I don’t understand this Computer Science question and need help to study.
Read below student posts and reply each in 130 words.
jaya-The micro-grid resilience is an article in network shutdown. In recent times, it has led to threats and weaknesses in electricity infrastructure and systems. In that context, the probability of severe impact to individual services in the region can be expected. As far as potential data corruption and hacking, which was targeted across the country and significant parts of the affected states in last months, are concerned, it can be assured that PSUs in the vicinity will increase the protection levels on their network to compensate for the potential of such attacks.
Threats of micro-network resilience and their systems include malware attacks and rescue storage and trojans, problem and vulnerabilities on the infrastructure. The threats at the microgrid resilience and their systems are the malware attacks, and ransom ware and trojan, problem and vulnerabilities on the infrastructure. As these threats exist on public networks, their exploitation can penetrate into the private networks in which financial service companies use private network. With this premise, the threat actors are leveraging weaknesses to gain covert and forceful entry into the corporate networks. (Hodson, C. J. (2019))
The vulnerabilities of microgrid resilience and their information systems are weak passwords, Sql injection, traditional external access, lack of appropriate database backups, manual password changes, inconsistent and unknown access controls, and poor use of users as a source of failure. The vulnerability of the microgrid, its training of its security personnel, and the ancillary infrastructure of third parties are often ignored. Operational Security and Infrastructure Security. (Hodson, C. J. (2019))Impact of the event:Exposure to vulnerability in microspheres resilience systems has created tremendous distress in the overall resilience levels and resilience of the microgrid environment, which has had immediate effects on related systems. There has been a tremendous impact on most of the wider grid-connecting sectors because of the disruption caused in the distribution, procurement and telecommunications delivery systems. (Boyer, K. (2019))
murali-IT Management has two very different roles. The IT Manager is responsible for the software and hardware technology as well as all aspects of IT infrastructure. This IT Manager will not only lead the business model and development of the applications but also ensure that the software and hardware are installed correctly and optimised. It is the responsibility of the IT Manager to ensure all software and hardware components are in tune with each other (Chapman, R. J. (2019))
The second, and crucial role of the IT Manager is to ensure that the infrastructure environment is scalable. The IT Manager will ensure that the IT environment is scaled across both physical and virtual servers with regard to the number of servers, memory, CPU, and disk. IT management is to help provide an effective framework for IT security and the sustainable management of the Internet and other information systems. The Internet is subject to attack from hackers, botnets, spam, malware, spam, phishing, social engineering, and hacker attacks. As technology is increasingly embedded in our lives, the management of Internet systems is becoming an increasingly important task. The IT infrastructure has to be managed with care and with the best practices in mind. IT management is helping ensure the smooth functioning of your IT operation, including troubleshooting, deployment of patches, upgrade and maintenance of applications. IT management also involves managing the aspects of data protection, support, reporting, auditing, and security systems. IT management is also involved in controlling the client side tools such as web servers, printers, websites, email, etc.
The role of IT management in IT operations varies depending upon the end-users’ needs. Users tend to need more flexibility when it comes to IT management. In addition to protecting and managing end-users’ data, IT management helps your business to keep itself current and address new demands in the midst of technological change.
Tejesh – OCTAVE is a flexible risk assessment methodology which is used to manage information security risks (Gibilisco, 2013). It is a flexible framework which is used to determine the risk level and plan the defenses to mitigate those risks. This approach abbreviates to operationally, critical, threat, asset and vulnerability, evaluation of risks and helps in determining an approach to mitigate the risks due to security. OCTAVE is designed to leverage the experience and expertise of the people within the organization and it helps the company in identifying and build an asset-based threat profiles, identify infrastructure vulnerabilities and develop security strategy and plans (Caralli, Stevens, Young, & Wilson, 2007).
This plan was originally developed for US DOD (Dept of defense) by Carnegie Mellon University. It was designed for big organizations with multiple hierarchy levels and maintains their own IS infrastructure with the ability to conduct their own evaluations. It provides many advantages to the company one being maintaining the privacy and confidentiality of the information. It helps in developing the risk assessment and determine plans to mitigate the risks as risks cannot be avoided completely. The approach helps in determining the cost and resources and the roles associated to them based on the costs.
saikiran -The Networked Systems Survivability (NSS) Program of the Software Engineering Institute (SEI) has started building up the Operationally Critical Threat, Asset, and Vulnerability Evaluation(OCTAVE) framework to depict a data security hazard assessment. OCTAVE characterizes a lot of self-guided exercises for associations to distinguish and oversee their data security dangers. Assessments that are predictable with the OCTAVE system will be complete and will permit an association to distinguish the data resources that are essential to its strategic, dangers to those benefits, and the vulnerabilities that may uncover those data advantages for the dangers. Data Security Evaluation (ISE).
The ISE is a data security weakness assessment created by the Software Engineering Institute’s Networked Systems Survivability Program. It centers around distinguishing vulnerabilities in an association’s figuring framework. It tends to resources and dangers verifiably. OCTAVE designers are consolidating the exercises gained from the advancement and conveyance of the ISE into the OCTAVE structure and strategy. Software chance administration skill. OCTAVE is additionally joining a considerable lot of the indicative strategies and speculations created by the SEI’s Risk Program, which centered on distinguishing dangers to programming advancement ventures. A considerable lot of the standards for OCTAVE’s Phase 1 are gotten from work that concentrated on hazard the board issues confronting directors in a product improvement association.
It characterizes a complete assessment technique that permits an association to distinguish the data resources that are imperative to the crucial the association, the dangers to those advantages, and the vulnerabilities that may open those advantages for the dangers. By assembling the data assets, threats, and vulnerabilities, the association can start to comprehend what data is in danger. By actualizing OCTAVE, chiefs and entrepreneurs consider the strategy to use by taking a gander at the size and the multifaceted nature of their association and assessments the expense as far as time and individuals and what jobs they can play. The most significant components to investigate while executing OCTAVE are traits, standards and yields. Little associations generally have level and straightforward progressive structure while large organizations have complex structures and scattered divisions (Christopher, 2001). Use of OCTAVE Allegro and procedure, it makes the association to place into thought the offices, innovation, and individuals in the nearby setting to business procedures, administrations, and data for maintaining the business activity without the impedance of the outsiders. In that manner, the size of the association is the basic determinant for the sending of the OCTAVE Allegro. Since the quantity of the individuals, offices, and activity decides the control of the OCTAVE strategy, it is recommendable for the business association to verbalize the dangers that may happen before executing the method (Jufri et al., 2017).
deepika-The Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is an outline for identifying and managing information security risks. It defines a widespread evaluation method that allows an organization to identify the information assets that are important to the tasks of the organization, the threats to the assets, and the vulnerabilities that may expose the assets to the threats. By putting together the information assets, threats, and vulnerabilities, the organization can begin to understand what information may be at risk. The organization can begin to design and implement a protection strategy to reduce the overall risk exposure of its information assets.
Large organizations usually have a multi-layered hierarchy and maintain their own infrastructure, along with the ability to run vulnerability evaluation tools and interpret results in relation to critical assets. Smaller organizations usually do not have the ability to run or interpret the results of vulnerability tools because many of them outsource their IT department. In large companies, OCTAVE is a time-consuming process, however, it should not be neglected. The flow of information is constant. It is common for some data to gain more importance over time and the lack of consistency may lead to data compromise or legal consequences if not utilizing OCTAVE regularly.
OCTAVE consists of tools and techniques needed for risk-based information security strategic assessment and planning, (Alberts, C.J. 2002). It is used as a way to discover what type of security a business or organization needs in order to protect their information security. The methods are beneficial for organizations developing their IT risk management approaches because nothing will get missed in deciding what needs to be protected for the organization.
The OCTAVE method comes in different types and differentiates depending on the size of the organization and its’ specific needs. The OCTAVE-S Method for example is to be utilized by smaller organizations, about 100 people or less. “It meets the same criteria as the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method but is adapted to the more limited means and unique constraints of small organizations”, (Bediako, 2014). Some of the things that larger organizations might be more concerned with is making sure all of their information security is being protected in different locations possibly around the world. With a small organization, they only would have to worry about maybe one or two locations being protected.
ajay-Policies are evident in almost any organization. There are principles behind these policies that are necessary for the development process. Even though principles are a key factor in policy development, choice of the principle is very important. Each principle that has been chosen has its own requirements, ease of implementation and its drawbacks. This paper analyzes two principles of ethics and timeliness in two sections, the financial sector and the health sector (Alberts, 2003).Ethics is the general acceptable behavior and reaction towards situations and people while timeliness is the factor of how effective with regard to time does one conduct his tasks and responsibilities. Both sectors require the principles, but the mode of implementation will depend on some factors.
Both the financial and health sectors demand that efficiency of service provision is acquired. With this regard, timeliness is a key factor for all staff and personnel related to the organizations. Any organization would want to retain its customers for a longer time. This requires that service provision and customer interaction is up to date. Ethics comes in handy to stipulate the necessary protocols to be followed in administering proper service. On the other hand, the principles are quite different in terms of applicability (Alberts, 2003). The sectors (financial and health) differ in terms of operations and functionalities thus each principle will be applied in its own way.
In implementing the principles in real life interaction, the health sector will experience a little hardship. This is because even though the principles are same, the customers are the sole determination of success. Financial organizations deal with data and finances. With enhancement of technology, service provision is enhanced too. Accountants do not get personal while administering their services. In the health sector, people come in with different problems and sicknesses. Due to this, each patient requires special attention and thus the factor of timeliness is indefinite (Brunschwiler, 2019). Ethics is also challenged given the fact that some patients may go personal and a little expertise may be required.