Activity 2: MSCP

*Another activity

What is a project management plan? Describe its importance.

(Scope, Cost, Quality, Risk, Communication, Resources, Time)

Describe each management plan and discuss its importance.

Describe how to construct the details on the each plan.

Provide an example details on each plan.

Project management plan

In this report, project management plan can be defined as a document which can be as a reference to provide the comprehensive baseline of what has to be reached by the project. In the project must have the who will be involved, how the project will be reported, how it is to be reached and how information will be communicated. By having this document as the reference for the project management plan, this can ensure the management of the project is carried out in consistently with the help of in line with procedures and policy.

Its importance

The importance of applying the project management plan in a project is it will help the members much faster to do their tasks; it is much more to keep in track of the progress of the project. It will make the project become faster in delivering on time, as well as the budget and scope.

*Each management plan with its importance

Scope

The part of project planning that involves determining and documenting a list of specific project goals, deliverables, features, functions, tasks, deadlines, and ultimately costs. In other words, it is what needs to be achieved and the work that must be done to deliver a project.

It is important to pin down the scope early in a project’s life cycle as it can greatly impact the schedule or cost (or both) of the project down the track.

Cost

Cost management is the process of estimating, allocating, and controlling the costs in a project. It allows a business to predict coming expenses in order to reduce the chances of it going over budget. Projected costs are calculated during the planning phase of a project and must be approved before work begins. As the project plan is executed, expenses are documented and tracked so things stay within the cost management plan. Once the project is completed, predicted costs vs. actual costs are compared, providing benchmarks for future cost management plans and project budgets.

Quality

The Quality Management Plan defines the acceptable level of quality, which is typically defined by the customer, and describes how the project will ensure this level of quality in its deliverables and work processes. Quality management activities ensure that:

• Products are built to meet agreed- upon standards and requirements
• Work processes are performed efficiently and as documented
• Non-conformances found are identified and appropriate corrective action is taken

Quality Management plans apply to project deliverables and project work processes. Quality control activities monitor and verify that project deliverables meet defined quality standards. Quality assurance activities monitor and verify that the processes used to manage and create the deliverables are followed and are effective.

- To make sure take the resources from trusted website.
- To make sure when interview the client is relate able with the question.

Risk

.¹ Project risk is an uncertain event or condition that, if it occurs, has an effect on at least one project objective.² Risk management focuses on identifying and assessing the risks to the project and managing those risks to minimize the impact on the project. There are no risk-free projects because there are an infinite number of events that can have a negative effect on the project. Risk management is not about eliminating risk but about identifying, assessing, and managing risk.

Communication

A project communication plan that will guide the messages to a project’s affected stakeholders is a critical part of any project. How well you communicate throughout the life cycle of your project can make the difference between success and failure.

Resources

This Project Resource Management Plan helps you to identify all of the resources required to complete your project successfully.

Using this Resource Plan, you will be able to identify the quantity of labor, equipment and materials needed to deliver your project.

You will then create a resource schedule, which enables you to plan the consumption of each type of resource, so that you know that you will have enough resources to complete the project.

Time

a component of overall project management in which a timeline is analyzed and developed for the completion of a project or deliverable. Project time management consists of six different components or steps.

* How to construct the details on the each plan.

* Provide an example details on

Security Vulnerability Test - Penetration Testing

Research activity

Choose ONE (1) security vulnerability test.

-Describe the test and purpose of the test

-Discuss how it works

-Provide example of the test

-Discuss the solution if there is vulnerability after a test

Produce an audit document showing the range of tests on IT systems and networks example, (LANs/WANs and wireless networks)

Penetration Testing

Definition:
-Pen testing or ethical hacking used to identify security weaknesses.
-A Network Security Service
-One of several methods used to prevent unauthorized network intrusion
It is a type of security testing used to test the unsafe areas of the system or application

Purpose of the test:
An attempt to evaluate the security of the IT infrastructure by safely trying to exploit vulnerabilities
To find all the security vulnerabilities that are present in the system being tested.

In addition
Vulnerability is the risk that an attacker can disrupt or gain authorized access to the system or any data contained within it.

How it works:

identify potential vulnerabilities and test to ensure the vulnerabilities are real.

The example of the test:

References:

SearchSecurity. (2019). What is pen test (penetration testing)? - Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/penetration-testing [Accessed 25 Apr. 2019].

Core Security. (2019). Penetration Testing. [online] Available at: https://www.coresecurity.com/penetration-testing [Accessed 25 Apr. 2019].

Our IT Department Ltd - IT Support in London and East of England. (2016). What is Network Penetration Testing & How Does it Work?. [online] Available at: https://www.ouritdept.co.uk/what-is-penetration-testing/ [Accessed 25 Apr. 2019].

Guru99.com. (2019). [online] Available at: https://www.guru99.com/learn-penetration-testing.html [Accessed 26 Apr. 2019].

Group Activity : SMJA Secondary School

1. Find an company which has problem with organizational security
2. Recommend organizational security procedures to prevent the problem in the future and justify your recommendations
3. Discuss why organizational security is important

1. SMJA Secondary School.

2.

- System Logs.

Make sure the sure have set up this term. It is safe to make sure every details has been listed, so when there is a problem regarding the school, they can refer it to the system logs.

- Visitors notification.

The school may set up this procedure to be notified if there is any visitors from outsiders and even from the school community itself.

- Access control for physical entry.
As the first recommendation of the procedure to this school, this is almost the same, the guards must notified of the new comers from the outsiders.

• To make sure there are no outsider people can go inside the school.
• To keep the environment and equipment in the school to be safe.
• To maintain the rules security of that school
• To keep the school community safe from any unknown people that is trespassing in.

3. Organizational security is important because

• To protect the resources (such as hardware, software, equipment, materials) in the school
• To keep the time that have been set in the school, not been bothered.

For example: When in the morning at 8.00 A.M is started, the teachers will going to teach the students. So make sure there is no barrier from outsider.

• To make sure every guardians who come to pick their children in the school, make sure the guards are notified that the guardians is the right person.
• To safeguard the safety of the school such as students, teachers, and staff in the school.
• To ensure that no criminals or intruders are in any way entering the school area.

Group pair activity

1- Sab

2- Mizah

Security - Information yang ku buat saja

Why is organizational security important?
- To protect their systems

Access control for physical entry
Computer-Based Access control
Visitors notifications
System Logs
System Auto-lock Policy
-Lock automatic contoh macam phone
User Permissions
Starters & Leavers Policy
Clear desk policy & documentation handling

Security breaches
happens when someone gain information without permissions.

Security Breaches - Types
- Denial-of-Service
-Malware
-Ransomware
-Password Attacks
-Phishing

Malware
-Malicious software

Ransomware
- kidnapped the database and ask for money

Password Attacks
-
Phishing
-Email or phone calls that seem official to gain access or personal information to called phishing
-They frequently take the guise of known, credible entitles such as a person's bank

Prevent Security Breaches
Secure email gateways
Implement defense in depth
Foster a culture of security in the workplace
Backup

Organizational Security Types
Business Continuance
- walaupun kana hack, durang tetap ada backup data and business masih berjalan
- In business important to create backup plan
Backup/Restoration of Data
Audits
Testing Procedures


1- Business Continuance

- Recovery and testing
- Emergency response
- Business continuity and disaster recovery planning
- Backup alternatives

2- Backup/Restoration of Data

3- Security Audit

- Make regularly checkup of the security of the system in a organization
- To check the security network
- A system evaluation of aq company's information security and ensures that the

Security audit of a company
-Analyze software,
-Data processors,
-User practice(security audit will interview employee one by one),
-System configuration


4-System vulnerability tests
-Network scanning
-vulnerability testing
-Password cracking
-Log review
-Virus Detection
-Penetration testing

MSCP - Website

Task: Creating a website for Mindef

1- Project conception and initiation

We are doing the possibilities that could have to be spread to the public users. Also to welcoming the new recruitment to serve as the army for our country. As many as the new comers of the recruitment, so the authorities can bring them up to serve or help for another country (in-charge for another country). By that, our country name can be rise up.

According to this project given, this tasks can be completed, by having the effort, and team working that based on the time given.

2.  Project definition and planning (project planning)

This is the part where to identify the budget. This where we identify the items (resources). Calculate the budget and identify the schedule.

Duration: 1 year and half
Budget: $30, 000
Hardware: Monitor, Mouse, CPU
Software: Visual Studio Code, Adobe Dreamweaver
Workers: $5000.

Domain name - we buy at 'Go Daddy'

3-Project launch and execution

Daniel and Hanif - Responsible to do the design of the website
Akilah, Hafizah - Responsible to gather information
Sab - Maintenance


4- Performance and control
Checking the progress of the project and comparing to the status

If there's problem encounter within the time given, the IT technician will work together to fix the problem.


 5- Project close
The project is successfully completed as the command asked. Even though, we encountered difficulties.


















Group Activity:


Hanif

Daniel

Akilah

Hafizah

Sabrena

SEC - Mail Bombing

Research activity

MAIL BOMBING

-Choose ONE (1) method of threat:

MAIL BOMBING
1. Describe the method of threat & how it works.
-It is the spamming of emails to the targeted person or any specific system.
-It can cause crashing to the email server because of the transferring a lot of emails.
-It also can make lagged and crash because the huge emails that have to be download.

How it works
-It will send emails to the targeted person or any specific system.or person.

The mail bombing are used to work to send into the targeted system or even person.

2. Provide example how it affect a system.

Below is an example shown about the mail bombing that attack one of the well-known system that is called 'G-mail'. It shows about the huge malicious on mail bombing. 

3. Describe how to prevent such threat.
There are a lot of ways on how to prevent the mail bombing. It is can be more careful and read every instructions. Next, ignore the unused emails.

References

Postalinspectors.uspis.gov. (2019). Mail Bombs. [online] Available at: https://postalinspectors.uspis.gov/raddocs/bombs.htm [Accessed 13 Apr. 2019].

Z. Byron Wolf, C. (2019). Here's everything we know after studying the mail bomb packages. [online] CNN. Available at: https://edition.cnn.com/2018/10/26/politics/everything-we-know-mail-bombs/index.html [Accessed 14 Apr. 2019].

SearchSecurity. (2019). What is mail bomb? - Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/mail-bomb [Accessed 17 Apr. 2019].

SEC - Security

Group Activity

Members:

Syukri

Sabreena

Hamizah

Zawanah

1- Latest news or articles where unauthorized systems occured:

Citrix Systems (NASDAQ: CTXS) said in a blog post:

On March 6, 2019, the FBI contacted Citrix (Nasdaq: CTXS) to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.

Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.

Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.

While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.

While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.

Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.

Explanation of the news:

Citrix do report to the FBI that their document is stolen and network is accessed by the unknown user. The FBI said that the hackers has accessed the network and has stole their documents. The method that the hackers used is a tactic known as password spraying which it is the technique to expose the weak passwords. 

2- Below are the video showing security risk for both unauthorized access to data and equipment

3- Ways that IT used to detect unauthorized access:

Benefits:

1. Restrict 
2. Monitor
3. Protect the confidentiality and information

Drawbacks:

1. Hackers can access to the system
2. The confidential information can be stolen

How the risk can be prevented:

1. Make a strong password 
2. Get a system and hardware firewall
3. Malware protection

References:

StreetInsider.com. (2019). Citrix Systems (CTXS) investigating unauthorized access to internal network. [online] Available at: https://www.streetinsider.com/Corporate+News/Citrix+Systems+%28CTXS%29+investigating+unauthorized+access+to+internal+network/15236610.html [Accessed 10 Apr. 2019].

Help, S., Help, S. and Hope, C. (2019). How to prevent unauthorized computer access. [online] Computerhope.com. Available at: https://www.computerhope.com/issues/ch000464.htm [Accessed 10 Apr. 2019].

YouTube. (2019). How Hackers Could Wirelessly Bug Your Office. [online] Available at: https://www.youtube.com/watch?v=5GnMj5cus4A [Accessed 10 Apr. 2019].

MSCP - Project Management

1. Explain project management
2. Identify the key stages of project management
3. Identify the advantages and the importance of implementing project management

Answers

1. The project management is known as the application of the tools, skills, knowledge and the techniques to be applied in the project activities to meet the requirements of the project. In addition, it is practiced informally.

2. There are six stages: Definition, Initiation, Planning, Execution, Monitoring and Control and Closure.

Planning
Execution
Monitoring and Control
Initiation
Closure

Definition
Make sure about the project goals, scope, risks, issues, budget, objectives, timescale and approach have been defined.

Before a project starts the project manager must make sure the project goals, objectives, scope, risks, issues, budget, timescale and approach have been defined. This must be communicated to all the stakeholders to get their agreement. Any differences of opinion must be resolved before work starts.

3. The main advantage is that the project management will help to take care to manage the project with effectively and its job is to enable them to resolve issues more faster. Moreover, it needs money and also time to manage a project.


References

Pmi.org. (2019). What is Project Management?. [online] Available at: https://www.pmi.org/about/learn-about-pmi/what-is-project-management [Accessed 10 Apr. 2019].

Projectsmart.com. (2019). [online] Available at: http://www.projectsmart.com/project-management/the-stages-of-a-project.php [Accessed 10 Apr. 2019].

nibusinessinfo.co.uk. (2012). Advantages of project management. [online] Available at: https://www.nibusinessinfo.co.uk/content/advantages-project-management [Accessed 10 Apr. 2019].