Expert answer:Need computer science help with the Critical Analy

Answer & Explanation:Can someone help with writing a critical analysis for each case study:Identify 3 or more points of analysis that can be used in a critical analysis for each Case Study. Here are some suggestions:Web application architectureWeb vulnerabilitiesCommon attacks against Web servers and Web applicationsMobile application (app) security risks and vulnerabilitiesMobile application (app) security architecturesRubric :Critical Analysis.docxCase Study 1: Case Study 1 (No Fake).docxCase Study 2: Case Study 2 (Digital Government Mission).docxPlease include all details within the rubric
critical_analysis.docx

case_study_1__no_fake_.docx

case_study_2__digital_government_mission_.docx

Unformatted Attachment Preview

Critical Analysis & Discussions Rubric
On-Time Posting
Critical Analysis #1
Critical Analysis #2
Quality of Critical Analyses
Quality of Critical Analysis #1
Quality of Critical Analysis #2
References for Critical Analyses
References in Critical Analysis
#1
References in Critical Analysis
#2
On Time
10 points
Posted first critical analysis of another
student’s Case Study before 11:59PM
Eastern Time Thursday.
10 points
Posted Critical Analysis of a second
student’s Case Study before 11:59PM
Eastern Time Thursday.
Excellent
20 points
Posted a clear, concise, and thorough
critical analysis of another student’s
Case Study (3 or more points of
analysis).
20 points
Posted a clear, concise, and thorough
critical analysis of a second student’s
Case Study (3 or more points of
analysis).
Excellent
5 points
Includes 3 or more scholarly /
authoritative sources of information in
the response and correctly cites each
reference using in-text citations and a
reference list.
5 points
Includes 3 or more scholarly /
authoritative sources of information in
the response and correctly cites each
reference using in-text citations and a
reference list.
Timing of Comments in Critical
Analysis Threads
Comments in First Critical
Analysis Thread
Comments in Second Critical
Analysis Thread
Quality of Comments to Critical
Analyses
Comments in First Critical
Analysis Thread
Comments in Second Critical
Analysis Thread
On Time
5 points
Completed posting comments to
another student’s critical analysis
before 11:59PM Eastern Time
Saturday.
5 points
Completed posting comments to a
second student’s critical analysis before
11:59PM Eastern Time Saturday.
Excellent
10 points
Posted a complete and coherent
response to a fellow student’s critical
analysis. Fully addresses the student’s
work and adds value to the discussion.
10 points
Posted a complete and coherent
response to a fellow student’s critical
analysis in a second thread (different
from the first). Fully addresses the
student’s work and adds value to the
discussion.
Digital Government Websites,
STOPFake.gov
Abstract
Digital government analysis of one of the US Federal Government
websites and how it provides content in keeping with the Digital
Government initiative. This security overview of Department of Commerce
STOPfakes.gov which provides a one stop shop for businesses and
consumers to report loss of Intellectual property to the appropriate
authorities. As many agencies transition to Federally mandated websites to
provide services that keep up with the pace of technology, while protecting
the information hosted by the web servers.
Introduction
To bring the United States government into the 21st century President
Obama has instituted the Digital Government initiative. This initiative is
designed to bring the Federal Government websites current and secure.
As citizens are able to utilize multiple means to access websites from
desktops to mobile phones the government needs to design websites that
keep pace with current technology (“Digital,” n.d.). Digital Government is a
part of the Open Government directive where unclassified data that the
government gathers is made accessible to citizens (Orszag, 2009). Digital
Government is defined as to “Unlock the power of government data to spur
innovation across our Nation and improve the quality of services for the
American people” (“Digital,” n.d.). Providing an inter operable platform to
gather information from multiple sectors and datasets allows for ease of
use by the customer while giving extra capabilities to other agencies will
help drive the Digital Government in to the 21st century (“Digital,: n.d.;
“National,” 2011).
STOPfakes.gov
The website that will be audited in this paper is STOPfakes.gov is
designed by the Department of Commerce to serve as a one-stop shop for
U.S. government tools and resources on intellectual property rights (IPR)
(“About STOPfakes,” n.d.). STOPfakes provides information for
businesses and consumers on how to protect their intellectual property (IP)
as well as who to contact if they inadvertently purchased counterfeit
merchandise. With the links provided the user can pin point the agency
they need to contact to open a claim for their situation. Leading the way
Department of Commerce is in the top 3 agencies of the US Federal
Government to establish a strong Digital Government Internet presence
providing quality websites during the first phase of the initiative (“State,”
2011).
Website Services
STOPfake is an shared platform website that many agencies utilized share
information about IP and protecting it in a centralized location that making
it easier for the consumer to gather information. This is done to “alleviate
the burden on individual agencies, preventing duplication, and spurring
innovation to strengthen governance” (“Digital”,n.d.). As many of the
agencies that are covered by this website are all sectors of the Department
of Commerce this helps with overall mission of Commerce. Clients of
STOPfakes are users that are primarily looking at submitting claims for
stolen IP or determining and reporting fake products. For businesses they
provide information on IP through patents, trademarks, copyrights and
trade secrets and the resources to contact for a breach in their IP.
Website Security
Under National Institute of Standards and Technologies (NIST) Federal
Information Processing Standards (FIPS) 199, STOPfakes has a low
impact because the Confidentiality, Integrity and Availability of the
information is public non-privacy information that is accessible from many
other sites accessed by anyone (“Standards,” 2004). The main security
issue that I noticed with STOPfakes is that the website wasn’t protected
with any form of encryption, but because there is not private information
being processed on this website.
Website Architecture Security Issues and Best Practices
When designing a website most developers don’t take security into the
development process. As more users are accessing websites “agencies need to
continue to integrate effective security and privacy measures into the design and
adoption of all new technologies” (“Digital,” n.d.). NIST provides guidance on
implementing security in development through “a risk management approach that
involves continually balancing the protection of agency information and assets
with the cost of security controls and mitigation strategies” (Kissel, 2008).
Cyber Vandalism
Maintaining a website can be a major undertaking for any corporation, as the
Federal Government this becomes a harder undertaking as they are constantly
targeted for political reasons. Just like physical government locations their
websites are susceptible to Vandalism. Protecting the website from vandalism is
just as important as having a plan with stakeholders with responses to mitigating
an incident after it has happened (“Readiness,” 2015). With leadership knowledge
of potential attacks and risks associated with a particular public facing medium
will allow the agency to quickly recover from the attack.
Denial of Service Attacks
Adversaries use many methods to disrupt the services of a target, one of them is
Distributed Denial of Service (DdoS) (Wilshusen, 2015a). These attacks utilizes a
group of systems to constantly access a server to overload it and take it off line
affecting the availability of the service (Harris, 2013). There are many ways of
protecting servers from this attack through the use of firewalls and proxies to
monitor and limit malicious traffic to the system and network. Another way of
protecting against DDoS attacks is through the use of clusters of web servers and
load balancing to spread the load of users accessing the server to keep from
inadvertently causing a DDoS during high utilization.
Malicious Code
An attacker is more likely to obtain access to a network and via a back door
implemented by malware installed on a workstation or server. Malware in 2014
comprised 11 percent of all information security incidents in the Federal
Government (Wilshusen, 2015a). Because of this NIST requires that all Federal
Information Systems (FIS) have a centrally managed malicious code scanner
installed on the network and to scan all disk drives and files introduced to the
information system (“Security,” 2013).
Protecting Against Unauthorized Disclosure
In June 2015 it was disclosed that Office of Personnel Management in DC had a
security breach that affected over 4 million Federal employees (Wilshusen,
2015b). With millions of employees affected by this breach the US Government
Accountability Office (GAO) has recommended that the Federal Government
assess and implement stronger security controls on FIS to protect against breaches
in security. Some of the security controls include Separation of Duties and
implementing Risk-based Cyber Security programs.
Separation of Duties. By implementing and requiring the separation of certain
tasks utilized in the process of modifying and security controls on the network
allows for an auditing and analysis of the change to validate the risk to the
infrastructure (Harris, 2013). Enhancing this oversight in the process provides
protection against insider threats to the network that can lead to an information
breach (Wilshusen, 2015b).
Risk-based Cyber Security Programs. Implementing Risk analysis into the
security posture of the network allows for develop and implement the appropriate
security controls to protect the infrastructure (“Security”, 2013; “National,” 2011;
Wilshusen, 2015b). With the implementation of the Risk Management Framework
(RMF), Agencies will be able to property follow and configure FIS IAW all
federally mandated laws, regulations and mandates (”Guide,” 2010). Through the
implementation of RFM continuous monitoring and assessment will allow for
variably validating the risk associated with a system on the network and provide
enhanced mitigations and security controls as roles and situations change
(“Guide,”2010).
Conclusion
Digital Government provides an avenue for the Federal Government to constantly
adapt and grow to the ever changing landscape of the Internet. By instituting the
Digital Government initiative will provide websites that allows enhanced openness
to the citizens of the US while protecting the confidentiality, integrity and
availability of the data, Agencies need to stay abreast of technological innovations
while enhancing current ones to meet the ever growing demands to access them
(“Digital,” n.d.). While providing data to the people Agencies need to protect the
FIS through multiple means while following all mandated laws and regulations for
that program. STOPfakes.gov provides a great resource of IPR for it’s audience
while following the spirit of the Digital Government initiative.
References
About STOPfakes. (n.d.). Retrieved November 5, 2015, from
http://www.stopfakes.gov/about
Digital Government: Building a 21st Century Platform to Better Serve the
American People. (n.d.). Retrieved November 5, 2015, from
https://www.whitehouse.gov/sites/default/files/omb/egov/digitalgovernment/digital-government.html
Guide for applying the risk management framework to federal information
systems a security life cycle approach (Rev. 1. ed.). (2010). Gaithersburg,
MD: U.S. Dept. of Commerce, National Institute of Standards and
Technology.
Harris, Shon. ( © 2013). Cissp all-in-one exam guide, sixth
edition. [Books24x7 version] Available
fromhttp://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=5
0527.
Kissel, R. (2008). Security considerations in the system development life
cycle (Rev. 2. ed.). Gaithersburg, MD: U.S. Dept. of Commerce, National
Institute of Standards and Technology.
NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN CYBERSPACE.
(2011, April 15). Retrieved November 6, 2015, from
https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_0
41511.pdf
Orszag, P. (2009, December 8). M-10-06 MEMORANDUM FOR THE
HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES Open
Government Directive. Retrieved November 5, 2015, from
https://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_20
10/m10-06.pdf
Readiness, Recovery, Response: Social Media Cyber-Vandalism Toolkit.
(2015, January 27). Retrieved November 8, 2015, from
https://www.digitalgov.gov/resources/readiness-recovery-response-socialmedia-cyber-vandalism-toolkit/
Security and privacy controls for federal information systems and
organizations(Rev. 4 ed.). (2013). Gaithersburg, MD: U.S. Dept. of
Commerce, National Institute of Standards and Technology.
Standards for security categorization of federal information and information
systems FIPS PUB 199. (2004). Gaithersburg, Md.: National Institute of
Standards and Technology.
State of the Federal Web Report. (2011, December 16). Retrieved
November 8, 2015, from http://breakinggov.sites.breakingmedia.com/wpcontent/uploads/sites/4/2011/12/state-of-the-web.pdf
Wilshusen, G. (2015a). Cybersecurity: Actions needed to address
challenges facing federal systems.
Wilshusen, G. (2015b). Cybersecurity: Recent data breaches illustrate
need for strong controls across federal agencies.
Overview of the Digital Government Mission
Digital government is the on-going mission of the United Nations, the
United States and several other developed nation’s to utilize the internet
and web applications for delivering timely and accurate government
information to citizens, employees, businesses as well as between other
government agencies (UN Department of Economic and Social Affairs,
2014). Technologies referenced in the Digital Government are items such
as a federal agencies website, a chat forum to gather public opinion and
any online web application used to communicate and exchange
information with the public.
Requirements for Federal Agencies
Federal agencies that provide information and/or services available via
web applications for the purpose of communicating and exchanging
information with the public are required to follow the requirements of the
Federal Information System Management Act (FISMA). FISMA mandates
that federal agencies much comply with the two mandatory standards
Federal Information Processing Standard 199 and 200, for securing
information and the information systems used for storing and providing
information by federal agencies (NIST, 2006). Federal agencies are
required to implement both standards, FIPS 199 and FIPS 200, as crafted
by the National Institute of Standards and Technology (NIST) for the
federal government.
NIST provides the following three publications to address security issues
with information systems security and web applications as well as
guidance on how federal agencies can securely exchange information on
the internet:
NIST Special Publication Series 800-53r4: Security and Privacy
Controls for Federal Information Systems and Organizations This
publication provides federal agencies as well as any organization in the
public/private sector with a list of customizable privacy and security
controls that align accordingly to the different types of information systems,
methods of information exchange and asset’s risk categorizations (NIST,
2013). All the controls provided are customizable to meet the needs of
each organization or federal agency and are recommended to be used as
part of an organization-wide security program for protecting sensitive
information and securing information systems (NIST, 2013).
FIPS 200: Minimum Security Requirements for Federal Information
and Information Systems
This standard provides information for seventeen different security-related
areas that required minimum security implementations in Federal agencies
(NIST, 2006)
FIPS 199: Standards for Security Categorization of Federal
Information and Information Systems This required security standard
provides guidance for how to categorize federal agency information and
information systems based on the assets risk level and the level of impact
associated with a loss of confidentiality, integrity and availability (NIST,
2004). The level of risk is determined based on the information type and
specific level of impact; low, moderate, high (NIST, 2004). By
appropriately categorizing the agencies information assets and
determining the appropriate level of impact for each, the appropriate
security controls can be applied to ensure security.
Security Issues Associated with the Web Architecture and Web
Applications
The use of web applications for the exchange of information can present
considerable risk for any organization, especially when it comes to
delivering sensitive information to end users, which federal agencies often
do. At the most basic level the web architecture itself provides very little
security for transferring data to and from an end users browser to the web
application they’re interacting with (UMUC, 2015). This web application in
turn interacts on the end user’s behalf with the web server or database
server to deliver the user’s request to the database in the form of a query.
The queried database then searches for and returns the end users
requested content or information back to the web application to be
displayed to the end user.
An example of how this process is commonly performed is easily seen with
web applications like an online shopping website where a user selects
products they want to purchase. When a user searches for a product on
the website, these items become “requests” that are sent to the product
database server. Upon receiving a “request” from that web application the
product database server would then search for and retrieve the items
specified and then provide this content and perhaps the price details
associated, back to the web application to be displayed for the end user.
This method of communication between the end user, their web browser,
the web application and the supporting server creates a large attack
surface for vulnerabilities to exist and be exploited. This example shows
why federal agencies are required to implement the necessary security
standards outlined by the NIST.
The following list details some of the most common web application
security threats found today.
Cross-Site Scripting (XSS) Attacks This type of attack occurs when a
web application is vulnerable and accepts input from users that it should
not. An attack can then inject malicious code into a web application that
causes unsuspecting web users either be compromised by stealing their
web browser cookies (which include sensitive user information) or being
redirected to a look-alike site where they unknowing enter their sensitive
information but instead of it going to a legitimate site, it goes to the attacker
(EC-Council, 2010).
SQL Injection Attacks SQL (structured query language) attacks occur
when a web application that is not properly secured and passes malicious
code back to the database to process resulting in the attackers ability to
bypass authentication requirements and communicate directly with the
database (UMUC, 2015). This enables the attacker to gain access to
information they do not have authorization to access.
Business Logic Vulnerability Exploits Business Logic vulnerabilities
exist when a web application is poorly coded in development and is not
securely created resulting in misconfigurations in process functions and
missing processes to handle faulty input. Attackers leverage these
vulnerabilities to get the web application to interact in a way it was not
intended to, typically providing unauthorized access to sensitive
information.
Analysis & Recommendations for the Consumer Finance Website
The Department of Consumer Finance public-facing website provides
financial information and oversees services provided by mortgage lenders
and banks to consumers who seek loans and information (CFPB, n.d.).
The information is financial in nature and applicable to mortgages or other
financial informa …
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades