Division chiefs, program managers, and other senior staff members working in CISO organizations frequently find themselves needing to stay current on technologies while, at the same time, leading and managing segments of the IT security program and assigned staff. Attending conferences is one way that these senior level personnel can learn about new technologies, tactics, techniques, and practices which can be adopted by an enterprise. Over the course of two or three days, a busy manager or executive can attend a large number of briefings while also developing business relationships by networking with others in the field.

Find an IT Security or Cybersecurity conference that will be offered in the next six months and research the types of presentations and workshops which will be offered. Research the costs associated with attendance (conference fees, meals, lodging, travel). The conference venue must be within the continental United States. The conference itself should be one that you are interested in and would attend if the funding were made available.

Write up a travel request which includes a summary of the conference, a justification which explains the benefits of attendance (many conferences will provide a template), and an estimate for the costs that includes the following categories: conference or workshop fees, meals, lodging, travel. Format your travel request as a 1 – 1/2 page business memorandum (no more than 7 paragraphs) addressed to the Padgett-Beale CISO.

Your travel request should include links (URLs) for the conference and venue (including the hotel where you would stay). If meals are included in the conference fee then you should state that and not include those meals in your estimate. Use this GSA website to obtain estimates for meals that are not included in the conference fees: https://www.gsa.gov/travel/plan-book/per-diem-rates

At least three sources need to be included as references in this memo.

The post should include the following headers:

Introduction

Analysis

Summary

Introduction

XSS vulnerability allows a hacker to inject malicious JavaScript into a legitimate website, resulting in information disclosure and other security threats. In this activity, you will identify the vulnerabilities of web browsers and web applications that allow XSS attack.

Instructions-Watch Video

https://youtu.be/IuzU4y-UjLw

Submit a 2 to 3-page paper in a Word document with the answers to the following questions:

1.Explain how cross-site scripting can be used to steal someones cookies. Include a short discussion about the JavaScript <script> function.
2.Explain how stolen cookies can be used to cause session hijacking begin by defining session hijacking.
3.Explain how phishing enables XSS.
4.Explain how browsers have evolved to reduce the risks of XSS attacks. 
5.Explain how securely provisioned web servers protect against XSS attacks

Introduction

Validating the entry points of a website is essential, as invalidated input can result in a number of security threats. In this activity, you will analyze one such threat caused by improper input validation.

Instructions

Please address the following in a 1-2 page short paper. A minimum of 100 words for each answer is required.

1. State how the code below can be subjected to SQL Injection Attack to bypass the login mechanism.

try {  String sql = “SELECT * FROM employee WHERE username = ‘”  + username.text +  “‘ AND password = ‘” + pwd.text+ “‘”;  Statement stmt = con.createStatement();  ResultSet rs = stmt.executeQuery(sql); }

The set of statements above are used for authenticating the user during the login process.

2. Analyze the following SQL statement and state how the hacker can manipulate the given query to access confidential information from the website, such as users details (username, password, credit card details, etc.) from a simple select statement commonly used in the website search text box.

Search for products text box

Select * from items where item_name Like itemTextbox.text;

Evaluation

This assignment is due Sunday by 11:59 PM ET.  Short Papers are worth 35% of your final grade and are assessed using the Short Paper Rubric

Two part: 1st part is the instruction below and in order to provide second part i have to post 1st part by deadline. 2nd part is three response to other strudents post.

Introduction

Invalidated inputs are always a big threat to website security. In this activity, you will discuss the popular buffer overflow attack and its countermeasures.

Instructions

Before starting with the assignment, refer to the following website:

A Shellcode: The Payload https://www.tenouk.com/Bufferoverflowc/Bufferoverflow5.html

Now, consider the following C program used for authenticating a user to log into the software. The hacker bypasses the authentication and logs into the software. Analyze the following program to identify the possible cause of the breach in the code.

  #include <stdio.h> #include <string.h> void main {      char buffer[20];    int flag = 0;      printf(” Enter your password : n”);    gets(buffer);      if(strcmp(buffer, “123456”))    {          printf (“n Incorrect Password n”);    }    else    {          printf (“n Correct Password n”);          flag = 1;    }    if(flag)    {        printf (“n Granted Access n”);    } }

Respond to the following:

Examine the above code and discuss how it is vulnerable to Buffer Overflow Attack.
Explain how hackers inject shellcodes into the system using a Buffer Overflow Attack.

After posting your initial response, select two of your peers to discuss how you would each refine the code to mitigate the vulnerabilities in the existing code.

Please write a critical review for each paper, that:
– Summarizes the papers in about 10 sentences
– Evaluate the author’s work in good aspect(in bullet points), for example “Summarizing figure is very clear and useful.” I have provided some examples. Please read the examples.
– Lists the potential improvements this paper can do(in bullet points), for example “The authors didnt provide meaningful conclusions for the reviewed works. No gaps in previous research or possible directions for future research were mentioned”. I have provided some examples. Please read the examples.
– Expanded arguments based on the positives and negatives

And you don’t need to write reference or citation, because the paper itself it’s the only reference.

    Term Paper Instructions
    Pick a subject related to Information Security.

    The subject should not be just a history lesson. You can analyze the offerings of a current technology, or review best practices in a certain industry segment or application. The material covered should not be a general subject that is taught in another undergraduate class at ECU, but you can delve deeper into a subject. For instance, a general history or overview of virtualization would not be appropriate, but something like Best Practices for Securing Virtual Servers in a Healthcare Environment would be appropriate. The current status and future of any new or developing technology is appropriate. An analysis of a current event or current events relating to information security is appropriate. Your term paper topic should NOT be something that you would expect your classmates to already know.

    Research what information you can find and write a 5-15 page (12-point font, double spaced) paper on the subject. There should be five to fifteen pages of written text not including references. You can add a title page, figures, tables, etc. to make it longer if you want.

    Your paper must include at least 5 external references not including the textbook.
You must have at least 2 references from a journal or technical proceeding, not just a web page.
For the purposes of this requirement, I will accept references that have the term journal or proceedings in the title, or any paper that has at least 5 references listed at the end of the article. To get credit for having these two references, they must be marked with an asterisk in the citations or references section of the paper that you submit to me. An example of marking the references with an asterisk can be found at http://www.infosecwriters.com/text_resources/pdf/Forensics_HStacy.pdf   
Wikipedia does not count as a journal or technical proceeding.

    You are encouraged to use the university library resource (https://library.ecu.edu ). The ACM Digital Library database and the IEEE Xplore database are recommended as good starting points for finding related references. If you get to a database that asks for a subscription you should start over by going to the ECU Joyner website https://library.ecu.edu and find the database through this website by clicking on the Database List link below the OneSearch box. Then navigate to A for ACM or I for IEEE XPlore. The OneSearch may also be used to search for useful articles as it includes an array of scholarly and trade journal articles, including many by IEEE. If you are off-campus, you may be required to authenticate using your ECU credentials (email userid and password). You should not need to buy any subscription for access to research material. Use the library.

    The expected length of the paper is 5-15 pages of text plus any additional figures, tables, references, etc. If you have more than fifteen pages of material you may submit the paper, but do not expect any extra credit for the extra words. A good 8-page paper will be worth just as much as a good 20 page paper for the grade that I assign.

    Note that using ones own previous work without citation is a form of plagiarism (self-plagiarism). This is also referred to as Multiple submission in the student code of conduct.+

*****Avoid plagiarism

***Avoid plagiarism
I need a script for speech >10-minutes along with >12 slides of PowerPoint.

New product or process: “IT TRAINING” for all employees to avoid a Phishing attack.

Scenario: 
You have been asked to speak to a group of companywide technicians who will be using your product or process in the coming months.  Some of them have an awareness of the change the company is starting, but others dont.  So you will need to give them a basic understanding of the topic, and then expand from there and give specific details that hands-on technicians will be interested in.  You dont have to teach them how to do the process, use the machine or product at this point.  But you do have to tell them how the process, machine, or product works.  Make sure to give them the major parts of the machine or product, or the principle steps of the process.

To prepare for your presentation:
    Analyze your audience
    Determine your purpose
    Generate ideas to add to your basic overview presentation
    Form an outline
    Develop a 12-20 slide PowerPoint presentation from your outline
    NO MORE THAN 3 SOURCES!!

In appreciation of the work your company ( Ace technologies) have done for them, FloridaWeb has invited you to provide a presentation to a group of small to medium business owners. Keep in mind that just because they run a business, they may not truly understand information security.

Your task is to explain exactly what information security and its importance to organizations. Use your imagination in designing this presentation. It can be in the form of a promotional brochure, PowerPoint, discussion, or anything attention getting. This is your chance to showcase your organization as well as share information about information security.

ABC Institute of Research has sensitive information that needs to be protected from its rivals. The Institute has collaborated with XYZ Inc. to research genetics but does not want to share other research projects. These other projects must be kept confidential at any cost. ABC researchers are unsure about the form of crypto algorithm (asymmetric or symmetric) to use to protect their intellectual property. Compare these two forms of cryptography. Formulate a possible solution to the problem and describe the advantages and disadvantages of any solution employed.
Requirements

    This is an individual assignment, i.e. not a team or partner assignment.
    Use a three-paragraph format: an introduction/scenario recap, analysis, and conclusion.
    Provide an APA style reference page with at least two references.
    Double-spaced, font size 10 or 11.
    500 word minimum, not including your name, title, or references.

Your CISO recently attended a security conference and spoke to several vendors. He has become very concerned about the recent malware like GlitchPOS and other Advanced Malware attacks. He’d like you to draw up a short 3-5 page decision paper on your recommendation of the following 3 different advanced malware protection solutions:

Carbon Black
FireEye
Cylance
He would like some details on the capabilities, pros/cons, costs, and finally your expert decision