490 WK5 DQ1 100-150 WORDS
In 2018, CEO Mark Zuckerburg responded to a data breach by writing in a Facebook post, “We have a responsibility to protect your data, and if we can’t, then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.” (Schwalbe, 2018). Discuss how this problem could have been avoided. Explain why this problem is a product of poor quality.
REPLIES 75-100 WORDS
A Chad Pope
Hello Professor Gentry,
Based on my research and analysis of the circumstances surrounding the 2018 Facebook data breach, Facebook could and should have used project quality management processes and principles regarding third party applications offered on their platform. Did Facebook develop a quality management plan? If so, did they execute it? Did they implement quality control techniques? It would appear not. The Cambridge Analytica application compromised the information of Facebook users’ friends without their consent. Sound quality management could have at least reduced the risk associated with third party applications. I am not sure it would have completely mitigated the risk, but it could certainly have lowered it.
B Francheska Janosik
Class,
To me it would seem that the company should have required the privacy protection that they implanted in 2014 from the very beginning. There should always be strict requirements around the access and use of personal information. There should have been no point in time that a company should have been able to access private personal information.
C Jordan Ehresman
Hello Class,
The Facebook data breach of 2018 was caused by vulnerabilities in a new implemented feature that allowed for the attackers to gain control of millions of user accounts through stolen access tokens. According the research by Wong (2019) the breach attack was conducted from September 16 and finally discovered and patched on by September 25th. This attack was able to access all the data that presented on the users account as well login capabilities for third party applications that utilize Facebook login as a method of access. Software vulnerabilities are inevitable but mitigating and account for them should be prioritized by all organization to ensure that both the company and the users data integrity is upheld. Vulnerability assessment processes and vulnerability scanners should be utilized to identify and correct for all all discovered vulnerabilities (Hamilton, 2022). Vulnerability assessments allow for the organization to identify and resolve all found vulnerabilities in an efficient manner that ranks them accordingly and minimizes the chances that they can be exploited upon before correction. Vulnerability scanners are categorized into host based, network based and database based tools and are utilized to identify vulnerabilities over the differing source associated with each type. These tools should be used to monitor and detect vulnerabilities in a t430 WK6 DQ1 100-150 WORDS
How can an organization apply the Common Criteria for Information Technology Security Evaluation (CC)? Is there value in applying CC within public companies?
REPLIES 75-100 WORDS
A Yamil Santana
Good Afternoon Class,
The Common Criteria for Information Technology Security Evaluation (CC) is a standard for evaluating the security of information technology (IT) products. It is used to certify that an IT product has been thoroughly evaluated and meets certain security standards.
To apply the CC, an organization can follow these steps:
1. Identify the security requirements of the IT product that needs to be evaluated.
2. Determine the level of assurance needed for the IT product. This will depend on the sensitivity of the data that the IT product will be handling and the potential impact of a security breach.
3. Select a CC evaluation facility that is accredited to perform evaluations to the desired level of assurance.
4. Submit the IT product for evaluation to the selected facility. This will involve providing documentation about the product and its security features, as well as making the product available for testing.
5. The evaluation facility will conduct a thorough review of the IT product and its security features. If the product meets the CC requirements, it will be granted a certificate of evaluation.
There is value in applying the CC within public companies, as it can help to ensure that their IT products are secure and meet high standards for protecting sensitive data. This can help to build trust with customers and stakeholders, and can also reduce the risk of security breaches, which can have serious consequences for a company.
B Idrisu Rabiu
Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. Common Criteria is more formally called “Common Criteria for Information Technology Security Evaluation.”
Common Criteria has two key components: Protection Profiles and Evaluation Assurance Levels. A Protection Profile (PPro) defines a standard set of security requirements for a specific type of product, such as a firewall. The Evaluation Assurance Level (EAL) defines how thoroughly the product is tested. Evaluation Assurance Levels are scaled from 1-7, with one being the lowest-level evaluation and seven being the highest-level of evaluation. A higher-level evaluation does not mean the product has a higher level of security, only that the product went through more tests.
To submit a product for evaluation, the vendor must first complete a Security Target (ST) description, which includes an overview of the product and product’s security features, an evaluation of potential security threats and the vendor’s self-assessment detailing how the product conforms to the relevant Protection Profile at the Evaluation Assurance Level the vendor chooses to
Why Choose Us
- 100% non-plagiarized Papers
- 24/7 /365 Service Available
- Affordable Prices
- Any Paper, Urgency, and Subject
- Will complete your papers in 6 hours
- On-time Delivery
- Money-back and Privacy guarantees
- Unlimited Amendments upon request
- Satisfaction guarantee
How it Works
- Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
- Fill in your paper’s requirements in the "PAPER DETAILS" section.
- Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
- Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
- From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.