Instructor

What Are the Risks of an Implementation Plan?

As is the case with any well-thought-out project management plan, there are risks involved. When it comes to an implementation plan, the main risks of program failure can involve the inability to get either buy-in or resources from stakeholders, business partners or team members.

Sometimes this could be because of a resistance to change, a loss in confidence among staff or even project management flaws such as a lack of prioritization from leadership. Whatever the case may be, it all comes down to communication. If you’re communicating goals across team members well as well as reporting data efficiently (and thus, getting buy-in from stakeholders), then those pitfalls really shouldn’t occur.

Outside of communication issues on a more rare level, there are factors outside of the organization’s control that can impact your implementation plan. This can include losing key personnel, destabilizing economic changes, new competition that has entered the market with a similar product and even natural disasters affecting your organization’s ability to produce quality work.

ref- https://www.projectmanager.com/blog/implementation-plan

Smoke Testing

You all must have heard IaaS, PaaS & SaaS. But let me introduce you to FaaS!

Functions as a Service (FaaS)

Functions as a Service (FaaS) adds another layer of abstraction to PaaS so that developers are completely isolated from everything in the stack below their code. FaaS is the concept of Serverless Computing. Instead of handling the hassles of virtual servers, containers, and application runtimes, they upload narrowly functional blocks of code and set them to be triggered by a certain event. FaaS applications consume no IaaS resources until an event occurs, reducing pay-per-use fees.

ref- https://www.esds.co.in/blog/cloud-computing-types-cloud/#sthash.15p0z1Cm.dpbs

DevOps development methodology

DevOps is not just a development methodology but also a set of practices that supports an organizational culture. DevOps deployment centers on organizational change that enhances collaboration between the departments responsible for different segments of the development life cycle, such as development, quality assurance, and operations.

Pros: DevOps is focused on improving time to market, lowering the failure rate of new releases, shortening the lead time between fixes, and minimizing disruption while maximizing reliability. To achieve this, DevOps organizations aim to automate continuous deployment to ensure everything happens smoothly and reliably. Companies that use DevOps methods benefit by significantly reducing time to market and improving customer satisfaction, product quality, and employee productivity and efficiency.

Cons: Even in light of its benefits, there are a few drawbacks to DevOps:

• Some customers don’t want continuous updates to their systems.
• Some industries have regulations that require extensive testing before a project can move to the operations phase.
• If different departments use different environments, undetected issues can slip into production.
• Some quality attributes require human interaction, which slows down the delivery pipeline.

ref- https://www.synopsys.com/blogs/software-security/top-4-software-development-methodologies/

How to Design Database: Steps of Designing Database

Database designing generally starts with identifying the purpose of your database. The relevant data is then collected and organized into tables. Then, specify the primary keys and analyze relationships between different tables for an efficient data design. After refining the tables, the last step is to apply normalization rules for table standardization.

• Define the objective of your database
• Locate and consolidate the necessary data
• Distribute the data into tables
• Change data items into columns
• Identify primary keys
• Determine how tables are related
• Enhance your database design
• Implement the normalization rules

ref- https://www.astera.com/type/blog/all-you-need-to-know-about-database-design/#:~:text=Database%20design%20is%20defined%20as,for%20the%20proposed%20database%20system.

Types of data models:

Conceptual data models. They are also referred to as domain models and offer a big-picture view of what the system will contain, how it will be organized, and which business rules are involved. Conceptual models are usually created as part of the process of gathering initial project requirements. Typically, they include entity classes (defining the types of things that are important for the business to represent in the data model), their characteristics and constraints, the relationships between them and relevant security and data integrity requirements. Any notation is typically simple.

Network Vulnerability Scanning

Kali Linux provides tools that are capable of scanning network devices such as databases, routers, switches and protocols such as SNMP and SMB. Here are the most common tools below:

1. CISCO Analysis

CISCO devices are susceptible to a number of vulnerabilities that can be assessed with a couple of tools. When auditing routers, Kali Linux ships with the Cisco Auditing Tool (CAT), which can help an attacker or penetration tester identify vulnerabilities ranging from SNMP community strings to old CISCO bugs and default credentials that can be used to gain illegal access to the router.

To test our host on Kali, we executed the command below:

#CAT -h 192.168.67.73 -w lists/community -a lists/passwords -i

CAT proceeds to audit for default credentials and SNMP community strings as shown above.

2. SNMP Analysis

Kali Linux also allows attackers and pentesters to obtain information from hosts with the Simple Network Management Protocol (SNMP) protocol. This can be extremely vital in preparing further attacks targeting the host.

On our attacking machine, we executed the command below and were able to get a ton of information about our target.

As can be seen above, we were able to identify the ethernet card information, how long the system had been connected via that card, the host name and, as shown below, the number of network interfaces with their respective information.

ref-https://resources.infosecinstitute.com/topic/vulnerability-mapping-with-kali-linux/#:~:text=Vulnerability%20mapping%20is%20an%20activity,%2C%20however%2C%20the%20same%20thing.

Here are three types of information security requirements:

Functional requirements describe what a system has to do. So functional security requirements describe functional behavior that enforces security. Functional requirements can be directly tested and observed. Requirements related to access control, data integrity, authentication, and wrong password lockouts fall under functional requirements.

Nonfunctional requirements describe what a system has to be. These are statements that support auditability and uptime. Nonfunctional security requirements are statements such as “Audit logs shall be verbose enough to support forensics.” Supporting auditability is not a direct functionality requirement, but it supports auditability requirements from regulations that might apply.

Derived requirements are inspired by the functional and nonfunctional requirements. For example, if a system has a user ID and PIN functional requirement, a derived requirement might define the number of allowable incorrect PIN guesses before an account is locked out. For audit logs, a derived requirement might support the integrity of the logs, such as log injection prevention.

-Prince 

ref-https://www.synopsys.com/blogs/software-security/software-security-requirements/

Ensure that the project aligns with your organizational strategy.

Why is it so important that organizations select the right projects in the first place? If a prospective project is simply a good idea – or more problematically, someone’s pet project – it’s unlikely to survive. For this reason, you need to make certain that the prospective project aligns with your overall organizational strategy.

Again, it’s important that all key stakeholders are in the room, and that they’re familiar with your overall strategy. With your strategy as a guide, identify where each project might meet multiple organizational goals. One way to measure the efficacy of a project is using a two-by-two matrix.

On one axis, chart the project’s ease of implementation. On the other, chart its anticipated impact on organizational goals. Without this comparative tool, your effort on a project might ultimately outweigh impact. But by using this framework, you can select the projects that will make the biggest difference.

Prince Patel

ref- https://www.bigskyassociates.com/blog/project-selection-5-things-every-organization-should-consider