obtain copies of all reports and disclosures made pursuant to state law by
persons subject to the Code if such reports and disclosures are substantially
similar to reports and disclosures required under the Code and if a person
may rely on such state report or disclosure pursuant to Section 602.455 to
eliminate filing similar information under the Code;
9. Review the Code and other applicable laws and regulations periodically
and recommend any appropriate changes to the Ethics Commission;
10. Act as the liaison between the Ethics Commission and the officers and
employees of the city;
Use the latest tools to fight the problem – some companies offer
technologies and services to help corporations fight and overcome these
issues. Waiting for your customers to inform your company about specific
abuses or searching your brand names is not enough.
Whilst everyone knows that the business impact of the internet is growing,
comparatively few recognise that the opportunities for cybercrime are also
growing, and exponentially.
Brand owners have a clear economic incentive to take action, with their
heavily invested reputations under attack from a sophisticated and well
organised set of cybercriminals intent on profiting from their good name at
every turn.
Q.6) there are various types of attacks possible on the information a
company contains; make a list of these attacks by taking suitable
examples?
Answer:
Introduction:
This is age of information technology if there is some profit but also the fear
of many security attacks by the hackers or crackers. Today is the person is
doing his work through using the modern technology.
The first half of 2008 has seen an explosion in threats spread via the web, the
preferred vector of attack for financially-motivated cybercriminals. On
average, Sophos detects 16,173 malicious WebPages every day - or one every
five seconds. This is three times faster than the rate seen during 2007.
Threats
The domain interfaces can be subject to various types of threats, for example:
Logical or Network:
(0) Telephone/voicemail security is often forgotten about; threats involve
attackers telephoning cheaply internationally, listening to voicemail messages
and possibly unauthorized access to the Intranet (if an interface to the Intranet
exists).
(1) Dial-up networks can be an easy entry point for attackers, as they are
often less well protected or monitored than Internet connections. Typical
attacks are identity spoofing leading to unauthorized access. Analog
connections are easier to eavesdrop.
(3) Connections to vendors/partners are often not secured enough, due to lack
of time/resources, or belief in security through obscurity. They can be used as
an attack point by Partner organizations (Partners don't always stay
partners...) and also for attackers who have already penetrated the Partner's
network.
Threats: unauthorized access, denial of service.
(4) Wide area networks are used to extend the corporate Intranet to many
remote areas. The cabling probably passes through public zones. The
complexity of Wide Area Networks can serve as a deterrent to attackers, but
is it enough? How much can you trust network providers? The main threats
are eavesdropping, denial-of-service and possibly identity spoofing.
Social / Personal:
(5) Social engineering can be used to trick personnel into divulging
information or providing access.
The other key threats are misuse of privileges, illegitimate use and mistakes.
Physical:
(7) Many people who are not employees will have access to buildings in one
way or another. Threats include theft, damage and copying.
(8) Sensitive information, if not securely disposed of, will yield a valuable
resource to attackers. The main threat is unauthorized access to information.
Other physical threats include laptop theft, natural disasters and loss of media
during transport.
These threats can result in critical information being lost, copied, deleted,
accessed or modified, or services no longer functioning (loss of
confidentiality, integrity or availability).