Group Activity : SMJA Secondary School

1. Find an company which has problem with organizational security
2. Recommend organizational security procedures to prevent the problem in the future and justify your recommendations
3. Discuss why organizational security is important

1. SMJA Secondary School.

2.

- System Logs.

Make sure the sure have set up this term. It is safe to make sure every details has been listed, so when there is a problem regarding the school, they can refer it to the system logs.

- Visitors notification.

The school may set up this procedure to be notified if there is any visitors from outsiders and even from the school community itself.

- Access control for physical entry.
As the first recommendation of the procedure to this school, this is almost the same, the guards must notified of the new comers from the outsiders.

• To make sure there are no outsider people can go inside the school.
• To keep the environment and equipment in the school to be safe.
• To maintain the rules security of that school
• To keep the school community safe from any unknown people that is trespassing in.

3. Organizational security is important because

• To protect the resources (such as hardware, software, equipment, materials) in the school
• To keep the time that have been set in the school, not been bothered.

For example: When in the morning at 8.00 A.M is started, the teachers will going to teach the students. So make sure there is no barrier from outsider.

• To make sure every guardians who come to pick their children in the school, make sure the guards are notified that the guardians is the right person.
• To safeguard the safety of the school such as students, teachers, and staff in the school.
• To ensure that no criminals or intruders are in any way entering the school area.

Group pair activity

1- Sab

2- Mizah

Security - Information yang ku buat saja

Why is organizational security important?
- To protect their systems

Access control for physical entry
Computer-Based Access control
Visitors notifications
System Logs
System Auto-lock Policy
-Lock automatic contoh macam phone
User Permissions
Starters & Leavers Policy
Clear desk policy & documentation handling

Security breaches
happens when someone gain information without permissions.

Security Breaches - Types
- Denial-of-Service
-Malware
-Ransomware
-Password Attacks
-Phishing

Malware
-Malicious software

Ransomware
- kidnapped the database and ask for money

Password Attacks
-
Phishing
-Email or phone calls that seem official to gain access or personal information to called phishing
-They frequently take the guise of known, credible entitles such as a person's bank

Prevent Security Breaches
Secure email gateways
Implement defense in depth
Foster a culture of security in the workplace
Backup

Organizational Security Types
Business Continuance
- walaupun kana hack, durang tetap ada backup data and business masih berjalan
- In business important to create backup plan
Backup/Restoration of Data
Audits
Testing Procedures


1- Business Continuance

- Recovery and testing
- Emergency response
- Business continuity and disaster recovery planning
- Backup alternatives

2- Backup/Restoration of Data

3- Security Audit

- Make regularly checkup of the security of the system in a organization
- To check the security network
- A system evaluation of aq company's information security and ensures that the

Security audit of a company
-Analyze software,
-Data processors,
-User practice(security audit will interview employee one by one),
-System configuration


4-System vulnerability tests
-Network scanning
-vulnerability testing
-Password cracking
-Log review
-Virus Detection
-Penetration testing

MSCP - Website

Task: Creating a website for Mindef

1- Project conception and initiation

We are doing the possibilities that could have to be spread to the public users. Also to welcoming the new recruitment to serve as the army for our country. As many as the new comers of the recruitment, so the authorities can bring them up to serve or help for another country (in-charge for another country). By that, our country name can be rise up.

According to this project given, this tasks can be completed, by having the effort, and team working that based on the time given.

2.  Project definition and planning (project planning)

This is the part where to identify the budget. This where we identify the items (resources). Calculate the budget and identify the schedule.

Duration: 1 year and half
Budget: $30, 000
Hardware: Monitor, Mouse, CPU
Software: Visual Studio Code, Adobe Dreamweaver
Workers: $5000.

Domain name - we buy at 'Go Daddy'

3-Project launch and execution

Daniel and Hanif - Responsible to do the design of the website
Akilah, Hafizah - Responsible to gather information
Sab - Maintenance


4- Performance and control
Checking the progress of the project and comparing to the status

If there's problem encounter within the time given, the IT technician will work together to fix the problem.


 5- Project close
The project is successfully completed as the command asked. Even though, we encountered difficulties.


















Group Activity:


Hanif

Daniel

Akilah

Hafizah

Sabrena

SEC - Mail Bombing

Research activity

MAIL BOMBING

-Choose ONE (1) method of threat:

MAIL BOMBING
1. Describe the method of threat & how it works.
-It is the spamming of emails to the targeted person or any specific system.
-It can cause crashing to the email server because of the transferring a lot of emails.
-It also can make lagged and crash because the huge emails that have to be download.

How it works
-It will send emails to the targeted person or any specific system.or person.

The mail bombing are used to work to send into the targeted system or even person.

2. Provide example how it affect a system.

Below is an example shown about the mail bombing that attack one of the well-known system that is called 'G-mail'. It shows about the huge malicious on mail bombing. 

3. Describe how to prevent such threat.
There are a lot of ways on how to prevent the mail bombing. It is can be more careful and read every instructions. Next, ignore the unused emails.

References

Postalinspectors.uspis.gov. (2019). Mail Bombs. [online] Available at: https://postalinspectors.uspis.gov/raddocs/bombs.htm [Accessed 13 Apr. 2019].

Z. Byron Wolf, C. (2019). Here's everything we know after studying the mail bomb packages. [online] CNN. Available at: https://edition.cnn.com/2018/10/26/politics/everything-we-know-mail-bombs/index.html [Accessed 14 Apr. 2019].

SearchSecurity. (2019). What is mail bomb? - Definition from WhatIs.com. [online] Available at: https://searchsecurity.techtarget.com/definition/mail-bomb [Accessed 17 Apr. 2019].

SEC - Security

Group Activity

Members:

Syukri

Sabreena

Hamizah

Zawanah

1- Latest news or articles where unauthorized systems occured:

Citrix Systems (NASDAQ: CTXS) said in a blog post:

On March 6, 2019, the FBI contacted Citrix (Nasdaq: CTXS) to advise they had reason to believe that international cyber criminals gained access to the internal Citrix network.

Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.

Citrix is moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly. In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information.

While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.

While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.

Citrix deeply regrets the impact this incident may have on affected customers. Citrix is committed to updating customers with more information as the investigation proceeds, and to continuing to work with the relevant law enforcement authorities.

Explanation of the news:

Citrix do report to the FBI that their document is stolen and network is accessed by the unknown user. The FBI said that the hackers has accessed the network and has stole their documents. The method that the hackers used is a tactic known as password spraying which it is the technique to expose the weak passwords. 

2- Below are the video showing security risk for both unauthorized access to data and equipment

3- Ways that IT used to detect unauthorized access:

Benefits:

1. Restrict 
2. Monitor
3. Protect the confidentiality and information

Drawbacks:

1. Hackers can access to the system
2. The confidential information can be stolen

How the risk can be prevented:

1. Make a strong password 
2. Get a system and hardware firewall
3. Malware protection

References:

StreetInsider.com. (2019). Citrix Systems (CTXS) investigating unauthorized access to internal network. [online] Available at: https://www.streetinsider.com/Corporate+News/Citrix+Systems+%28CTXS%29+investigating+unauthorized+access+to+internal+network/15236610.html [Accessed 10 Apr. 2019].

Help, S., Help, S. and Hope, C. (2019). How to prevent unauthorized computer access. [online] Computerhope.com. Available at: https://www.computerhope.com/issues/ch000464.htm [Accessed 10 Apr. 2019].

YouTube. (2019). How Hackers Could Wirelessly Bug Your Office. [online] Available at: https://www.youtube.com/watch?v=5GnMj5cus4A [Accessed 10 Apr. 2019].

MSCP - Project Management

1. Explain project management
2. Identify the key stages of project management
3. Identify the advantages and the importance of implementing project management

Answers

1. The project management is known as the application of the tools, skills, knowledge and the techniques to be applied in the project activities to meet the requirements of the project. In addition, it is practiced informally.

2. There are six stages: Definition, Initiation, Planning, Execution, Monitoring and Control and Closure.

Planning
Execution
Monitoring and Control
Initiation
Closure

Definition
Make sure about the project goals, scope, risks, issues, budget, objectives, timescale and approach have been defined.

Before a project starts the project manager must make sure the project goals, objectives, scope, risks, issues, budget, timescale and approach have been defined. This must be communicated to all the stakeholders to get their agreement. Any differences of opinion must be resolved before work starts.

3. The main advantage is that the project management will help to take care to manage the project with effectively and its job is to enable them to resolve issues more faster. Moreover, it needs money and also time to manage a project.


References

Pmi.org. (2019). What is Project Management?. [online] Available at: https://www.pmi.org/about/learn-about-pmi/what-is-project-management [Accessed 10 Apr. 2019].

Projectsmart.com. (2019). [online] Available at: http://www.projectsmart.com/project-management/the-stages-of-a-project.php [Accessed 10 Apr. 2019].

nibusinessinfo.co.uk. (2012). Advantages of project management. [online] Available at: https://www.nibusinessinfo.co.uk/content/advantages-project-management [Accessed 10 Apr. 2019].

LO3 Exercise - Website Design and Development

• THE BODY SHOP

Purpose:

• To promote the product to increase more profit and to expand the business.
• To let the people know about our products, and for people who is lazy to go to our shop, they can visit our website and we can do delivery to their home.

Target audience:

• Our target audience is at the teenagers (15 years old above) until elder.
• In Brunei, mostly women

Why our target audience is at those stated ages:

• It is because teenagers can be attracted easily by their ages, so they can spread or sharing opinions to their relatives or friends.
• Elder- It is for their own use (self-desire)

Identify user requirements:

•  online payment should be created
•  image with price stated
•  design should be attractive, colors, fonts
•  easy to navigate
•  easy to read
•  able to register
•  put the location of the shop
•  able to save product
•  should have search product
•  should have banner/slideshows about The Body Shop, latest promotions or anything to show earlier

Identify client requirement:

• put banner/slideshows
• appropriate design layouts, fonts, colors scheme
• images of product with price
• should have search engine
• location map
• able to view online payment transactions

Create a site map:

• login.html
• contactus.html
• product_skincare.html
• product_haircare.html
• product_bodycare.html
• product_fragrance.html
• product_makeup.html
• aboutus.html

Wireframe:

Login/Register

Home

Contact Us

Product - Skin Care

Product - Hair Care

Product - Body Care

Product - Fragrance

Product - Make Up

About Us