Category: Cyber security

project title: Reaching Deeper Security Threats Using Grammar-Based Fuzzers and Understanding their Effectiveness.
github link: https://github.com/carolemieux/perffuzz
Tools must be implemented using Linux:
1. PerfFuzZ
2. TreeLine
3. SlackLine
4. SlowFuzz

As per instructons received… This must be a synthesis vs. an Annotated bibliography.
Literature review In scholarly work and in creating a
literature review:
a
summary tells us ‘so what was this about’..a synopsis.
Here is another way of thinking about/working with
synthesis:  Most students are able to
tell us the difference between a summary (annotation/book report style) vs a
synthesis.. However when the sit down to work on their SYNTHESIS
assignment, they do not provide a synthesis. Synthesis was explained earlier
however I’ll explain in perhaps another way below that might be helpful:
Imagine you are hosting a party at your house (wearing
a mask of course ;-)) with some famous scholars..they are coming to discuss
some research on your area of study. You are in the kitchen making coffee,
slicing up the coffee cake and listening..you are hearing the back
and forth discussion of these scholars talking about the pros/cons of
the research, what the real problem is and how these research studies fit that
problem..you’re taking note the entire time while waiting to serve the coffee
and cake. You finally listen to the group, chime in a bit with your findings
and then after they leave, you will write a summary on what was noted by these
scholars..the problem noted in those works, the pros/cons found in that
research relevant to the problem, where the topic is now, where its heading and
general thoughts on this..you will take this info as a whole to tell your
understanding of this living room conversation on this topic. You will not say
‘Grant said (2021), Smith then said (2021)..INSTEAD, you will give a general
explanation of the topic, with the info I noted above..you will of course site
them as it was THEIR idea initially but we want your overall, holistic
view of this conversation..THAT is synthesis..does that make sense?

Inside Final Lab.docx you will see the ER Design for the University Database. Give the SQL Schema for it 
Note: Consider two examples at least for each item like college name, instructor, teaches, student
The ER Design for GRAD_BOOK is attached in a screenshot, it is simple. Give the SQL SCHEMA for this ER design as well using at least 2 examples for each item.
You don’t get full points if you don’t use at least two examples.

NO REAL WORD COUNT REQUIERMENT, JUST NEEDS TO BE THERE CONCEPTUALLY. 
Objective:
This assignment aims to explore the legal and ethical challenges associated with Open Source Intelligence (OSINT) through the analysis of a case study. Students will critically examine a real-world scenario where OSINT practices have led to legal or ethical dilemmas, evaluating the actions taken and proposing solutions or alternative approaches.
Guidelines:
Assignment Tasks:
Select a real-world case study that highlights legal and/or ethical dilemmas in the use of OSINT. This could involve issues of privacy, consent, legality, or moral conflict.
Conduct a thorough analysis of the case, focusing on the ethical and legal challenges presented.
Report Format:
Use a standard font (e.g., Times New Roman, size 12) with 1-inch margins.
Structure your report into the following sections: Introduction, Case Overview, Ethical Analysis, Legal Analysis, Recommendations, Conclusion.
Content Requirements:
Introduction: Provide background on OSINT and its relevance in the context of cybersecurity.
Case Overview: Describe the selected case, outlining the key facts and issues.
Ethical Analysis: Analyze the ethical dilemmas present in the case. Discuss the actions of involved parties and their ethical implications.
Legal Analysis: Examine any legal issues or challenges raised by the case. Discuss how the actions align or conflict with existing laws and regulations.
Recommendations: Propose solutions or alternative approaches that could have mitigated the ethical and legal issues.
Conclusion: Summarize your findings and reflect on the broader implications for the field of cybersecurity.
Research and Sources:
Support your analysis with credible sources, including academic journals, legal documents, and ethical frameworks.
Ensure all sources are properly cited according to APA guidelines. Plagiarism will not be tolerated.
Evaluation Criteria:
Depth of Analysis: Insightfulness and thoroughness in examining the ethical and legal aspects of the case.
Quality of Recommendations: Practicality and creativity of the proposed solutions.
Research and References: Use of appropriate and credible sources to support your analysis.
Writing Quality: Clarity, coherence, organization, grammar, and adherence to formatting guidelines.

Scenario 
The Entertainment Team (ET — part of Resort Operations at Padgett-Beale, Inc.) is excited about a new event management platform and is ready to go to contract with the vendor. This platform is a cloud-based service that provides end-to-end management for events (conferences, concerts, festivals). The head of Marketing & Media (M&M) is on board and strongly supports the use of this system. M&M believes that the data collection and analysis capabilities of the system will prove extremely valuable for its efforts. Resort Operations (RO) also believes that the technology could be leveraged to provide additional capabilities for managing participation in hotel sponsored “kids programs” and related children-only events. 
Tatiana Stepanishcheva / iStock / Getty Images Plus
For an additional fee, the event management platform’s vendor will provide customized Radio Frequency Identification (RFID) bands to be worn by attendees.  
The RFID bands and RFID readers use near-field communications to identify the wearer and complete the desired transactions (e.g. record a booth visit, make a purchase, vote for a favorite activity or performer, etc.).
The RFID bands have unique identifiers embedded in the band that allow tracking of attendees (admittance, where they go within the venue, what they “like,” how long they stay in a given location, etc.).  
The RFID bands can also be connected to an attendee’s credit card or debit card account and then used by the attendee to make purchases for food, beverages, and souvenirs.  
For children, the RFID bands can be paired with a parent’s band, loaded with allergy information, and have a parent specified spending limit or spending preauthorization tied to the parent’s credit card account. 
The head of Corporate IT has tentatively given approval for this outsourcing because it leverages cloud-computing capabilities. IT’s approval is very important to supporters of this the acquisition because of the company’s ban on “Shadow IT.” (Only Corporate IT is allowed to issue contracts for information technology related purchases, acquisitions, and outsourcing contracts.) Corporate IT also supports a cloud-based platform since this reduces the amount of infrastructure which IT must support and manage directly. 
The project has come to a screeching halt, however, due to an objection by the Chief Financial Officer. The CFO has asked that the IT Governance Board investigate this project and obtain more information about the benefits and risks of using RFID bands linked to an external system which processes transactions and authorizations of mobile / cashless payments for goods and services. The CFO is concerned that the company’s PCI Compliance status may be adversely affected. 
The Chief Privacy Officer has also expressed an objection about this project. The CPO is concerned about the privacy implications of tracking both movement of individuals and the tracking of their purchasing behaviors.
The IT Governance Board agreed that the concerns expressed by two of its members (the CFO and CPO) have merit. The board has requested an unbiased analysis of the proposed use cases and the security and privacy issues which could be reasonably expected to arise.  
The IT Governance Board has also agreed to a request from the Chief of Staff that the management interns be allowed to participate in this analysis as their final project. Per the agreement, their involvement will be limited to providing background research into the defined use cases for cashless purchases. These use cases are:
Purchases for craft materials and snacks by children (under the age of 13) attending a hotel sponsored “kids club” program.   
Purchases by Individuals attending a music festival or other event where IDs must be checked to establish proof of age (legal requirement for local alcoholic beverage consumption).
Purchases by attendees at trade shows (attendees are “adults”). 
Your Task
Pick one of the three use cases listed above. Then, follow the directions below to complete the required research and write your final report.  
Research
Read / Review the readings in the LEO Classroom. 
Read this introduction to RFID technologies 
Research one or more of the Use Cases 
Children: 8 Benefits of Using RFID Wristbands for Resorts & Attractions https://www.rfidsilicone.com/blog/industry-news/what-benefits-of-rfid-wristbands-for-hotels-resorts-theme-parks.html (see section 4: Family Freedom) and Tappit launches new RFID wristband safety functionality https://tappit.com/resources/blog/rfid-wristband-safety
Managing Adult Attendees at Music Festivals (includes RFID bands linked to twitter, Facebook, and credit/debit card): RFID wristbands vs NFC apps: What’s Winning the Contactless Battle? https://www.techradar.com/news/world-of-tech/rfid-wristbands-vs-nfc-smartphones-what-s-winning-the-contactless-battle-1167135
Tracking Adults at Trade Shows: RFID wristbands – the good, the bad and the ugly https://blog.printsome.com/rfid-wristbands-good-bad/
Choose one of the Use Cases then find and review at least two additional resources on your own that provides information about privacy and security related laws that could limit or impose additional responsibilities upon Padgett-Beale’s collection, storage, transmission, and use of data about guests. (Note: laws may differ with respect to collecting data from or about children.) You should also investigate laws, regulations, or standards which impact the use of the RFID bands for mobile purchases.
Using all of your readings, identify and research at least 7 security and privacy issues which the IT Governance Board needs to consider and address as it considers the implications of your chosen use case upon the adoption or rejection of the proposed IT project (Event Management Platform & RFID bands).
Then, identify 7 best practices that you can recommend to Padgett-Beale’s leadership team to reduce and/or manage risks associated with the security and privacy of data associated with the event management platform.
Write
Write a five to seven (5-7) page report using your research. At a minimum, your report must include the following: 
An introduction or overview of event management systems and the potential security and privacy concerns which could arise when implementing this technology.  This introduction should be suitable for an executive audience. Provide a brief explanation as to why three major operating units believe the company needs this capability. 
An analysis section in which you address the following: Identify and describe your chosen Use Case
Identify and describe 7 or more types of personal / private information or data that will be collected, stored, processed, and transmitted in conjunction with the use case.   
Identify and describe 5 or more compliance issues related to the use of the RFID bands to make and track mobile purchases.
Analyze and discuss 7 or more privacy and security issues related to the use case. 
Identify and discuss 3 or more relevant laws, regulations, or standards which could impact the planned implementation of the event management system with RFID wrist bands.
A recommendations section in which you identify and discuss 8 or more best practices for security and privacy that should be implemented before the technology is put into use by the company. Include at least 2 recommendations in each of the following categories: people, processes, policies, and technologies. 

NO REAL WORD REQUIERMENT JUST NEED TO CONCEPTUALLY BE THERE PLEASE.
Objective:
The purpose of this assignment is to enhance students’ understanding of personal online security by assessing the security of an online profile. Students will critically evaluate the digital footprint, privacy settings, and potential vulnerabilities of a public online profile (e.g., a celebrity or a public figure), and suggest measures to improve its security.
Guidelines:
1.  Assignment Tasks:
Select a public online profile for assessment. Ensure that the profile belongs to a well-known public figure or entity to avoid privacy violations.
Conduct a comprehensive assessment of the profile’s security, considering aspects like privacy settings, shared information, and visible digital footprint.
Report Format:
Use a readable font (e.g., Times New Roman, size 12) with standard margins.
Organize your report with the following headings: Introduction, Methodology, Assessment Findings, Security Analysis, Recommendations, Conclusion.
Content Requirements:
Introduction: Describe the purpose of the assignment and the importance of online profile security.
Methodology: Outline the methods and tools used for assessing the profile.
Assessment Findings: Present your findings regarding the profile’s public information and privacy settings.
Security Analysis: Analyze the potential security risks identified in the profile.
Recommendations: Suggest practical measures for enhancing the security of the profile.
Conclusion: Summarize the key insights gained from the assessment.
Ethical Considerations:
Do not choose private individuals or non-public figures for this assignment.
Avoid any form of unauthorized access or interaction with the profile.
Discuss the ethical implications of public information availability and digital footprint exposure.
5. Evaluation Criteria:
Comprehensiveness of Assessment: Depth and thoroughness of the profile assessment.
Analytical Quality: Insightfulness of the security risk analysis.
Practicality of Recommendations: Relevance and feasibility of the security enhancement suggestions.
Writing and Presentation: Clarity, structure, grammar, and adherence to format guidelines.
PreviousNext

discuss the benefits that you see for Critical Infrastructure protection in the use of Threat Intelligence. Here are just a few questions to consider; Does Threat Intelligence have a quantifiable difference in the security landscape? Has any company reviewed their Threat Intelligence programs and shared the impact the Threat Intelligence had?

Please Answer Each Discussion Seperately!!
Disucussion 1: (160 Words)
1.     Explore a major passive scanning website, such as www.netcraft.com or www.shodan.io. Describe the type of information that can be gathered from the website. Explain how the website can be useful to a penetration tester.
Discussion 2: (100 Words)
Agree or Disagree? Why?
Select an organization that you are familiar with. Conduct a passive scanning of the organization’s website. What insights did you get from the scanning? 
I conducted a passive scan of a university. These were the top 4 vulnerabilities found, along with the risk.
Website
Vulnerability Name
Count
Risk Level
Weighted Risk
Sub Resource Integrity Attribute Missing
4
Medium
70%
CSP: Wildcard Directive
1
Medium
67%
CSP: script-src unsafe-inline
1
Medium
67%
CSP: style-src unsafe-inline
1
Medium
67%
These vulnerabilities can lead to a variety of front-end attacks, primarily through the injection of malicious content. The absence of the SRI attribute can allow third parties to inject additional content into files fetched by the web application or document. Incorrect implementations of CSP can expose the website to various attacks, including XSS attacks.
Reference:
Mozilla (n.d.). Mozilla. Subresource Integrity. Retrieved June 15, 2024, from https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
Disucussio 3: (50 Words) (Chapter 4 Document)
What is port scanning? Why is it an important step in penetration testing?

Here is the link for the article your reviewing. 
https://www.cioreview.com/news/why-is-it-necessary-to-implement-cyber-risk-management-nid-31463-cid-141.html

Develop an Incident Response Plan (IRP) for your employer (holiday Inn Hotel). Limit your plan to 4-6 incidents that could critically impact the organization. Use the template from the text. Your plan should be 4-6 pages in length.