Structured External Assignment Help

Every organization is faced with some kind of risk or threat that could cause an interruption to the organization’s operations. These risks and threats can be internal or external. To prepare for these events, organizations must focus their attention on how to assess different types of risks to protect the organization from the possible negative effects.  Performing a risk assessment is one of the most important steps in the risk management process.
A Risk Assessment is periodic assessment of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization.  Many organizations perform risk assessments to measure the amount of risks that could affect their organization, and identify ways to minimize these risks before a major disaster occurs.

In this paper the student must identify the risks and potential effects associated with the areas of the organization pertaining to security and disaster recovery.

Please be sure to include the following:

• Introduction of the organization
• Overview of the IT department and personnel
• Discuss the occurrence or breach or disaster that has happened.
• Perform a risk assessment and threat identification section for the organization that you have chosen, as outlined in CHAPTER 2, 7, 8, and 9 in RISK ANAYSIS AND THE SECURITY SURVEY. This section should point out the organizations weaknesses or vulnerabilities.  This will be your hypothesis as to why the breach or disaster has occurred. 
• Create a response plan as identified in Chapter 14 of RISK ANAYSIS AND THE SECURITY SURVEY.
• Be detailed in your response plan as this will be the most critical part of your paper. You can create your own response plan even if the organization has its own plan. This plan will be in direct response to remedying the issues that were caused by the breach or disaster. 
• 7 page minimum NOT COUNTING TITLE PAGE, REFERENCE SECTION, TABLE OF CONTENTS
• Structure:

• No less than 7 pages
• No plagiarism
• APA format
• Master’s level work expected
• Correct punctuation, spelling, and grammar are essential.
• Must have a cover page with course name, student’s name, date, and title of paper.
• Pages must be numbers.

Staff Conflict Assignment Help

What Happened? I was walking to my office from the car parking at 10am on Monday when I noticed disorder in the staff office. Darmian and Pereira were shouting at each other while standing and they looked visibly upset. They saw me through the window and stopped arguing then sat down. I proceeded to my office without a word.

What are my emotions? I wondered why Darmian and Pereira were in the staff office in the first place. They worked in the workshop and it was working time. I was disappointed with them because they were not working when they were supposed to be. I was also disappointed with the staff officer, Eva, because she let them argue in her office. Two departments of my company, the staff office and the workshop, were at a standstill so valuable working time was being wasted.

Impact on my image? I noticed other employees watching me as I walked to my office after I saw the incident. I then knew that the issue would be followed closely by them to see how I dealt with the issue, which was clearly compromising work. Thankfully, there were no customers or visitors to the company therefore I was sure it would remain an internal matter. The external image was unlikely to be affected.

Do I seek a win/win outcome? Darmian and Pereira are one of the best workers in the workshop while Eva managed staff affairs effectively so my intention was to keep them in the company. However, they were costing the company money by not working when they were supposed to be. Therefore, I also wanted to find a solution to ensure employee conflicts did not occur anymore and that working time was optimised on.

Neutral Observer Story:

Me: Eva, you have a minute?

Eva: Sure, boss.

Me: I noticed this morning that there was an argument in your office, what was the problem?

Eva: Darmian and Pereira were arguing over overtime pay.

Me: But you are in charge of overtime pay, right?

Eva: Yes I am.

Me: Come to my office with the two of them at 2pm, okay?

Eva: Yes boss.

Is it safe? Eva looked nervous when I said that I wanted to talk to the three of them. This made me think that maybe she was in the wrong. However, I wanted to be fair in solving the issue therefore I decided that I would listen to everyone’s side of the story.

What’s their story? Tell your story:

Me: Hello, please sit.

Eva, Darmian and Pereira: Thank you.

Me: I saw arguing in Eva’s office in the morning, and I am sure you saw me too. So what was the issue? Pereira you go first.

Pereira: Last week I worked more hours than Darmian. We left work at the same time except on Thursday, when I worked an extra two hours. However, I am disappointed because he received more overtime pay than me.

Me: How do you know this?

Pereira: I sneaked into Eva’s office and checked the overtime records. The records showed that Darmian worked two more hours each day than I did, which is not true. I went to confront Eva and Darmian found me complaining and defended her so we started arguing.

Eva: Pereira wanted to be awarded extra pay for hours he did not work or threatened to report the issue to you. That is blackmail, boss.

Me: Eva, your time to talk will come. Darmian, did you get more overtime pay than you deserved?

Darmian: Yes I did.

Me: Eva, explain why that happened.

Eva: Darmian approached me last week but one and suggested I could award him extra overtime pay then share it between us. I stupidly agreed and that’s why we are here.

Darmian: I am sorry boss. That was greedy of me. It won’t happen again.

Me: Thank you for your honesty. You were stealing from the company which is a vice that could make you lose your job. I am very disappointed with you.

Co-create Options:

Eva: Boss, I promise that this will not happen again. I am very sorry.

Me: A promise is no guarantee, what do you suggest should be done to make sure this never happens again, ever?

Eva: Firstly, I am willing to accept a penalty for what I did. I suggest a week’s wages would be acceptable. Secondly, I suggest that the overtime hours records may be computerised.

Darmian: I am also willing to accept the penalty Eva suggested, just let me keep my job.

Me: Pereira, any suggestions?

Pereira: Yes boss. I think it would be fine if the gatemen kept records of when staff arrived and when they left.

Me: I don’t think that’s a good option, thanks anyway. I suggest that we introduce electronic cards which you will swap in a machine as you enter the workshop and as you leave. The machine will be computerised and will keep record of each workers entrance and exit time. That solves the records problem. The company money lost will be recovered from your two weeks wages, Darmian and Eva. Any objection?

Eva: No Sir.

Me: May this also serve as a warning to you all. This kind of behaviour will not be accepted here. You are lucky to keep your jobs.

Eva: Thank you boss.

Pick the best option:

Me: An electronic recording system will be introduced to keep records of working hours. Each employee will be issued with a unique electronic card. This would ensure that employees would only be paid for work they did and that the company would not lose money through employee dishonesty. A two week wages fine was given to Darmian and Eva to serve as a warning to all employees and to recover company money that they stole. On the argument issue, I want all complaints from this day to be brought to me or a suggestion box which I will attend to personally on a daily basis. Let’s put this issue behind us and work together to move this company forward.

Follow-up:

Each employee was assigned with an identification number which was then used in the electronic cards. In two weeks, the cards were processed and issued to each employee. Company income improved by 8% in a month.

Through the suggestion box, I got to receive and attend to various employee complaints, for instance, I installed fans in the workshop after an employee suggested that it sometimes got too hot.

Improved Relationship:

I noticed better relations between co-workers. They looked happy and chatty when on breaks and as they left in the evening. Relations with my employees also improved and most of them began talking to me when they had issues. The company became a happy working place.

I was happy as a manager to have come out of the issue with only positives for everyone; the employees, myself and most importantly the company.

 Strategic Marketing  Management Assignment Help

Assignment Cover Sheet

Course/Unit Information
Course	Pearson BTEC Level 7 Extended Diploma in Strategic Management & Leadership
Unit No.	Unit-7
Unit Name	Strategic Marketing  Management
Unit code	Y/602/2065
Batch

Learning Outcomes and Assessment Feedback

Name of the Assessor	Surya Praveen
Learning Outcomes	Assessment Criteria (AC)	Assessor Feedback
LO 1	TASK 1
Understand the principles of strategic marketing management	1.1 - discuss the role of strategic  marketing in an organization
	1.2 - explain the processes involved in strategic marketing
	1.3 evaluate the links between  strategic marketing and corporate strategy
LO 2
Understand the tools used to develop a strategic marketing strategy	2.1 - assess the value of models used in strategic marketing planning
	2.2 - discuss the links between strategic  positioning and marketing tactics
	2.3 - analyse the merits of relationship marketing in a given strategic marketing strategy
LO 3	TASK 2
Be able to use strategic marketing Techniques	3.1 - use appropriate marketing techniques to ascertain growth opportunities in a market
	3.2 - plan how to use marketing  strategy options in a market
	3.3 - create appropriate strategic  marketing objectives for a market
LO 4
Be able to respond to changes in the marketing environment	4.1 - report on the impact of changes in the external environment on a marketing strategy
	4.2 - conduct an internal analysis to identify current   strengths and  weaknesses in a marketing  strategy
	4.3 - propose strategic marketing  responses to key  emerging themes  in a marketing strategy
Over All Result/Grade:  PASS/REDO/FAIL            Date:

General Guidelines

(Please read the instructions carefully)

1. Complete the title page with all necessary student details and ensure that the signature of the student is marked in the declaration form.
2. All assignments must be submitted as an electronic document in MS Word to the LMS (Use 12 Times New Roman script).
3. Assignment that is not submitted to the LMS by the prescribed deadline will be accepted ONLY under the REDO and RESIT submission policy of Westford.
4. You will PASS the full assignment task only if you achieve “AC Met” in each of the Assessment Criteria.
5. The results are declared only if the student has met the mandatory attendance requirement of 75% and/or a minimum of 50% under extenuating circumstances approved and ratified by the Academic Director. The student has to repeat the module (with additional fees applicable) if the attendance is below 50%.
6. Students can refer Wikipedia as a source of information, but the references cited in Wikipedia has to be mentioned.
7. Submit the assignment in a MS Word document with the file name being:

First Name Last Name_ abbreviation of the subject.

Example: John Smith_SMM.

Quick reference Checklist for the Faculty/Instructor to accept/reject the assignment before evaluation:

1. Harvard Referencing System and Citations are strictly followed.

Family Therapy Assignment Help

This report contains the necessary concept of the family therapy. The report is based on the research made by the therapist Murray Bowen. Bowen referred different healthy and unhealthy issues within the family therapy. Refereeing the issues he suggested different concepts which are described below. The eight interconnected theories which are constructed by him on different situation of family tension are illustrated through this report. These eight interlocking systems are referred on different situations of family. The therapy techniques, normal family development and the techniques referred by Bowen are also added in this essay.

Explain the concepts of healthy and problematic family development in experiential family therapy.

Bowen family system theory is based on the human behavior theory. This theory leads to the concept which indicates the family as the emotional unit. The theory describes different complex interactions within the unit. Dr. Murray Bowen, psychiatrist, originated the theory of family system with eight interlocking concept. (The Bowen Centre., 2016) He explained his theory on the concept of how a family develop and function. Bowen explained two forces which are associated with the theory- togetherness and individuality. Too much individuality results in an isolated and separated family.  On the other hand too much togetherness causes synthesis and prevents individuality and reduces the development of own sense of self.

Bowen in the basis concepts of family theory described eight interlocking system:

Differentiation of self: this is associated with the ability to separate the feeling and thoughts. The people with undifferentiated mind cannot separate their feelings and thoughts. The concept can be better understood through its counterpart emotional fusion. The emotional fusion is the tendency where family member share their emotional responses. In such condition there is small space in the emotional autonomy as a result of poor interpersonal borders within the family members. The undifferentiated people are more independent on their family to define their feelings. (sagepub.com, 2016) Differentiation is the process which gives the idea on how one can free own self from the family’s possession on defining own self. This process develops the ability to have different vision and different opinions than the family members while staying connected to the family members emotionally. This is related to reflect calmly on the critical interaction and realise on own role in this.  A member of differentiated family is able to restrain the anxiety and address own emotional issues. (The Bowen Centre., 2016)

Emotional system: family emotional system contains the emotional thoughts, feelings which are associated with the members. The debate of nature versus nurture is associated with the family system. (The Bowen Centre., 2016) Different family emotional processes are:

Nuclear family emotional process: this process flows through the family from generations. It gives four family relational patterns to describe the problems over families. Clinical problems and other issues are developed during the heightened and prolonged family tensions. The tension level is defined on the development if the stress by the family unit and the connection with the social networks and family members. (sagepub.com, 2016)

Marital conflict: with the extension of the family tension the spouse gets more anxious which reflects on the relationships. In the situation of stress each one focuses on others’ and tries to control other one. (Met calf, 2011)

Dysfunction in one spouse: this situation arise while one souse of a marital couple tries to put pressure on other’s thinking and actions in particular ways then the other one get furious over the situation. While both of them tries to accommodate for preserving the harmony it has been seen that one is trying more. (The Bowen Centre., 2016) With the increase of the tension the one spouse give up on self control which gives rises to the anxiety. The anxiety gives rises to the social dysfunction, psychiatric and medical development. . (sagepub.com, 2016)

Impairment of one or more children: this situation arises when spouses tend to focus their anxieties over one or more of children. They have negative view over the child or worry on particular cause. As the increase focus of the parents the focus of the child also increased. That child became more reactive than other siblings in needs and parents’ expectation.  (sagepub.com, 2016)  The process reduces the child’s differentiation from the family.  The child’s anxiety can damage his performance in the school, his health and social relationships.

Emotional distance: this theory is related to the people’s emotions. When people try to distance themselves from the other to reduce relationship intensity then he/ she become more isolated in the process. These patterns create family tensions in certain family. . (sagepub.com, 2016)

Family projection process:  this primarily concern with the parents transmitting their emotional problems into their child. Projection process can damage the performance of one or more children and raise their weakness to medical symptoms. In this children tend to inherit different types of problem and also in certain cases strengths.  (sagepub.com, 2016)  The problem that they inherit reflects on their future relationships’ sensitivities like difficulties in dealing with expectations, heightened requirements for consideration and endorsement and the tendency to blame others, having sense of responsibilities over others’ feelings and happiness and rather than tolerating the anxiety acting impulsively on it. (The Bowen Centre., 2016)  On the intense projection process the child develops strong sensitivities over relationships. This also increases susceptibility of the child to the symptoms by developing behaviours that rise chronic anxiety in a relationship system. In certain cases it has been seen that the parents are more focused on the child as they are thinking that they have not given enough love or satisfactory aspects to the child. In this way they are less careful about the siblings who led the siblings to have more mature and reality based relationships with their parents. . (sagepub.com, 2016)

Mutigenerational transmission process: this process involves the method which refers to the transmission family emotions through generations of multigenerational family. The degree and nature of intensity are passed down from generation to generation. This entails how the whole family is related to the family projection process the small differences into the levels of differentiation between parents and children flow through other generations for marking the differences in differentiation within the members of the family. (The Bowen Centre., 2016) The information of the differences is flowed through the relationships over different generations. It involves more recognition process in the family history. This occurs through interconnected levels through various processes such as conscious teaching and information learning to the unconscious and automatic reactions of emotions and behaviours. As the family members continuous this process over several generations they also tend to refer to the previous generations. In this process the emotional expression and the physical forces are combined together for allowing the expression of a symptom. It predicts that the symptoms will reappear or a new system can appear in other family member. . (sagepub.com, 2016)

Emotional triangle: it is the network of relationship among three people. It includes the methods of building the molecules of the larger system of emotion as it defines that a triangle is the smallest stable relationship state. This state of system can contain more tension among the three relationships the tension is spread through a series of interlocking triangles. This method indicates that spreading the tension will be able to minimise tension or stabilised the system. People’s deeds in a triangle mirror their efforts to declare emotional attachments, their responses to higher intensity within the attachments, and taking sides in others’ divergences. It generates odd man out which is affected to the anxiety. Within the triangle the patterns change with the changes in the tension intensity. When the tension is higher two remain calm as insiders while the odd man out or the third person is the outsider being uncomfortable. The outsider is excluded from the activities of the insiders. Within triangle one is always forcing for charge and uncomfortable. The insiders create strong bond in their relations over the less desirable outsider which lead the feeling of sense of rejection raised.

Sibling position: Bowen suggested that the siblings have different effects in the family unit. While the older one has more responsibilities and more mature the younger one possesses immaturity and is overly irresponsible. Bowen created the conceptualization of the importance of sibling position which is reflected in the work of Toman. (sagepub.com, 2016)  Toman stated 10 different types of traits within each sibling and how these influenced on their behaviour and relations with the parents. Bowen referred to the sibling position for assessing the degree of differentiation and also reflecting the process of mutigenerational projection. Having similar position in the sibling people tend to show marked differences in functioning. (The Bowen Centre., 2016)

Societal regression: this concept reveals the how an emotional behaviour manages over the societal level. By considering its suggestion an example can be formed that if we consider the level of anxiety of society over the terrorist attack of 11th September, 2001 then we will see the impact of social failure. (sagepub.com, 2016)  This regression are seen in the family as the parents treating their child with juvenile delinquents which leading to the parents control over the child ineffectual in a vast manner. In these cases the parents express their disappointments and imply harsh punishments which led the child to lie for getting around to the parents. Many courts seemed the juvenile treatment as a poor parenting. (The Bowen Centre., 2016)

Emotional cut offs: it refers to the unresolved issues with the parents and the siblings through cutting off the attachments with them. While cutting off all the contacts or moving away from going while contacting them often, they cut off all sensitive issues. Through this the people try to reduce the family tension while making risk in posing too much importance for the new relationships. In the first stage it seemed to be effective while in later stage the patterns taken by the people leads to jeopardise relationship. . (sagepub.com, 2016)

Normal family development: Bowen imposed the fact that family development occurs when the family members maintain healthy emotional contact. The normal family developed when:  They balance within the two terms togetherness and separation, Have the ability to adopt changes within family environment, Connected across generations towards extended family, Encompasses little distance and fusion in emotions, Have the ability to tolerate and also support the members who posses different views and values and Have the awareness of the external and also internal influences over the family issues. (Goldenberg, 2012).

Goals of the therapy:

The treatment of family to reframe the problem as a multigenerational problem, Lowering the anxiety and the turmoil faced by the family, To use the therapists as a healthy triangle, Opening the ties with the cut off members and Addressing the differential power in the family. (Rasheed, 2010)

Techniques: Bowen did not prefer the therapeutic techniques in the family therapy. He referred the basic techniques like questioning the family members and constructing a family genogram.

Questioning: it is a therapeutic session to conducting an interview to have differentiation. Factual questions are used to develop the genogram which provides the understanding of the problem to both therapists and clients. (Titelman, 2014)

Structuring: family members would be invited for having the interview. It includes calm discussion about the struggle and situation.

Responding: with the responses of the clients and the therapists the anxiety in the room gets more conscious and gives the opportunity to address them directly. (Titelman, 2014)

Conclusion

The report describes the family therapy which was clinically researched by Bowen. It is an effective theory for solving the marriage and family issues. It symbolises a living organism. Through this therapy concept the social and cultural forces and their impacts on our values and the values of families, are observed clearly. Bowen significantly referred these concepts for representing the healthy and unhealthy issues within family and the reason behind them. He through these concepts represented our thoughts over how the world works. He spelled out the relationship within the differentiation and anxiety.

E-commerce Assignment Help

eBay Inc.  is an America based MNC and e-commerce company that provides customer-to-customer and business –to-customer sales services through the internet.  The headquarters of eBay is situated in San Jose California. Pierre Omidyar was the founder of ebay. He started the company in the year 1995 and gained success from the dotcom bubble. Today the operations of the company is spread over thirty countries across different continents ("Hackers steal up to 145 million user records in massive eBay breach", 2014).  The company runs an eBay.com website, which is an online auction and shopping website where both the customers and the suppliers could buy and sell their goods respectively. Other than the auction-style –shopping, the website also runs “Buy it Now” shopping through the UPC, ISBN and the other types of SKU, classified online advertisements, trading of the online event tickets and other services. Before 2015 eBay also provided the customers online money transfer facility. Though the website is free for the customers but the sellers has to pay up charges as per the items that are listed by them on the website (Romanosky, Telang, & Acquisti, n.d.). The revenue generation of eBay takes place through a complex system that comprise of fees for the services it offers, listing of the product features and a final value fee for the sales that are proceeds by the sellers. As per the record of year 2012, the nominal charges for the U.S based ebay.com is around $0.10 to $2, which is generally based on the opening or reserved price, with no adornments.  In general the final amount is equal to 10% of the total amount of the sale along with the cost of the transportation.

The employees of the ebay play a great role in the day to day activities of eBay. Around 16,000 employees work for the company in different countries around the world. The company takes immense pride in its employees and takes good care of them. Since the employee satisfaction is important for the company to expand its operations in the different countries, thus proper human resource management is a major part of the company’s decision making.  In terms of the technology the company has added new concepts and security features in the eBay website. The company has designed its next generation software architecture which will help the company to increase its productivity and trading speed which will the company to expand its business operations by adding new businesses.  The new technological advancement of the company’s website will enable the company to run various services such as Paypal, Half.com, shopping.com and Skype. Further eBay has invested in increasing its storage capacity so as to accommodate the new service features. The new software programs employed by the company such as eBay’s new Ad context program will help the company to compete with the Google’s Ad sense program, which runs contextual online ads that are generally upon the keywords which are most searched on the net.  Being a company which is extensively dependent upon the internet technology and the software application, the company faces many cyber security threats for which it has to remain constantly vigilant and update its cyber security apparatus on a regular basis.  Especially after the data security breach in the company which was unearthed in the year 2014 it has become important to carry out a risk assessment of the company’s cyber security.

In this research study the researcher will conduct a risk assessment of the company’s cyber and security. In order to make any assessment and provide recommendations to the company, the researcher will first conduct a Risk analysis and security survey, which will help the researcher to get a clear understanding to the data security and cyber security apparatus of the company.

Data Breach:

The eBay security breach was reported by the company in the year 2014. On May 21,2014 the company informed the media that the consumer databases which has their usernames, passwords, phone numbers and corresponding addresses have been breached. According to the company the data were breached between the February and the early march. The company advised all its users to change their passwords immediately. To fast track this process the company has added a change feature to the user’s profile who had not changed their password. The responsibility of the cyber attack was taken by the Syrian Electronic Army, As per the SEA, though they were able to successfully breach the details of the consumers, they will not misuse those details. The SEA was able to successfully put their logo on the front page of the company’s website. As a result of this security breach the share prices of the company plunged.

The cyber security experts have criticized the company for not taking adequate and urgent steps even after knowing that it’s security has been breached.  EBay was attacked by the “cross-site scripting attack” , which users of the company’s website to be directed to a spoof site which is designed to steal the credentials of the company (Mathieson, 2007).  The spoof site was designed similar to the company’s home page which made the users believe that were browsing the original website, then the visitors were redirected to a subsequent sites before they came to a site which asked them about their user log in id and password. As per the cyber security experts the company did not took the matter seriously and thus they took long time to detect the intrusion, almost two to three even on the accounts of the company’s own description. The attackers were able to infiltrate into the data and credentials of the company’s employees along with which they succe4ssfully exfiltrated the company’s data without any detection. The company has been criticized as its cyber security apparatus was not proper to tackle such attacks where as the threats that can arise from cross-site scripting is known for many years and the necessary precautions that should be undertaken especially by such firms like that eBay which have huge number of customer data and business information.

Perform a risk assessment and threat identification

The main purpose of this risk assessment survey is that it will be helpful in identifying the threats and vulnerabilities which are related to the eBay’s online portal. This risk assessment will be used to make the risk mitigation plans.

1. i) Scope of the risk assessment:

The online system of eBay comprise of the various systems such as the interface for the external customers which allows the users to input their information. The online application on the company’s website is based on the applications which are generally developed and maintained by eBay. This application is made with the Microsoft’s Internet Information Server and the Active server pages are used. There is an interface with the user registration database and the PayPal- which is an e-commerce payment platform that is provided by a third party. The application of the company is hosted by the It department of the eBay. The physical components of the company are housed in the company’s headquarters (Holden, 2009). The scope of the assessment comprise of all the components that has been discussed, except of the PayPal. The interface of the PayPal which managed by the IT department of the company is within the scope of this assessment.  Also the scope for this assessment comprise of all the supporting systems such as the : eBay network segment and eBay firewall. The web application, database of eBay and the operating systems which provides support to these components are all in the scope of this assessment.

Participants:

Role	Participant
System Owner	Pierre Omidyar
System Custodian	Thomas J. Tierney
Security Administrator	Devin Wenig
Database administrator	John Smith
Network Manager	Mary Blue
Risk assessment team	Elaine Ronnie, David Slim and Tom Sample

Techniques Used:

Techniques	Description
Risk Assessment Questionnaire	The members of the assessment had customized version of the self-assessment questionnaire in NIST SP-26 “Security Self-Assessment Guide for Information Technology Systems”. This questionnaire helped the team to identify the risks.
Assessment Tools	Different security testing tools were used to carry out the assessment so as to review the configuration of the system and to identify the vulnerabilities present in the application. the various tools that were used were nmap, nessus and Appscan ("Data breach activity is getting worse", 2007).
Vulnerability Sourcers	There were several sources of vulnerability that were accessed so that the potential of the vulnerabilities can be identified. The different sources that were accessed are as follows: ·         SANS Top 20 (www.sans.org/top20/) ·         OWASP Top 10 (www.owasp.org/documentation/topte n.html) ·         NIST I-CAT vulnerability database (icat.nist.gov) ·         Microsoft Security Advisories (www.microsoft.com/security) ·         CA Alert service (www3.ca.com/securityadvisor)
Transaction walkthrough	For this assessment atleast one transaction of each type was selected and each of the transactions were walked through the application in order to get a better insight of the flow of the dart and the control points.
Review of the Documentation	For carrying out the assessment, various documents such as the security policies of the eBay, documents related to the system, diagrams of the network and the operational manuals which are related to eBay (Cheney, n.d.).
Interviews	In order to validate the information various interviews were conducted.
Site Visits	In order to conduct an assessment of the physical access and the environment control a site visit was done.

Risk Model:

For the identification of the risks that are related to the eBay the belo given model was used for classifying the risk:

Risk = Threat likelihood × Magnitude of impact

Likelihood (Weight Factor)	Definition
High (1.0)	The source of the threat is highly motivated and the has sufficient capacity and controls  so as to prevent the vulnerabilities from being exercised are ineffective.
Medium (0.5)	The source of the threat is motivated and is capable, but there are controls which may restrict the successful using the vulnerability
Low (0.1)	The source of the threat lacked motivation or capability or the controls are in place to restrict any significant impact on the vulnerability being exercised (Black, 2007).

System Characterization- Technology Components

Component	Description
Applications	The application is developed using the Microsoft Active server pages which were running under the Microsoft Internet Information Server 4.0
Databases	Microsoft SQL server 2000
Operating System	Microsoft Windows NT version 4.0 SP 2
Networks	Checkpoint Firewall Routers of Cisco
Interconnections	Interface to PayPal
Protocols	For transmission between the web browser of the client and the web browser, SSL is used.

System Characterization- Physical Location

Location	Description
Data center	775, Sample Street, New York
Help desk	8820, Any road, New York
NOC	100, MDH avenue, New York

Data Used by the system:

Data	Description
Personally Identifiable information	Comprise of : ·         Name ·         Address (current and previous) ·         Phone Number ·         SSN # ·         DOB
Product Information	Comprise: ·         Product description ·         Product Code ·         Price of the product
Financial Information	·         Credit card # ·         Verification code ·         Expiry date ·         Card type ·         Authorization reference ·         Transaction reference
Tax	·         Service tax

Users:

Users	Description
Customers	There can access the system through the web browser. They are able to purchase the products by entering the details of the credit card. they are also able to change or enter their personal details
eBay IT Personnel	Their responsibility is to manage the system along with the firewalls and the networks. They are also helpful in maintaining the security configuration of the system.
eBay Operations	They are helpful in utilizing the information that are contained in the database of the eBay for taking management decisions (Bisogni, n.d.).
ebay Offices	The  eBay application is used for in-person renewals

Vulnerability Statement- The below mentioned potential vulnerabilities were identified:

Vulnerability	Description
Cross-site scripting	The web application is used as a tool to attack end user
SQL injection	Information in the web application not validated
Password strength	The passwords used in the web application are not properly formulated
Unnecessary services	There unnecessary applications on the web server
Disaster recovery	There are no procedure for the safeguard the system from any type of disaster
Lack of documentation	There is no proper documentation of the System specifications, design and operating processes
Integrity checks	There is no way to check the integrity of the data input into the system

Threat Statement- The following threat sources were identified which are applicable to eBay:

Threat Source	Actions taken by threat
Hacker	• Web defacement • Social engineering • System intrusion, break-ins • Unauthorized system access
Computer criminal	·         Identity theft ·         Spoofing ·         System intrusion
Insiders	• Browsing of personally identifiable information • Malicious code (e.g., virus) • System bugs • Unauthorized system access
Environment	Natural disaster

Response Plan:

Observations	Recommended controls
The passwords of the users can be guessed or they can be cracked	Special characters to be used for the passwords
The possibility of Cross site scripting	All the headers, cookies, quesry strings, form fields and hidden fields should be validated
Inappropriate extraction of the data	It has to be ensured that all the parameters are validated before they are used. All the parameters should be checked against a strict format
The running of the unnecessary services on the web server and the application server	To remove the unnecessary services the system has to reconfigured