Week 2 Assignment

ISYS 408

Professor Choi

March 31, 2018

Week 2 Assignment

Exercise 3.1

According to the article, Internal vs. External Penetrations: a Computer Security Dilemma, there are three categories of users of computer resources namely the masquerader, the legitmate, and the clandestine user.

• The masquerader: these users are trusted users who steal credentials to have access to computer resources.
• The legitimate: these users are already granted access to computer resources by computer organization and use their own credentials.
• The clandestine user: the users have or can get super user privileges.

These users may become barriers or threats to computer resources. The risk for computer resources may come from inside organization or from outside organization. The outsider can be the one who has no authority to use the information of organization’s computer resources and insider can be employee or customer or other member of organization who has right to access information from particular computer resource assigned to them. It is partially concluded that the highest threat for computer and resources come from within organizations is true.

Exercise 3.4

System development life cycle (SDLC):

It can be described as conceptual model used to describe about the stages involved in project management. There are lot of systems development life cycle methodologies developed in order to guide the processes such as rapid application development, waterfall model etc.

The point of differentiation between agile development and traditional development are as follows:

• In traditional methods, all the software development process is completed in a sequential order. So, it uses linear approach whereas agile methodology uses team-based approach that helps to quickly deliver the application with all functional components.
• In traditional method, before starting the project, all the details of the project are defined and visualized whereas agile methodology gives you more flexibility so that changes can be made easily related to the project.
• In traditional method, customers are only involved in the early stages of the development processes whereas in agile methodology, the customers are involved in every stage of the software development process.

Closing Case DQ 1

In given case, the Chief Information Office of RWW has assigned task to his mentors to represent in a strategic planning workshop on ‘How IT plan will allow us to meet the objectives articulated in strategic plan?’ “I” is one of the mentors of the company trying to make her plan to meet the requirements of task assigned by Mike. According to me, as “I” is new to such task and doing from scratch for the first time. It is better that she should follow the path of Mike’s goal and should support the profit centers of the company. Mike is having an IT plan in the support of goal number 3 from corporate strategic plan even if this goal number is reducing overall operating cost as percentage of revenue. So, according to me, second choice is better to keep the company’s goals to be subordinate to just IT goals instead of corporate goals.

Closing Case DQ 2

If “I” finds that an IT strategic objective would reduce the security of RWW’s information assets, she needs to choose the option of Risk assessment or Risk analysis. Risk assessment is an important phases of Security Systems Development Life Cycle (SDLC). Risk assessment is task of assessing relative risks for information assets. It helps to identify vulnerabilities in an information system. Iris should analyze exciting IT strategic objectives along with current treats in information system. Iris should try to know the enemy of RWW’s information assets with the help of her team.