Premium Essay

Security Standard and Its Real World Application

In: Computers and Technology

Submitted By ashley062115
Words 404
Pages 2
Assignment 4.4
For this assignment I have been asked to relate a well-known law to real-world applications, so for this assignment I decided to discuss the Sarbanes-Oxley Act I am going to explain what it is then list two real life businesses this Act falls under.
The Sarbanes-Oxley Act was passed in 2002 and was enacted in response to a series of high-profile scandals that took place in the early 2000’s at companies such as Enron, Tyco, and WorldCom they rattled the confidence of investors. Sox was drafted by congressmen Paul Sarbanes and Michael Oxley what they aimed for was improvement on corporate governance and accountability. Sox was not just intended for corporations it was also meant for IT Departments that were in charge of storing the corporation’s electronic records. This law has a tremendous amount of regulatory standards all companies must comply with these standards. This law helps keep the corporation form going downhill and having to deal with a massive burden. This law asks that both corporations and IT financial department work together in ensuring that financial, corporate and technological controls provide accurate financial reports. The most important element of sox compliance is providing evidence that the financial applications and the supporting systems and services are completely secure to make sure that the financial reports can be trusted. This isn’t just used for corporations or IT departments it is also used for the public as well here are a couple of examples are places like the District attorney’s office (DA), and the Securities and Exchange Commission. If you think about it this law is very valuable to corporations and to the public because this helps in making sure that all the accurate information is used and that it can be trusted. This law is very help DA because it helps them make sure they can run smoothly and make sure since…...

Similar Documents

Free Essay

Information Security in the Digital World

...INFORMATION SECURITY IN THE DIGITAL WORLD NAME Abstract Information security is the process of detecting and preventing unauthorized users access to your network, computer, and ultimately your personal information. Information security is huge and many casual users do not even think about it, or if they do, only as an afterthought. This is one of the worst things that you can do in this day and age especially with the abundance of technology in our everyday lives. Everyone should care and be concerned about all levels of information security as a breach in security could mean financial ruin, personal embarrassment, stolen trade secrets, and much more. Intruders come from a wide variety of places and could be someone as simple as your next door neighbor stealing wireless internet from you to Chinese agents stealing classified weapon system designs from the US government. With the complexities of software these days there will always be vulnerabilities to expose and utilize which is why every user needs to stay on top of their own security. This typically means applying the latest operating system and software patches, maintaining a firewall and up to date virus scanning software, being intelligent about where you web surf and what you click on, and just being as smart in the digital world as you are in the physical world. This paper will cover some of the types of network attacks that are out......

Words: 1542 - Pages: 7

Premium Essay

Web Application Security

... 1. Create a Word document and name it CS680-Assignment_7_FirstName_LastName.doc(x) (with your name substituted for first name and last name). 2. Part I: put questions in the above file with their respective question numbers and answers, for the following: • From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 • From the GREMB book -- Chapter 10, Review Questions 2 to 20 even pp. 275-277 3. Part II: visit the following three sites: • http://www.ieee.org • http://www.PMI.org • http://www.webappsec.org For Each of the three sides find three societies or special interest groups that deal with security, application security, or Web application security. Write a synopsis of what the organization does, and how the society or special interest group can help you become more successful Web developer when it comes to implementing security into your software design. This question must be answered with at least 60 words each part with proper citations, proper references, and formatting. Combine the answers into the same above file. From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 2. _____________ is concerned with what an identity is allowed to do. Authorization 4. What is the main purpose of the "Negotiate" authentication protocol? Negotiate is one of the six authentication protocols that are widely used today. Negotiate is the protocol that picks one of the available authentication methods for a system. Negotiate implements......

Words: 2041 - Pages: 9

Premium Essay

Policy Making in the Real World

...POLICY MAKING IN THE REAL WORLD Evidence and Analysis Michael Hallsworth, with Simon Parker and Jill Rutter 1 Contents About this report Executive summary 1. 2. 3. 4. 5. 6. 7. 8. 9. Introduction: The Institute’s Better Policy Making theme Why look at policy making? The drive to professionalise policy making The gap between theory and practice Process Qualities Structures Politics Improving policy making 3 4 15 16 22 30 38 46 64 80 100 103 104 10. Annex A: Methodology for survey of policy characteristics 11. Annex B: The Policy Skills Framework Contents 2 About this report This report is one of three that the Institute for Government is releasing as part of its research into policy making in government. It provides both an in-depth look at attempts to reform policy making over the last fourteen years and draws on both interviews with senior civil servants and ministers, in the last government, to look at the experience of policy making. It also draws on our analysis of government’s own evaluations of policy, our ‘Policy Reunions’ looking at the factors behind policy success and the extensive academic literature on policy making. As such, it forms the evidential and analytic base for our recommendations report, Making Policy Better. This report is largely the work of the Institute for Government’s Senior Researcher Michael Hallsworth. In its early stages, the research was led by former Institute Fellow, Simon Parker, and in the later stages was......

Words: 49085 - Pages: 197

Premium Essay

Mobile Application Security

...SECURING A MOBILE WORLD Introduction Today’s smartphones and tablets are more than communication devices. They are hip-mounted personal computers, with more memory and processing power than your laptop of just a few years ago. They are an integrated part of our lives… personal and professional. The information they provide is so vital that the Army is piloting their use as standard field issue to every soldier, complete with combat-focused applications [1]. However, smartphones and tablets raise new security issues. They are more likely to be lost or stolen, exposing sensitive data. Malware risks are increased because they connect to the Internet directly rather than from behind corporate firewalls and intrusion-protection systems. Security of mobile devices focuses on controlling access through the use of device locks and hardware data encryption. While this may be sufficient for individual users, it is insufficient for defense needs. Many documented examples exist of hacking of the device lock, as well as defeats of the hardware-level encryption. Once the device is unlocked, there is generally unfettered access to all apps and their associated data. Military applications require additional application-level access controls to provide data security. Unfortunately, there are gaps in the application-level security model of the two predominant mobile operating systems: iOS from Apple and Google Android. Our ongoing research1 looks to address these gaps by developing......

Words: 4009 - Pages: 17

Free Essay

Application Security

...The safer , easier way to help you pass any IT exams. Exam : 000-139 Title : IBM Certified Specialist IBM Rational AppScan, Standard Ed Version : Demo 1/3 The safer , easier way to help you pass any IT exams. 1. In which three areas does AppScan test for vulnerabilities? A. the network layer, the web application, the web server B. the operating system, the web application platform, the database C. the web application, the web server, the web application platform D. the web application platform, the network layer, the web server Answer: C 2. After 30 minutes your scan stops with an out-of-session error. What is a possible cause of this error? A. Redundant path limit was too low. B. A parameter was not tracked. C. Flash parsing was turned off. D. Platform authentication was not configured. Answer: B 3. How does an attacker exploit Web application vulnerabilities? A. by hacking the firewall B. by installing viruses on a users machine C. by sending malicious HTTP requests D. by sniffing the traffic between a user and the Web server Answer: C 4. What does a Cross-site Scripting vulnerability allow an attacker to do? A. execute a malicious script on the Web server B. change the Web server configuration C. steal a users session tokens D. drop database tables Answer: C 5. Which type of vulnerability allows an attacker to browse files that shouldnt be accessible (e.g. *.bak, 2/3 The safer , easier way to help you pass any IT exams. "Copy......

Words: 286 - Pages: 2

Free Essay

Application of Vm in Real Estate

...Application of Value Management in Construction Industry | | | Value Engineering “The systematic application of recognized techniques by multi-disciplined team which identifies the function of a product or process, establishes a worth for the function, generates alternatives through creative thinking and provides the needed function reliably at lowest overall cost.” Value engineering tries to provide appropriate functions at appropriate cost maintaining performance, quality, reliability or maintainability and safety. VE analyzes a function or method by asking such questions as: * What it is? * What does it do? * What must it do? * What does it cost? * What other material or method could be used to do the same job? * What would the alternate material or method cost? The essence of value engineering lies in the following four points: 1. Focus on Function Value engineering is the function oriented revision design, and hence facilitates deeper thinking. It is not cost reduction or cheapening process. 2. Step by Step approach Value Engineering is a step by step approach aimed at achieving desired function. The whole Value Engineering workshop involves following basic steps to be followed: * Project Selection Phase * Information Phase * Function Analysis Phase * Creative Phase * Evaluation Phase * Recommendation Phase * Implementation Phase * Feedback to Management 3. Emphasis on......

Words: 2768 - Pages: 12

Premium Essay

Application of Various Case Studies to Real-World Organizational Behavior.

...Application of various case studies to real-world organizational behavior. Introduction The case: “Rhonda Clark: Taking Charge at Smith Foundation” (McShane & Von Glinow, pg. 319) is a vignette about the hiring of Clark as the CEO of the Smith Foundation. The Board that hired her is somewhat dysfunctional. She faces many challenges in dealing with the board. Clark has to use her influence, abilities, networking and power to maneuver the board so that she can accomplish the goals she has set for the Smith Foundation. The following is an analysis of the effectiveness of her sources of power and the types of influence she used at the Smith Foundation. 1A. Power Let’s see how “A Model of Power in Organizations” applies to Clark’s situation. We will also identify and discuss both Clark’s sources of power and any contingencies of power. Goltz and Hietapelto say, “In the operant model of power, leadership is defined as being an individual’s skill in using the consequences under his/her direct or indirect control to influence behavior toward goals that will obtain rewards for the unit.” And I think being a good contingency manager is an important attribute of a good leader. Clark used a variety of differing powers to deal with the board, the types of powers she used consisted of legitimate, reward, coercive, expert and referent. Clark used female members of the board with “referent power”, she used this power to influence them by having them identify with her. She used......

Words: 1792 - Pages: 8

Premium Essay

Real World Applications

...true today as it was nearly 6 years ago. Everyone is struggling somewhere, somehow. It is important to have game plans and be able to adapt and overcome any situation that may directly affect you or your company personally or from other companies that affects yours from a distance. I am the owner of a retail dry goods store with a maximum of 100 employees. Most of our customers are employees from an automotive support industry who just announced they are relocating to Mexico. The relocation of this company will hinder our sales as well as our organization. My goal is to analyze the challenges our organization will face using OD principles and how would I apply OD principles in order to ensure the continued operation of my company. As our world changes amongst us, we have to evolve with it or we will find ourselves evaporating as a whole. That is where using the OD principles can help us to break down the problems that we are facing and help us to find either solutions or be on the road to finding solutions to make sure that we make it through these challenges. The first step of the principles suggests that changes to the organization and change relies on value based decisions. Using the value based decisions I would get together with the managers and supervisors of each department to gather their ideas and opinions. Getting everyone on the same page to understand what the actual story is and what is going on will help to eliminate any rumors that may lead to......

Words: 869 - Pages: 4

Premium Essay

Unit 10 Assignment 1: Examine Real-World Implementations of Security Standards and Compliance Laws

...UNIT 10 ASSIGNMENT 1: EXAMINE REAL-WORLD IMPLEMENATATIONS OF SECURITY STANDARDS AND COMPLIANCE LAWS CIPA stands for The Children's Internet Protection Act. It is a bill that was signed into law in December 2000, and was to be constitutional by the United States Supreme Court in June 2003. It requires schools K-12 and libraries to have internet filters to protect children from harmful online content that blocks access to “visual depictions” on the Internet that are obscene, child pornography or harmful to minors. Meaning any picture, image, graphic image file, or other visual depiction that has been taken as a whole and with respect to minors, appeals to an excessive interest in nudity, sex, or excretion; depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors. The law also states that a school or library may disable the technology protection measures concerned, during use by an adult, to enable access for bona fide research or other lawful purpose. Public Schools and Public Libraries must comply with CIPA to be able to take advantage of E-rating discounts for telecommunication resources and LSTA grants for various programs. The act has several requirements......

Words: 502 - Pages: 3

Free Essay

Web Application Security

...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute......

Words: 1620 - Pages: 7

Free Essay

Real World Physics

...REAL WORLD PHYSICS Did you know that Physics and Sports cannot be separated? In sports, athletes need to apply the concepts of Physics. But the application of Physics is not just limited to the machineries but also on how people should move the parts of their body. If successfully applied, well it can increase an athlete’s performance. But there are far more reasons why I believe Physics is a spectator of sports: firstly the physics of ice skating or figure skating which was shown in the movie Ice Princes that I recently watched; second, the physics of playing basketball and lastly, the physics of archery. To start off, the movie Ice Princess is the perfect example wherein Physics was applied into sports. Remember Isaac Newton’s first law of motion? Which states: An object at rest stays at rest and an object in motion stays in motion with the same speed and in the same direction unless acted upon by an unbalanced force. (Mckinley, 2000) It is also known as inertia, and the very main reason why ice skaters glide smoothly on ice with the help of friction simply because there is less friction on ice. It is truly amazing on how the girl in the movie successfully applied Physics in figure skating. Another argument I have is, when your playing basketball. Physics is applied and can be seen when basketball players shoot the ball into the ring. As seen in the viral game angry birds, it basically shows and applies the concept of projectile motion wherein before the bird flies, a...

Words: 570 - Pages: 3

Premium Essay

Examine Real-World Applications of Security Standards and Compliance

...EXAMINE REAL-WORLD APPLICATIONS OF SECURITY STANDARDS AND COMPLIANCE Children’s Internet Protection Act (CIPA) is a bill that the United States Congress proposed to limit children's exposure to pornography and explicit content online. Once the bill was passed the Congress required schools and libraries to E-Rate discounts on Internet access and internal connections to purchase and use a technology protection measure on every computer connected to the Internet. These conditions also applied to a small subset of grants authorized through the Library Services and Technology Act (LSTA). In order for the schools and libraries that use the E-Rate discount is to have an internet safety policy that will include technology protection measure for each computer with Internet access. They must be able to block or filter to pictures that are obscene, child pornography, and/or harmful to minors. This only applies when access my minors. Adults can disable the technology protection measure while using the computers. Schools or libraries that don’t use the technology protection measure on received discount for telecommunication. If the schools or libraries use the technology protection measure must hold at least one public hearing to address the internet safety policy. Below you will find the items that need to be address during the hearing: • Access by minors to inappropriate matter on the Internet; • The safety and security of minors when using electronic mail, chat rooms and other......

Words: 372 - Pages: 2

Premium Essay

Science Mets Real World

...SCIENCE MEETS REAL LIFE 2 The scientific method is the set of actions that one takes when trying to figure something out. It is based on the principle of cause and effect (Ward). By definition there must be five steps in order for the scientific method to occur. The first action is observing something that piques one’s curiosity. The second action, questioning, may occur simultaneously. Something is seen, and questions come into the observers mind like “Why does that work like that?”, or “What would happen if…” The third action is called the hypothesis, which everyone remembers from grade school means, an educated guess. This can also be referred to as a prediction. Logically, the fourth step is to test this hypothesis through experimentation. Finally, an explanation is created as a result of testing the hypothesis (Pruitt, 2006). It is important to note that the experimentation phase of the scientific method can be a very lengthy one. The results of experiments may support one’s hypothesis, but further experimentation may be needed to account for other factors or scenarios. If the experiment does not support the hypothesis, more research may be needed as to why. More experiments will follow. Experimenting can raise more questions, which may require one to start the process over from the first step again. People use the scientific method numerous times every day, without ever thinking of it. While the phrase “scientific method” normally conjures up......

Words: 1581 - Pages: 7

Free Essay

Application Security on Windows and Linux

...Abstract This document will briefly discuss the need and methods of patch management, the importance and considerations of a written business security policy and cross-platform security. Contents Table of Contents 1 Abstract 2 Contents 2.1 Table of Contents 2.2 Table of Figures 2.3 List of Tables 3 Patch Management 3.1 Patch Management Defined 3.2 Patch Management Applications 3.3 Patch Management Scripting 4 The Written Business Security Policies 4.1 Importance of the Written Business Security Policy 4.2 Considerations of Creating the Written Business Security Policy 5 Cross-Platform Security Configurations 6 Conclusion  Table of Figures Figure 1: Windows to Linux Authentication  List of Tables Table 1: Patch Management Applications  Patch Management Patch Management Defined Over the years common security practices have evolved. With these practices the view on patch management has evolved as well. Just a few years ago the common mentality regarding patches was to install and forget. Many systems were deployed and left to their own, few were ever updated. With the rise of worms and malicious code such mentality is no longer accepted. With the new threat levels comes a new focus on patch management. In today’s network environment different methods of deploying and managing patches exist. Networks are unique, like fingerprints, most often......

Words: 890 - Pages: 4

Premium Essay

Free Trade in the Real World

...Free Trade in the Real World: Competing perspectives about the role and impact of trade in developing countries. By James Lawrie Since the end of the Second World War the Western World has lead the way in the quest for free trade between nations. In particular, various arms of The United Nations, chiefly The World Bank, The International Monetary Fund (IMF) and The World Trade Organisation (WTO) have been the main bodies through which the developed world has pushed its agenda of liberalisation. The policies pursued by these supranational organisations are based on western economic concepts and theories and have become broadly known as the ‘Washington Consensus’, a term first coined by John Williamson in 1989. The Washington Consensus is rooted firmly in the Neoclassical approach to economic thinking and has been criticised by two main schools of thought; Structuralists and Dependency Theory. These two schools question many of the assumptions made by the Neoclassical framework and use real world observations to discredit Neoclassical policies. While Neoclassical theory suggests that all free trade is eventually mutually beneficial to everyones welfare, Dependency Theory advocates argue that free trade is a destructive force and a threat to the Developing World or the Least Developed Countries (LDC’s). Structuralist make their position in the middle ground and acknowledge that while there are gains from free trade to be made for LDC’s and Developed Countries (DC’s)......

Words: 2331 - Pages: 10