For your paper,

You will imagine that you have been hired as an Application Security consultant for an e-commerce firm, where you will be assessing the needs for an Application Security to solve their problem with a lack of Application Security with their enterprise applications.

The organization wants a solution that deals with OWASP 2017 Top Ten Risks as they have issues with every category.

You will:

Identify a targeted business problem (e-commerce scams) that can be supported by an Application Security solution.

Write an Application Security solutions document that uses Application Security methodologies to solve a problem.

Provide an overview of an Application security solution you propose to implement based on a problem of your choosing.

Your audience for this presentation will be senior executives for the company who will decide whether to sponsor and support the project.

The Research paper will be written using the APA style with at least 25 references (20 of which must be peer-reviewed) and contain at least 18 pages.

Discussion Question. 200-250 words. Provide at least 1 recent and credible reference.

We defined marketing as, “the art and science of getting people to spend their money on your product rather than the other guy’s, and be happy that they did so.” Do you think that’s true? Does some Wizard of Oz person-behind-the-curtain get you to buy something by manipulating you through the 7 Ps? And is “manipulate” the right word for us to use? Which one of the Ps gets you to purchase – a great price? Superior product no matter what the cost? Or are you influenced by a cool promotion? Give an example of a product and why you bought/buy it. Be specific in referring to the 7 Ps in your post, and include which of the Ps is less relevant to you as well. Don’t forget that the Ps often are inter-related – there may be more than one P that influences your decision to buy a product.

you have to write for this discussion 300 words then response for 3 student. I will send the students post later. I only now have for one student.

Discussion on the Nature of Industry

In this discussion, please share your views on the nature of industry in which your current employer belongs. While describing the industry you may like to use the tools we are learning in Modules 5-7.

1st student post

My employer, ADP, primarily competes in the Payroll Processing Industry. When ADP was founded in 1949, they were the only firm of its kind, automating the calculations for employee payroll and taxes. As such, the early stages of ADP’s existence could be characterized as a monopolistic market. This allowed ADP to obtain a significant market share and charge premium prices to businesses that desired the efficiency improvements for their payroll departments.

Over time, because industry profits were so high, many new competitors have entered the market by offering their own automated payroll technology solutions. With the entry of many competitors, I would now characterize the market as monopolistic competition because there are many service providers and many customers. Each provider attempts to differentiate their payroll technology by improving the user interface / user experience, providing higher levels of service and support, adding new features that give firms more flexibility in how they pay employees (real-time pay, accounting for multiple pay cycles by employee classifications, managing performance bonuses and stock options, better integration with other business software systems, etc.). The product differentiation creates loyal customers that will stick with a provider in spite of price increases – the payroll system is also so essential to running a business that customers are often hesitant to make a switch because it can come with a lot of risk. Anyone in the class who works in payroll or HR can probably attest to how painful and how much effort it is to switch payroll providers.

ADP has enjoyed a significant advantage over competitors for many yearrs because they have the largest client base in the industry and are able to position themselves as the firm with the most expertise / experience (having invented the industry). The disadvantage for ADP is that the available technology has changed dramatically over the course of 60 years, so ADP must continuously enhance their technology platform and “sunset” legacy solutions. These migrations are painful for clients and often cause them to consider other providers. ADP’s competitors will target these customers claiming they have better technology for a lower price. This market behavior has forced ADP to reevaluate it’s premium price position in the market for new customers.

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Scenario:

You have finally implemented your firewall and VPN solutions and are feeling much better about your network’s security posture. It is now the end of the fiscal year, and your CISO is looking to you for future budget requirements.

He asks for your thoughts on future trends in network security threats, evolving technologies that may mitigate these threats, and how “GRC” will contribute.

You will:

1. List your thoughts on what the future holds for network security threats (what they are, will they increase, decline, etc.).
2. List any evolving technologies (new) that you are aware of that can help with the threats you listed.
3. Explain how Governance, Risk and Compliance (GRC) will help with these matters, what part will they play (Chapter 15).

Student one:

Hello,

For this final week, we are asked to list our thoughts on what the future holds for network security threats. I would like to point out how cyber space has evolved since the year the course material was published. Therefore, network security threats are evolving inasmuch as IoT devices are expanding to cover all aspects of our daily lives. First, there are those common (old fashioned) security threats such as malware (worm and virus), DOS and DDOS attacks, phishing, Rootkit, Adware and spyware, Man-in-the-middle attacks, SQL injection attacks, and the list goes on. The author provided solutions to these common threats by highlighting the firewall capabilities, the importance of authentication, and securing the Cloud and Mobile Devices. However, the emerging network security threats are of a different breed. In the past, cyber space was an exotic term that only a few privileged ones had a chance to explore. Now, cyber space can be weaponized to the extent that it could cripple the infrastructure of the entire country. Further, the increased production of artificial intelligence security tools have made it easier for hackers to scan for a network exploit and create very sophisticated malwares. There is also a polymorphic attack (polymorphism) which has gotten more sophisticated over the years since it was created by 1992. Not to sound negative, third party security breaches are becoming the favorite avenue for hackers to steal credit card numbers and sensitive information from innocent victims, such as hacking BestBuy, Sears, Delta, Target (more than once).

To defend against these security threats, organizations should “police” their employees’ interaction with the outside cyber-world. In other words, employees should only use the organization network for work purposes and refrain from using social media to chat with their buddies and partners or brag about their daily jobs through Instagram or tweets. In addition, Stewart recommended employing the Data leakage prevention technologies which can “identify, monitor, and protect data in use, data in motion, and data at rest from inappropriate use, distribution, transmission, or other unauthorized actions” (Stewart, 2014).

As for GRC, it serves as a warning policy that any organization should follow to thwart any security threat. Governance and compliance go hand in hand to manage any potential security risk. Therefore, governance, risk, and compliance should be all progressing in the same direction. Governance covers the SOP that ensure employees are adhering to their organization’s security policy. Risk management is the ability to determine the likelihood of a threat to exploit a vulnerability and cause damage or lose. Therefore, the objective of cybersecurity is to detect, understand, and eliminate the risk (Stewart, 2014).Finally, compliance is simply having employees or anyone authorized to have access to the organization’s network system comply with the security policies set forth by the IT department. Hence, if there is no compliance the rate of risk management will be higher.

Reference:

Stewart, J. M. Network Security, Firewalls and VPNs. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812841077…

Regards,

Said

Student two:

Hello,

This week we are asked to discuss some of our thoughts on what network security threats will look like in the future, highlight any emerging technologies that we believe will help mitigate those network security threats, and explain how Governance, Risk, and Compliance (GRC) will help with these matters. When it comes to the future of network security threats, I believe that artificial intelligence (AI) will begin to play a much larger role in offensive and defensive network operations. AI has started to emerge recently, with some AI-powered systems already being used in some business operations. Although these systems help automate tasks, they are also becoming known as promising attack targets due to AI systems containing large amounts of data. It is assessed that these systems will be used to help automate network probes looking for vulnerabilities that could be exploited on the target network. Additionally, these AI-powered systems can be used to create social engineering attacks, like spearphishing, that are even more sophisticated by creating extremely realistic video and audio or well-crafted emails designed to fool targeted individuals. This is worrisome because, just like the various toolkits that are available online, these systems would give an amateur attacker the ability to launch much more sophisticated attacks (Zinatullin, 2018).

The upside these emerging AI-powered systems is that they can also be used to help defend the network from intrusions. The same AI systems that can be used by attackers to probe a network can also be used by network security administrators to probe for open vulnerabilities. For example, an AI-powered system could launch simulated attacks on a network periodically, hoping that it will identify a vulnerability that can be closed before it is exploited. As for GRC, the need for AI is rapidly increasing. As stated above, the ability to discover security vulnerabilities with the use of AI-powered systems is significantly enhanced. However, there is still a need for human analysis, and from the human analysis, GRC can learn to monitor for the emergence of high-risk vulnerabilities and orchestrate corrective actions that can prevent a major incident or failure (Muzzy, 2017).

Sources:

Muzzy, L. (2017). HOW ARTIFICIAL INTELLIGENCE CAN INFLUENCE GOVERNANCE, RISK, AND COMPLIANCE. Nasdaq. Retrieved from https://business.nasdaq.com/marketinsite/2017/How-Artificial-Intelligence-Can-Influence-Governance-Risk-and-Compliance.html. Retrieved on June 25, 2019

Zinatulin, L. (2018). Artificial Intelligence and Cybersecurity: Attacking and Defending. TripWire. Retrieved from https://www.tripwire.com/state-of-security/featured/artificial-intelligence-cybersecurity-attacking-defending/. Retrieved on June 25, 2019

-Charles J

Draw from Chapter 1 and cite your textbook at least once (and also add it as a reference at the bottom of your post).

Break your post into two or three paragraphs so it is not one long paragraph.

Assignment questions: 200 (Two Hundred) word count minimum for initial post:
How would you describe your personal ethics? Is that different than your business ethics? Describe some of the major influences in your life that contributed to your ethics and value system. Do you think ‘greed is good’? Can a free market economic system survive without greed?

Directions for replies:
Post your initial response to the above questions and then respond to one other classmates’ postings by the due dates.

You must post first before you can see posts from other classmates. At least one citation (Text or outside research) is also required in your reply to classmate. For reply, while no specific word count, it must also further the conversation and include more than ‘I agree’ or ‘great post’