What are kind of changes we can encounter during the life cycle of a product either

hardware or software /

1. Depreciation

( In IT When does really the slack happen and when does the value or cost of the
product peaks up )

2018 --Jan

Invested in a Huge Server

Data Ingestion has to place on this server , followed by conversion of entire raw
data set into processed data

( timeline 6 -12 months)

2019 -- Jan -- Business Users have started using Data Warehouse Environment

2020 -- Jan -- Reached Full Throttle

2021 -- Jan ( Purging a lot of data)

2022 - Jan and by 2023 - Jan

2. Software Acquisitions

Matrix Based Project Organization Structure

Alignment of REsources lies with the PRoject Manager

Your company has three different verticals

Financial Services

HealthCare Services

Telecom Services

Potential customer : Oil and Gas Industry : CAirns Oil Limited.

Solution Architects / Enteprise Architect

Refer to a Domain Expert : as a external consultant ( fundamental background of oil

and gas sector)

Project Manager

Matrix Based Organization -- Difference the reporting structure is such that a

given person working on project
could be reporting to two or more people.
Pure Project Organization -- Classic reporting Structure

Example -- MArketing Department whereby the Vice President of Marketing is the

overall lead

Marketing Manager , Business Development Leads , Business development Associates ,

Business Development Interns

In a pure project organization the reporting structure is well laid out but in
practice how the tasks are laid out
could be poor.

Influence Based Project Organization -- The reporting structure will get formed /
changed depending on the project
requirements.

1. Project Initiation ---

1. Quality Auditor 2.Systems Auditor

Construction Company --- System Auditor ---

Software --- 1. Quality Auditor -- 2. IT Auditor --

Where the Questionnaires / Templates

1. Third Party Risk Management

Whom should I choose for an audit ?

CERT-IN auditor.

1. CREST Certified Consultant

2. Hitrust Certified Assessor

3. Shared Asssessments : CTPRA

4. NIST Certified Practitioner

5. Open FAIR

6. CAP

Auditors

1. IOT
2. Cryptocurrency
3. Metaverse

Developing a software. Software Size ? How do you estimate the cost of the software
?

1 million lines of code in my software ? Software is built on COBOL language ?

1 million USD ?

C++ code 50,000 . Software Complexity

Project

1.A -- 1 month to complete == 5 months 4

2.B -- 6 months to complete -- 6 resources

3.C -- 4 months to complete -- 4 resources =2 month 4

4.D -- 2 months to complete Slack Time -4 ho 2

13 months

Critical Path Methodology -- Activity B takes the longest which is 6 months -- 6

resources

10 resources in a projecy

Focal Area in CPM is the activity which takes the longest time

PERT

Optimistic ( Best)

Pessimistic ( Worst)

Normal ( Most Likely)

Activities in a project could be dependent on other activities of the project.

RAD -- Rapid Application Development

Revenue Management Software -- Castle Resorts and Hotel based in NZ and Hawaii

Object Oriented system development -- Aviation Industry

Inflight Entertainment system

1.Airbus 2. Boeing 3. Embraer

Any company which provides inflight entertainment software will want to have the
same software rolled out on different kind of planes.

Kali Linux
Variant of RedhAt Linux known as CentOS

MySQl : Oracle purchased SunMicrosystems in 2009

Storage Technology

Downloading the content from internet

1. Data Mirroring

2. Data Striping -- Distributing data in equal proportion across all set of

available disks.

If you want to increase write performance and at the same time get fault tolerance
you need to sued both data mirroring and striping techniques

Combine mirroring and striping technique

Parity Bit allows you to reconstruct data

Partity Bit with metadata

1234567
2346715

Integration testing -- Testing the interdependence of two or modules

Regression Testing -- We have gone a Oracle DB upgrade from Version 11 to Version

12

There was a realization that a core of SQL statement for the application were
failing.( Regressed SQLs scenario)

Rollback the functionality to the previous version to make that business related
SQL statements are working correctly.

Pilot Testing - Conduct a POC to test a new feature or requirement

Parallel Testing -- ERP application Like Peoplesoft , Oracle EBusiness Suite or

SAP We have upgraded the SAP application environment

For some time period you will let the old system continue to run along with the
newly upgraded SAP system.It is decided to run this feature upto a month's
timeframe.

Domain 5 - Notes

Physical Controls : Fencing , Bollards

System Access Rights : How frequently are these access rights reviewed ? What about
any kind of policy there for Privileged Access ?

Logging : Auditing Server / web applications / databases

You will be auditing for privileged acceess ? Where are logs getting stored ? IF
logs are getting locally on the server , it is an area of non compliance
because administrators can manipulate the log files.

ls -ltrh alert.log - SHUTDOWN comamnd with timestamp in Oracle .

touch -t - Allows you to modify the timestamp of a file

sar, vmstat mpi

ls -ltrh alert.txt

If the logging process was centralized and kept in a syslog server in a remote
location , an admin can do no manipulation.An admin can only have read only access
on syslog server.

FIM -- File Integrity Monitoring software -- Tripwire

NCSC -- Incident Response

UEBA - User Entity Behavior Analytics

Type 1 -- something that you know : password

Type 2- - something that you have : OTP

Type 3 -- something that you are : retina / IRIS , Thum impression

SASE - Secure Access Service Edge -- Controlling the WAN layer at the end of your
ISP and at the start of target ISP.

The moment your ISP line you ends you enter a private backbone networks and it
continues to be ther till you reach the closest ISP of your target system

DLP + next gen firewall + next gen AV + IDS / IPS

Amalgamation of your WAN networking / Security Policies / Controls in one single

package.

Problems with WEP , WPA , WPA2

WEP -- 2 forms of authentication OSA- Open system authentication , PSK - Preshared
Key -- Always static ( 1st problem)

IV - Initialization Vector Salting

104 bit value 40 bits were reserved rest 64 bit were used as IV -- IV is a
random value

f(Plain Data) = Encrypted Data

key(function f contains = 40 bit string XOR 64 bit value IV Value) = Encrypted

Data ( Value)

IV Value Kept repeating at regular intervals : After 100 random IV values your IV
value started repeating : Hackers were able to figure that IV values were
repeating

WPA -- TKIP - Temporal Key Integrity Protocol -- Static KEy value was removed.WPA
could be cracked.

WPA2 : AES Advanced Encryption Standard.

Bastion Host is a hardened operating system designed to withstand cyber attacks

1. Screened Host Firewall - EXternal Network , 1 single packet fltering router ,

Bastion Host with single interface connected to the internal network

2. Dual Homed Firewall - EXternal Network , 1 single packet fltering router ,

Bastion Host with two network interface out of which the second network
inferfacconnected to the internal network
interface connected to your internal network

3. DMZ ( Screened subnet Firewall_

Open source IDS/IPS systems -- Snort and Suricata

1. Host Level 2. Network Level

1. Signature 2. Statistical or Anomaly

Bastion Host is a hardened security system whereas A Honeypot is counter opposite

of BH and it is a system that is deliberately designed as vulnerable system.

Asymmetric encryption

A = A public key and A private key

B = b public key and B private key

Before data exchange takes place between A and B both parties will exchange each
other's public key with the other party.

Scenario becomes now like this

A = A public key , A private key , B public key

B = b public key and B private key , A public key

Why are we exchaning each other public key

Case 1 : When A is sender B is receiver : A will encrypt the data using B public
key and send data to B.B receives data in encrypted data and thereby decrypts

the data using his own private key

Case 2 : When B is sender and A is receiver - Here B will encrypt data using A
public key and send data to A in encrypted format.A on receiving encrypted
data decrypts the data using A's own private key