We hаve decided tо implement а 4 dаy wоrk-week at the Bearcats Business Cоnsulting Company. We are working four days in the office for 10 hours a day. One can only work remotely 2 days a month. We want to see if this arrangement leads to higher quality projects, better job satisfaction, and better organizational culture. We put this working arrangement in place with plans to assess the effectiveness in six months. Please define and list the activities needed for this scenario. What is something we have currently NOT thought of that could help this be a successful intervention or could prevent this from being successful? There is always something that we could improve upon or be cognizant of so don't say you can't think of anything
The trаde nаme оf gаbapentin is Neurоntin.
The first questiоn is inspired by the CrоwdStrike incident frоm 2024 but you do not need to know the detаils of whаt exаctly happened. You will be provided with the information necessary to answer this question, and its goal is to test your knowledge of a trusted computing base (TCB).The CrowdStrike incident was caused by an update that resulted in the introduction of a bug in code that, when executed, crashed millions of Windows machines, leading to worldwide disruption of information technology services in many sectors. First, list and describe the requirements that should be met by a trusted computing base (TCB). (2+2+2 pts.) If the CrowdStrike security agent ran outside of the TCB as an unprivileged user process, could a bug in the agent crash the entire system as it actually did? Explain your answer by discussing a TCB requirement that supports it. (1+2 pts.) We discussed that each address space, where a process executes, has ranges where user and system code/data are stored. Based on an analysis of the CrowdStrike incident, it was reported that an error that resulted in illegal memory access and page fault was the reason for the system crash. Was the address of the illegal memory reference in the system or the user part of the address space? Explain your answer. (1+2 pts.) An analysis of the CrowdStrike bug showed that the cause of the crash was an error where the required number of arguments were not passed to a call. As a result, a pointer dereference led to illegal memory access, causing the system to crash. If code with such a bug was part of the TCB, which of the TCB requirements would be violated? For full credit, discuss each TCB requirement and whether it was violated. (1+1+1 pts.)
These questiоns аre frоm the discretiоnаry аnd mandatory access control modules. All students in a class belong to a group G and are able to access class resources because G is granted the necessary permissions. Assume Alice has tested out of a topic and does not need to take the quiz on this topic. The professor does not want Alice to have access to this quiz but wants Alice to remain in group G so she can access other resources. Also, the professor wants to grant access to the quiz to all other students by granting the desired access to G. The mechanisms provided by various operating systems can be used to meet this access control requirement. Explain how this can be achieved most efficiently and correctly in Linux with extended access control lists (EACLs) and in Windows. First, provide the access control entries (ACEs) for Alice and G with their types and permissions for the quiz in each system. After this, discuss which of these ACEs will be checked when Alice tries to access the quiz. (2+2+2+2 pts.) The Bell and La Padula (BLP) and Biba models address the confidentiality and integrity of data in a system that supports mandatory access control. A system allows read-down as is done by BLP, and writes by a user are only allowed at the user's level (no writes to higher levels are allowed). Does this system satisfy the confidentiality and integrity goals of the BLP and Biba models? First, describe the BLP and Biba requirements and then explain if the requirements of each model are satisfied. (2+2+2+2 pts.) If both models are used simultaneously by a system and object O has the highest sensitivity level (e.g., top secret), what level of integrity should be assigned to O in the Biba model? Is there a drawback to using both of these models at the same time? Provide a brief explanation. (1+2 pts.) A certain company has many customers and some of them have conflict-of-interest (CoI) relationships. Also, employees can only access company data by executing applications approved by the company based on the functions they perform in the company. The people responsible for access provisioning in this company came up with the following scheme. All files of a given customer must be stored in a single directory (it could be a container-like unit when using cloud storage). Initially, users are allowed to execute applications based on their needs and each application can access files needed by it. Access could be removed when applications execute. In particular, when user U executes application A which accesses files from customer C's directory, access to all files in directories of customers who have a CoI relationship with C is turned off for application A when it is executed by U. Give two examples of policies discussed in the mandatory access control module of the course that could be used to control access to documents by this company. Explain your answer by discussing the specific data access requirements of the company that are satisfied by each policy. (3+3 pts.) Does the suggested implementation correctly implement each policy that you recommend for the company? Provide a brief justification for your answer. (2+2 pts.)