Вы находитесь на странице: 1из 5

Applied

Business Project 2 Security Analysis



Submit your ABP-2 report to TurnItIn as a PDF file
Name: Sabir, Ayra (23307641)

Project: ABP-2 Security Analysis


Task 1: Ishikawa Cause-and-effect Diagram

a) cause-and-effect diagram

OFFLINE ONLINE
SHARING SHARING
Intentional or Intentional or
Inadvertent Inadvertent

Losing or having Staying logged in on a


someone take a journal public computer instead
with all your passwords of logging out

Saying passwords
Emailing or texting
loudly in a public place
passwords to someone
where people can hear
HOW
PASSWORDS
CAN GET
COMPROMISED
Responding to spam or
phishing emails

Installing free software


that can be carrying
viruses

COMPUTER
COMPROMISE

Sabir, Ayra Page 1 of 5



Applied Business Project 2 Security Analysis

Task 2: Two-dimensional mapping of root causes

a) I2 Chart


1 5 6 LEGEND
Frequent


Likelihood To Occur

1. Losing or having someone


take a journal with all your
passwords
2. Saying passwords loudly
in a public place where
people can hear
3.Staying logged in on a
public computer instead of
logging out

2 3 4. Emailing or texting
passwords to someone
Infrequent

5. Responding to spam or
phishing emails
6. Installing free software
that can be carrying viruses
4


Easy Difficult
Effort To Remediate
b) 150 word discussion

The two-dimensional mapping of sources of error associated with password compromise allows
us to better identify common patterns by seeing how different items are clustered. By viewing
the diagram, it is instantly clear that most of the errors fall under easy to remediate, meaning
they can quickly be fixed. Lots of these errors either arise from carelessness or lack of
information. For example, saying passwords outloud or forgetting to log out of public computers
are both things that occur when one is careless. An example of something that would occur due
to lack of information would be responding to phishing emails. The more frequent errors tend to
be situations that are accidental, such as losing a book with all your passwords. On the other
hand, the more infrequent errors tend to be situations that are intentional, such texting passwords
to another person. The fact that we are able to observe common patterns from the I2 chart allows
us to know that the visual map of the fishbone diagram is successful.

Sabir, Ayra Page 2 of 5



Applied Business Project 2 Security Analysis

Task 3: VPN Authentication Process (Cross-functional diagram)

a) Cross-functional Diagram

Sabir, Ayra Page 3 of 5



Applied Business Project 2 Security Analysis

Task 4: Recommendation to Management

a) Question 4A - Report

There are multiple different strategies that students could use to minimize the probability that
their NetID and password will be compromised. Primarily, students should make sure not to
share their NetID or password with anybody. This includes saying the information outloud or
texting/emailing it to even their friends. Often times students may get phishing emails which ask
for their NetID and password. Students should know to never answer these emails because the
University would never ask for this information. Another thing that students can do is be careful
where they store their password. The best method would be to write passwords down on a piece
of paper and keep in a safe. In order to really make sure their password cannot be compromised
the student should make their password something that is not guessable by using many different
characters and making up words rather than using words that already exist. Finally, students
should be aware of what websites they are using and only browse sites they fully trust.

Task 5: VPN Compromise Analysis and Report

a) Question 5A Bar Chart

Sabir, Ayra Page 4 of 5



Applied Business Project 2 Security Analysis

b) Question 5B Report

It is important to investigate whether an international VPN connection might indicate that a


students NetID and password have actually been compromised because many Eller students
often travel during the semester meaning the connection may actually valid. Therefore, the
University should validate this by emailing the foreign VPN connections and asking them
security questions so that they can verify their identity. If a students password is actually
compromised, then the University should terminate that account immediately and set up a new
NetID and password for the student. There are multiple ways that the University can attempt to
prevent password compromise in the first place. Primarily, they should make sure to have a
secure server that prevents password compromise in the first place; however, since that is not
always possible, the University should be prepared to emails suspicious VPN connections and
then follow up depending on the way the user responds. Password compromise can be prevented
by educating students in password safety and teaching them to avoid phishing emails and
downloading free software.

Sabir, Ayra Page 5 of 5