Free Essay

Information Assurance

In: Computers and Technology

Submitted By booneybrown
Words 533
Pages 3
Encryption Standards for Web Browsers
Joaquin Javier Brown
American Military University

For every operating system connected to the internet, there must be a web browser to navigate it. Given the amount of risks posed by viruses and other threats on the internet, measures must be taken to secure one’s computer against these threats. From the standpoint of a user many types of software can be implemented to prevent intrusions and detect them once they’ve occurred. In spite of this there is still an element of risk. To combat this from the side of the programmer, there has been a type of encryption that controls data flow from work stations to the internet. The level of this is encryption across most internet surfing tools is set at 128 bits of encryption. 128 bits of encryption is extremely difficult to crack. It works by utilizing 128 character comprised of ones and zeros. The reason this standard is chosen is that it strikes a balance between complexity and efficiency. It would take longer than the average human lifespan to crack, which essentially means the cracker stumbled upon the correct key within the span of half the possible combinations (Bradford). Though there are stronger types of encryption such as the one time pad, it bears to reason that having to replace the key after every single web page is loaded is inefficient. Though 128 bit encryption is indeed powerful, there are other encryption types available to the public which are even stronger. Advanced Encryption Standard (AES) is the standard which 128 bit comes from. However there are other forms of encryption offered from the same algorithm. AES can go as high as 192 and 256 bits to secure data against nearly all attacks with the exception of brute force. In terms of government level and corporation encryption, the standards are much higher. The need for better security has been demonstrated from recent attacks such as those against Target and Sony. In these cases there are many hackers aligned against single target seeking to exploit any vulnerability. In this case, given the computing power available, companies have no choice but to take greater measures to secure their data than the average user. A perfect example of this type of encryption used in conjunction with other measures of operations security would be that of Microsoft and its OneDrive program. It utilizes a combination of industry standard encryption combined with good key storage policies which does not allow them to be stored congruently (Shackleford)
As technology progresses, greater methods of encryption will have to be devised in accordance with Moore’s law. There are companies currently looking towards the future with the concept of quantum computing. In order to maintain security, users must pair their research with implementation across all levels of system security.

Resources
Shackleford, D. (2015, July 1). The importance of public cloud encryption for enterprise data storage. Retrieved December 23, 2015, from http://searchcloudsecurity.techtarget.com/tip/The-importance-of-public-cloud-encryption-for-enterprise-data-storage
Bradford, C. (2014, July 31). 5 Common Encryption Algorithms and the Unbreakables of the Future - StorageCraft. Retrieved December 23, 2015, from http://www.storagecraft.com/blog/5-common-encryption-algorithms/…...

Similar Documents

Free Essay

Assurance

...Instructions: This assessment addresses your skills and knowledge in applying a global perspective in business, critical thinking, and communication. These are College-wide competencies adopted by the faculty for all majors in the College of Business. Please provide the following information at the top of your answer submission: First & Last Name, Panther ID, MAJOR, and Professor’s name. You are encouraged to do your best in this assessment. You do not need to perform web research in answering this question; your academic training at the College of Business Administration should have provided a good foundation and prepared you to provide an excellent answer. Use your time wisely while making sure you display excellent Global Thinking, Critical Thinking and Written Communication skills. Your response will be diligently checked for academic honesty and integrity, so if you feel obliged to research the answers you must appropriately cite your sources.  Please read the following question carefully. You may want to construct a brief outline of your answer on scratch paper before your begin writing in order to better organize your thoughts. You can type your responses directly on the attached document, save it and submit into the Turnitin.com Dropbox that can be found under the assignments tab in your Blackboard course. Your response will be evaluated based on three (3) criteria: • Your ability to apply a global perspective to a business problem, • Your......

Words: 998 - Pages: 4

Premium Essay

Information Assurance

...Risk Management Framework Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Enterprise Risk Key activities in managing enterprise-level risk—risk resulting from the operation of an information system: Categorize the information system Select set of minimum (baseline) security controls Refine the security control set based on risk assessment Document security controls in system security plan Implement the security controls in the information system Assess the security controls Determine agency-level risk and risk acceptability Authorize information system operation Monitor security controls on a continuous basis NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 Risk Management Framework Starting Point CATEGORIZE Information System Define criticality/sensitivity of information system according to potential worst-case, adverse impact to mission/business. MONITOR Security State Continuously track changes to the information system that may affect security controls and reassess control effectiveness. SELECT Security Controls Select baseline security controls; apply tailoring guidance and supplement controls as needed based on risk assessment. Security Life Cycle AUTHORIZE Information System Determine risk to organizational operations and assets, individuals, other organizations, and the Nation; if acceptable, authorize operation. IMPLEMENT Security Controls Implement...

Words: 723 - Pages: 3

Premium Essay

Assurance Service

...CHAPTER 1 AN INTRODUCTION TO ASSURANCE AND FINANCIAL STATEMENT AUDITING Answers to Review Questions 1-1 The study of auditing is more conceptual in nature compared to other accounting courses. Rather than focusing on learning the rules, techniques, and computations required to prepare financial statements, auditing emphasizes learning a framework of analytical and logical skills to evaluate the relevance and reliability of the systems and processes responsible for financial information, as well as the information itself. To be successful, students must learn the framework and then learn to use logic and common sense in applying auditing concepts to various circumstances and situations. Understanding auditing can improve the decision-making ability of consultants, business managers, and accountants by providing a framework for evaluating the usefulness and reliability of information—an important task in many different contexts. 1-2 There is a demand for auditing in a free-market economy because the agency relationship between an absentee owner and a manager produces a natural conflict of interest due to the information asymmetry that exists between the owner and manager. As a result, the agent agrees to be monitored as part of his/her employment contract. Auditing appears to be a cost-effective form of monitoring. The empirical evidence suggests auditing was demanded prior to government regulation. In 1926,......

Words: 2680 - Pages: 11

Premium Essay

Quality Assurance in It

...Quality Systems in IT Assignment Implementing Quality Assurance in IT Systems Name: Elise Xuereb Group: 1HND6 Table of Contents Question 1 (P1.1) 2 ISO 9000:2005: ‘Quality Management Systems - Fundamentals and Vocabulary’ 2 ISO 9001:2008: Quality Management Systems - Requirements 3 ISO 19011:2011: Guidelines for auditing management systems 3 Question 7 (D2.1) Take responsibility for managing and organizing quality assurance activities. For 2 quality assurance practices in each stage identified above, you need to do a plan of implementing it. You need to discuss at least 3 people involved and the work operations that need to be done. Criteria: • Correctly write a plan of action for 2 quality assurance practices including 3 people involved and work operations involved. Plan of Action: System Initiation People involved: Project Manager, System Analyst and Quality Assurance Tester. Work that needs to be done and a plan of how it needs to be implemented: 1. Developing a Quality Assurance (QA) Plan: As indicated in Question 6, this step should be implemented by, initially having an exploration phase. In this phase, the client comes up with the procedures that ensures that quality assurance is present in the project. For instance, when having a robust and secure system, the performance of the system should be constant so that no system downtime will take place. Here, one must take into consideration whether the stakeholders have experience......

Words: 6690 - Pages: 27

Premium Essay

Cmgt 400 Intro to Information Assurance & Security

...Introduction These past few years have been distinct by several malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through......

Words: 1123 - Pages: 5

Premium Essay

Quality Assurance

...Quality Assurance ITS 400 – Information Technology Project Management Colorado State University- Global Campus Professor Britton September 18, 2014 Quality assurance is the, “…systematic process of checking to see whether a product or service being developed is meeting specified requirements” (Rouse, 2007). Quality assurance is particularly important in human resources. Employees bring life to the goals of an organization and can impact the morale and culture of the work environment. This specific organization is interested in hiring new instructors to teach a project management course. These instructors will help future project managers develop the skills needed to direct individuals in implementing new ideas. This makes the instructor the most important piece of the course, as their work will dictate the success of future projects. When hiring new instructors, human resources should use the following quality standards: competence, compatibility, commitment, character, culture, and compensation (Hall, 2012). These standards will aid human resources in determining if the possible candidate can help form the kind of project manager needed for the job. They will also allow the company to look at current instructors and evaluate if they hold the qualities that they are looking for. If not, the company can administer trainings and have individual meetings to address the topic. Project management requires dedication, perseverance, and patience. Instructors of these...

Words: 1221 - Pages: 5

Free Essay

Assurance Engements

...Auditing and assurance Assignment: Assurance engagement report Due: 15th May Water accounting is a process that identifies and reports relevant information relating to water. As water reporting has increased in popularity and importance the Bureau of Meteorology is developing Water Accounting Standard alongside with Water Accounting Standard Board to improve the quality of water reports being produced by companies. Development of water standards started in 2004, the purpose was to provide support to the public and investors in the water trade as well as for consumption and mange environmental benefits. Since then, the Australian Water Accounting Standards has made yearly progress. * In 2006 the water accounting in Australia is at its starting phase which focused on managerial need and not for external users. * In 2007 the National Water Accounting Development Project and Committee was established and Pilot program involving water managers and practitioners was introduced. * In 2008 Bureau of Meteorology was tasked with water accounting development and production of national water account. * In 2009 Water Accounting Conceptual Framework has started development with the start of Australian Water Accounting Standard * In 2010 a draft of Australian Water Accounting Standard 1 was created and exposed to the public. * In 2011 the Bureau of Meteorology partnered up with Auditing and Assurance Standards Board and started development of Assurance......

Words: 688 - Pages: 3

Premium Essay

Assurance Statement

...Corporate Reporting Quadrants The State of Global Corporate Responsibility Reporting – Corporate Responsibility Reporting Comes of Age in 2011 Measuring the Markets – Corporate Responsibility Reporting at the Country Level Ranking Sectors – Corporate Responsibility Reporting at the Industry Level Does Ownership Matter? – Corporate Responsibility Reporting by Ownership Structure Corporate Responsibility Reporting Metrics: A Snapshot The Business Imperative Behind CR Reporting – Reputation Leads the List Global Standards and Evolving Platforms – The Drive for Consistency and Accessibility The Road to Integrated Reporting – A Benchmark on Integrated Reporting Driving for High-Quality Data – Quantifying Quality The State of CR Assurance – Making the Most of Assurance About KPMG’s Climate Change & Sustainability Services Methodology 2 4 6 8 12 14 16 18 20 23 26 28 31 32 © 2011 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved. Executive Summary Corporate responsibility (CR) reporting has become the de facto law for business While the continued adoption of CR reporting may not surprise those active in the field, the details of how CR reporting is evolving deliver a compelling view into the expectations that companies now face. Companies are increasingly realizing that CR reporting is about......

Words: 10456 - Pages: 42

Free Essay

Information Assurance

...Chapter 1 R1. 1. An isolated Computer: In Chap 1-5 which examines security problems identifying features and estimating risks. 2. Cryptographic techniques: Chaps 6-9 which covers authentication and forensics. 3. Computer networking basics: Chap 10-12 Covering network fundamentals and protocols. 4. Large scale security: Chaps 13-17 Examining enterprise security, encryption, internet servers and government security issues. R2 1. Rule based decisions: These are made for us by external circumstances or accepted guidelines. 2. Relativistic decisions: These try to outdo others who are faced with similar security problems. 3. Rational decision: These are based on a systematic analysis of the security situation. R8 We determine assets when assessing security to be the physical devices. The boundary is the limited access to the physical devices by walls and doorways. The threat agents are the people acting maliciously and risking security on these physical devices. Vulnerabilities are identified by security weaknesses. Attacks are from the threat agents through possible hacking, privacy breeches, and stolen hardware and files, etc. We take security measures through setting up security strategies. E3 Desktop computers are throughout my real estate office and are all on a secure network. Every agent has access to these computers. We can use our own personal desktop or laptop in our individual offices if we choose which would......

Words: 261 - Pages: 2

Premium Essay

Ites in Information Assurance

...MGS 555 Final Project TEAM RAKSHA Information Assurance, Security and Privacy Services Table of Contents SL NO | CONTENTS | PAGE NUMBERS | 1 | Introduction | 3 | 2 | Summary | 4 | 3 | Application of IT enabled services | 5 | 4 | Technologies involved | 6 | 5 | Challenges | 7 | 6 | Threat to management | 9 | 7 | Conclusion | 10 | Introduction Information Technology that enables the business by improving the quality of service is IT enabled services. ITES is the acronym for the term “IT Enabled services”. It is one of the fastest growing segments of international trade. ITES is a form of outsourced service which has emerged due to involvement of IT in various fields such as banking and finance, telecommunications, insurance, etc. It also involves the contracting of the operations and responsibilities of a specific business process to a third-party service provider. ITES sector includes services ranging from call centers, claims processing, eg. Insurance. Office operations such as accounting, data processing, data mining. Billing and collection, eg. Telephone bills. Internal audit and pay roll, eg. Salary bills on monthly basis, Cash and investment management, eg. Routine jobs given to a third party and giving importance to core business. Summary The most important aspect is the Value addition of IT enabled service. The value addition could be in the form of - Customer relationship management, improved database, improved look and feel, etc.......

Words: 941 - Pages: 4

Premium Essay

Assurance and Auditing

...Chapter 1 An Introduction to Assurance, Auditing, and Related Services A. Assurance Services 1. Which of the following statements best describes assurance services? a. Independent professional services that are intended to enhance the credibility of information to meet the needs of an intended user. b. Services designed to express an opinion on the fairness of historical financial statements based on the results of an audit. c. The preparation of financial statements or the collection, classification, and summarization of other financial information. d. Services designed for the improvement of operations, resulting in better outcomes. Assurance engagements performed by professional accountants are intended to enhance the credibility of information about a subject matter by evaluating whether the subject matter conforms in all material respects with suitable criteria, thereby improving the likelihood that the information will meet the needs of an intended user. The level of assurance provided by the professional accountant’s conclusion conveys the degree of confidence that the intended user may place in the credibility of the subject matter. 2. Which of the following is not an assurance service? a. Examination of prospective information b. Audit of historical financial statements c. Review of financial statements d. Compilation of financial information Services performed by professional accountants that are not assurance engagements include the......

Words: 452 - Pages: 2

Premium Essay

Audit Assurance

...Chapter 1 An Introduction to Assurance and Financial Statement Auditing * Key Term * Assurance Services (鉴证业务): Independent professional services that improve the quality of information, or its context, for decision makers. Encompasses attest services and financial statement audits * Reporting not only on the reliability and credibility of information, but also on the relevance and timelines. * Attest (声明): A service when a practitioner (从业者) is engaged to issue or does issue a report on subject matter, or an assertion about subject matter, that is the responsibility of another party. Encompasses financial statement audits. * A broader auditing service, including not only economic events or actions. * Financial statement auditing is a specialized form of an attest service * Audit evidence (审计证据): All the information used by the auditor in arriving at the conclusions on which the audit opinion is based. Audit evidence includes the information contained in the accounting records underlying the financial statements, as well as other information. * Sufficiency: The quantity of evidence the auditor obtains * Appropriateness: The quality * Relevance: Whether the evidence is relevant to the specific management assertion being test * Reliable: The diagnosticity (可诊断性) of the evidence * Audit risk: The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. * The auditor...

Words: 1298 - Pages: 6

Premium Essay

Assurance

...Name: Nikhil Rawal Student Number: 130014317 BSc (Hons) Accounting & Finance Part 2 By Name: Nikhil Rawal Student Number: 130014317 BSc (Hons) Accounting & Finance Part 2 By Assurance Assignment Assurance Assignment ------------------------------------------------- Question 1 “Without accountancy businesses would find it hard to function”, Michael Izza. What you feel he means by the above quote? Accounting is the language of business, without it, business functionality would be difficult to undertake. If we break it down, accountancy is needed in the following ways: 1. Financial Accounting: this comprises of information that companies avail to the general public. As a result of these statements being published, companies can gain potential investors. It also hold firms accountable for their operations and encouraged constant revaluation of systems and development in efficiency. 2. Management Accounting: this deals with internal information e.g. cost of goods sold, profit targets, variance analysis etc. This holds management accountable for decisions they make. As a result, they review, plan and coordinate amongst themselves to ensure smooth functionality. 3. Accountability: Businesses need to be held accountable for the actins they make. Otherwise there would be elements of greed, theft, dishonesty and fraud evident in the framework. Accountancy therefore acts as regulator to stop such miss happenings and in a way ensure the financial...

Words: 2299 - Pages: 10

Premium Essay

Quality Assurance

...Chapter 8 Quality Assurance and Quality Control 8 QUALITY ASSURANCE AND QUALITY CONTROL IPCC Good Practice Guidance and Uncertainty Management in National Greenhouse Gas Inventories 8.1 Quality Assurance and Quality Control Chapter 8 CO-CHAIRS, EDITORS AND EXPERTS Co-Chairs of the Expert Meeting on Cross-sectoral Methodologies f or Uncertainty Estimation and Inventory Quality Taka Hiraishi (Japan) and Buruhani Nyenzi (Tanzania) REVIEW EDITORS Carlos M Lòpez Cabrera (Cuba) and Leo A Meyer (Netherlands) Expert Group: Quality Assurance and Quality Control (QA/QC) CO-CHAIRS Kay Abel (Australia) and Michael Gillenwater (USA) AUTHOR OF BACKGROUND PAPER Joe Mangino (USA) CONTRIBUTORS Sal Emmanuel (IPCC-NGGIP/TSU), Jean-Pierre Fontelle (France), Michael Gytarsky (Russia), Art Jaques (Canada), Magezi-Akiiki (Uganda), and Joe Mangino (USA) 8.2 IPCC Good Practice Guidance and Uncertainty Management in National Greenhouse Gas Inventories Chapter 8 Quality Assurance and Quality Control Contents 8 QUALITY ASSURANCE AND QUALITY CONTROL 8.1 INTRODUCTION.................................................................................................................................8.4 8.2 PRACTICAL CONSIDERATIONS IN DEVELOPING QA/QC SYSTEMS ......................................8.5 8.3 ELEMENTS OF A QA/QC SYSTEM .................................................................................................. 8.6 8.4 INVENTORY AGENCY...

Words: 9065 - Pages: 37

Premium Essay

Information Assurance

...topic: Information Assurance http://dodcio.defense.gov/policy/infoassurance.shtml This site is near to my area of expertise, as an employee of the DoD, i am constantly reminded that each and every day we defend American in an ever-changing information rich environment. This site talks about the DoDs Chief Information Officer, Teri Takai and here responsibilities, her vision for the organization and the mission he is charged with carrying out. This link only looks at a small topic, yet hugely important to the health of the DoD network and that is assured communications across services, missions and thousands of miles. The main focus of this tab is, the statutory regulations under which the Dod must operate computer and information systems, how contractors can bid and develop products for the DoD information systems and other similarly related topics. This site is a tremendous resource for both governments and businesses because it discusses minimally what can be done to mitigate many issues with obtaining, storing and using sensitive data. http://www.viasat.com/government-communications/information-assurance This site is from a company ViaSAT, Inc. that provides resources and capabilities to the US government through strategic products and services related to Information Security and Cybersecurity. ViaSAT creates digital communication products for both commercial and Government Markets. One of the main focuses for the DoD, is making sure there is secure information......

Words: 574 - Pages: 3