CSIS Discussion & Replies

Write a thread containing a thoughtful answer to 1 question.  Answer should  contain at least 400 words.  If necessary, you may list within your  thread any concepts on which you need further clarification as well.   Also, you must reply to at least 2 threads below.  Each reply  should contain at least 200 words.  Additionally, all posts  (thread and replies) should reflect professional writing, current APA  standards, include at least 1 scholarly reference (e.g., peer-reviewed  journal articles), and integration of at least 1 biblical principle.

Thread Question:
What makes a secure password secure?(Answer in at least 400 words)

Replies(Reply to each thread in at least 200 words EACH) 

Thread #1
  Explain: Data Remanence, Distributed Denial of Service, SQL Injection, Emanation
A distributed denial-of-service (DDoS) attack  is an attack launched from many places at once. The objective of a DDoS  attack is to incapacitate a system or service in a way that is more  difficult to block than an attack originating from a single location. A  DoS attack that originates from a single system is easy to block by  configuring a router to drop packets from the attacking system. However,  a DDoS attack can simultaneously originate from thousands of systems,  making it virtually impossible to block by any normal means. However, the business impact of these attacks can be minimized through some core information security practices, including performing ongoing security assessments. In addition, solid patch management practices, email phishing testing  and user awareness, and proactive network monitoring and alerting can  help minimize an organization’s contribution to DDoS attacks across the  internet.
Computer and network hardware  devices employ high-speed electronics that can emanate electromagnetic  radiation (EMR). Sometimes these emanations contain data that can be sensitive in nature. Examples  of emanations are network cabling which if not terminated properly can  emanate EMR. Older computer monitors and emit EMR which could contain  information what is being displayed. And processor chips can emanate EMR  giving information about processing data.
Data remanence refers to data  that remains on a storage device. Data can remain on a device even after  a user removes the data. Examples of data remanence are deleted hard  drive files, formatted hard drives, and USB flash drives. Deleting files  does not actually remove them, it only dereferences them. There are  tools available to easily recover these files as needed in their  entirety. This is critical to be reminded of if we sell old computer or  laptops to someone after a hard drive has been formatted. As I remember  there is what is called DOD wipes that supposedly actually wipes the  drives.
A script injection otherwise  known as code or SQL injections occurs when software programs do not  parse input data for script commands. Crafted SQL statements can be  inserted into an input field and cause the database server to execute  the injected statements.
As I think about these subjects  the following biblical reference comes to mind. As a Christian, I should  emanate the fruits of the Spirit to those around me. If I’m focusing on  God’s Word I will emanate the fruits of the Spirit. If not, I will  emanate the fruits of the flesh which is sin. We should live Gal. 5:  22-23

Thread #2

  Remembering Passwords at Work    
Secure password: [email protected]!9xD&Y4t
A secure password should be a string of keys that have absolutely  no meaning and no personal context. This will make it incredibly hard  for other individuals to decipher or crack a password, but having a  strong secure password does nothing if an individual is able to get that  information from the computer’s operating system or from applications  that can store a user’s password. “MD5 and SHA-1 are the most popular  functions used for storing passwords. The main problem is that they were  not designed to serve such purposes.” (Boonkrong and Somboonpattanakit,  2016). If these are the most popular forms of storing passwords, it is  easy to assume that different applications may use one of these two  methods to store the saved passwords for their application’s users, and  using this logic, we can presume that passwords are not safe when they  are saved on an application. This is only one external threats  associated with saving your password to applications and computers at  work. Individuals working in medium to large sized business must always  be cognizant that a potential threat may lie within the organization  they work for. In the event that you leave your workstation and forget,  or decide not to, log out, you are giving someone complete access to all  applications, websites, and data that your saved credentials normally  give you access to. This can mean endangering your personal information,  such as bank account numbers, family data, etc., as well as endangering  valuable company data that said individual may not have access to at  their position. This can cause great lose for the company, and if the  leak is traced back to an individual’s workstation, it could cause that  individual to be demoted or lose their job. Although storing passwords  in applications or in the operating system can increase the ease of  logging in, the benefits of an extra few seconds of work doesn’t out way  the potential cost of secret company information being leaked. By  keeping user names and passwords in a secure location and physically  entering passwords every time an employee logs in, it gives the company,  its employees, and its stakeholders a piece-of-mind in knowing that  their data and information will not be taken because of a fault that  they have created. To protect company, employee, and stakeholder  interests, it is imperative that all employees manually log in to each  system every time they log in.