Engineering Jobs

Software Engineering is the Systematic Approach for analysis design implementation and maintenance of Software .It involve the use of Case tools. Computer software is the product that Software Engineers design and develop and virtually every one in the industrialized world use it and is important because it effects nearly every aspect of our lives and has became needy in commerce, culture and our every day life.

The Steps involved in building a computer software like you build any successful product ,by applying a process that leads to a high quality result that meets the needs of people who will use the product .

There are different steps involved in developing the software and generally there are three phases involved in software development. Definition , Development and Support phase.

The first phase is of definition which every thing about the software is gathered and each and every information which is needed to develop a software is gathered. In short a proper road map is prepared and in which key requirements of the system and the software are identified.

The second phase which is the Development phase, that is a software engineer attempts to define how data are to be structured how function is to be implemented within a software architecture , how procedural details are to be implemented how interfaces are to be characterized and how the design will be translated into a programming language.The method applied during the development phase might vary but the three technical tasks should always occur that are : Software Design , Code generation , and software testing.

The Third and the last phase focus on changes which occur after the development of complete software this phase is associated with error correction, adaptation, enhancement and prevention of the software.

In addition to these activities there are also some activities involved in the development of software and these activities are used throughout the Software development these activities are called Umbrella Activities. These activity include :

Software Project tracking and control.

Formal technical reviews.

Software quality assurance.

Software Configuration management.

Document preparation and production.

Reusability management.

Measurement.

Risk management.

There are many phases of software engineering and it is a very deep field of software development and all the things discussed above is a part of the introduction.

Fahad Ahmed doing Software Engineering From Karachi University
fahadahmed_3310@hotmail.com

Share This

Monday morning, 6am; the electric rooster is telling you
it’s time to start a new work week. A shower, some coffee,
and you’re in the car and off. On the way to work you’re
thinking of all you need to accomplished this week. Then,
on top of that there’s the recent merger between your
company and a competitor. One of your associates told you,
you better be on your toes because rumors of layoffs are
floating around.

You arrive at the office and stop by the restroom to make
sure you look your best. You straighten your tie, and turn
to head to your cube when you notice, sitting on the back of
the sink, is a CD-ROM. Someone must have left this behind by
accident. You pick it up and notice there is a label on it.
The label reads “2005 Financials & Layoff’s”. You get a
sinking feeling in your stomach and hurry to your desk. It
looks like your associate has good reasons for concern, and
you’re about to find out for your self.

And The “Social Engineering” Game Is In Play:

People Are The Easiest Target

——————————————–
You make it to your desk and insert the CD-ROM. You find
several files on the CD, including a spreadsheet which you
quickly open. The spreadsheet contains a list of employee
names, start dates, salaries, and a note field that says
“Release” or “Retain”. You quickly search for your name but
cannot find it. In fact, many of the names don’t seem
familiar. Why would they, this is pretty large company, you
don’t know everyone. Since your name is not on the list you
feel a bit of relief. It’s time to turn this over to your
boss. Your boss thanks you and you head back to your desk.
You have just become a victim of social engineering.

When Did I Become a Victim of Social Engineering?

——————————————–
Ok, let’s take a step back in time. The CD you found in the
restroom, it was not left there by accident. It was
strategically placed there by me, or one of my employees.
You see, my firm has been hired to perform a Network
Security Assessment on your company. In reality, we’ve been
contracted to hack into your company from the Internet and
have been authorized to utilize social engineering
techniques.

The spreadsheet you opened was not the only thing executing
on your computer. The moment you open that file you caused a
script to execute which installed a few files on your
computer. Those files were designed to call home and make a
connection to one of our servers on the Internet. Once the
connection was made the software on our servers responded by
pushing (or downloading) several software tools to your
computer. Tools designed to give us complete control of
your computer. Now we have a platform, inside your
company’s network, where we can continue to hack the
network. And, we can do it from inside without even being
there.

This is what we call a 180 degree attack. Meaning, we did
not have to defeat the security measures of your company’s
firewall from the Internet. You took care of that for us.
Many organizations give their employees unfettered access
(or impose limited control) to the Internet. Given this
fact, we devised a method for attacking the network from
within with the explicit purpose of gaining control of a
computer on the private network. All we had to do is get
someone inside to do it for us - Social Engineering!
What would you have done if you found a CD with this type of
information on it?

What Does It Mean to Be “Human”

——————————————–
As human beings we are pretty bad at evaluating risk. Self
preservation, whether it be from physical danger or any
other event that could cause harm, like the loss of a job or
income, is a pretty strong human trait. The odd thing is,
we tend to worry about things that are not likely to happen.
Many people think nothing of climbing a 12 foot ladder to
replace an old ceiling fan (sometimes doing so with the
electricity still on), but fear getting on a plane. You have
a better chance severely inuring yourself climbing a ladder
than you do taking a plane ride.

This knowledge gives the social engineer the tools needed to
entice another person to take a certain course of action.
Because of human weaknesses, inability to properly assess
certain risk, and need to believe most people are good, we
are an easy target.

In fact, chances are you have been a victim of social
engineering many times during the course of your life. For
instance, it is my opinion that peer pressure is a form of
social engineering. Some of the best sales people I’ve
known are very effective social engineers. Direct marketing
can be considered a form of social engineering. How many
times have you purchased something only to find out you
really did not need it? Why did you purchase it? Because
you were lead to believe you must.

Conclusion

——————————————–
Defining The Term “Social Engineering”: In the world of
computers and technology, social engineering is a technique
used to obtain or attempt to obtain secure information by
tricking an individual into revealing the information.
Social engineering is normally quite successful because most
targets (or victims) want to trust people and provide as
much help as possible. Victims of social engineering
typically have no idea they have been conned out of useful
information or have been tricked into performing a
particular task.

The main thing to remember is to rely on common sense. If
some one calls you asking for your login and password
information and states they are from the technical
department, do not give them the information. Even if the
number on your phone display seems to be from within your
company. I can’t tell you how many times we have
successfully used that technique. A good way of reducing
your risk of becoming a victim of social engineering is to
ask questions. Most hackers don’t have time for this and
will not consider someone who asks questions an easy
target.

About The Author

—————-
Darren Miller is an Industry leading computer and internet
security consultant. At the website -
http://www.defendingthenet.com you will find information about
computer security specifically design to assist home, home
office, and small business computer users. Sign up for
defending the nets newsletter and become empowered
to stay safe on the Internet. You can reach Darren at
darren.miller@paralogic.net or at
defendthenet@paralogic.net

Share This

Is your vital selective information secure. How do you know. There ar several ways to increase confidence in the security measures of your vital entropy. The data could be moved to a non-accessible location. A security system firm could be hired to install, update, and monitor the system.

But perhaps the easiest method, and one that is now mandatory for the Department of Defense, is the manipulation of info engineering products that rich person been independently evaluated and certified. While this sounds like a great idea, how does one find such IT products.

The answer is that certified products listed on the Subject Information Assurance Partnership (NIAP) Web site at . The Home(a) Institute of Standards and Engineering (NIST) and the Interior(a) Security Agency (NSA) established the NIAP to evaluate data engineering science mathematical product conformance to international standards, namely the Park Criteria (CC). The programme, officially known as the NIAP Commons Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, is a partnership between the public and private sectors.

The plan was implemented to aid consumers select commercial off-the-shelf (COTS) IT products that meet their surety requirements and to assist manufacturers of those products gain acceptance in the global marketplace. One of the platform’s main objectives is to improve the availability of evaluated IT products.

The other key element of Instruction 8500.2 is the inclusion of definitions for generic “hardiness” levels and the assignment of “baseline levels” of IA services to those lustiness levels, depending on the value of the and the environment in which the is used. Robustness horizontal surface descriptions assistance the ISSE and DAA determine at which spirit level of CC self-assurance a mustiness be evaluated. This is passed on to the seller for wont in developing an rating services contract bridge with a CCTL.

The ISSE and DAA should besides consider the following when selecting the valuation confidence degree: the value of the assets organism protected; the risk of those assets beingness compromised; the resources of those who might try to compromise the assets; and the ” requirements, mission, and customer needs.”

Instruction 8500.2 too augments key points from Directive 8500.1. Products available “nether multiple-award schedule contracts or non-Defense Department Government-Wide Acquisition Contracts awarded before July 1, 2002, moldiness be evaluated when and if a version release of the is made available below the take.” Simply stated, this means that products that just now existence received by the United States Department of Defense contracts awarded before July 1, 2002, be evaluated and validated the CC.

The instruction likewise states that “although products that wealthy person not satisfactorily completed may be used, contracts shall require. be satisfactorily completed inside a specified period of time.” This statement gives abridge officers the task of ensuring the purchase foreshorten includes provisions requiring vendors to complete the CC . Vendors cannot simply submit their products for and then not complete the process.

Vendors tin can work with their CCTL and the Defense to determine a reasonable period of time for the , which could be any number of months depending primarily on complexity, vender evidence preparedness, self-confidence grade elect, and the lab’s familiarity with the applied science. Finally, the instruction states that the original abbreviate specify that ” validation will be kept current” where utilization is anticipated for subsequent versions of that.

CC certificate maintenance is another task that requires effort and planning on the part of the trafficker because CC certificates apply to a specific version and configuration of a . The requirements for maintaining that certificate across future versions of the described in a document entitled “Assurance Continuity: CCRA Requirements,” issued in February 2004 by the international body responsible for(p) for maintaining the Green Criteria.

You toilet obtain a copy of this document from any CCTL or the NIAP CCEVS. shorten officers should ensure their vendors aware of the completion and certificate maintenance clauses in their contracts so that products do not fail to meet and maintain the CC certification requirements for continued exercise. As with Directive 8500.1, the heads of components entrusted with the responsibilities to ensure systems employ solutions in accordance with the 8500.2 sections describing evaluations.

Further emphasizing the importance the federal government and placing on evaluations, public law includes provisions for evaluations and the often-sought-after waivers to such policy requirements. Subtitle F: Information Engineering science, Section 352 of Public Law 107-314, passed in December 2002, directs the secretary of defense to establish a policy to limit the skill of authority products to those products that give birth been evaluated and validated in accordance with appropriate criteria, schemes, or programs. Such criteria or schemes include the NIAP CCEVS and the internationally developed CC.

While experienced vendors will state that accomplishment policy requirements lavatory sometimes be waived, the waiver clause in Public Law 107-314 authorizes the secretary of defense to provide such waivers only for U.S. Therefore, this law makes it difficult to obtain waivers to the acquirement policies requiring CC evaluations. Clearly, independent evaluations important to both the federal government and the , as NSTISSP #11, 8500.1, 8500.2, and Public Law 107-314 confirm.

Such evaluations allow the to deliver confidence that the products it purchases meet the security department claims made by the vendors. While the bulk of the work for obtaining these evaluations falls to the , the is creditworthy for ensuring that products evaluated and validated in accordance with the reduce requirements stated in the ’s own policies.

The is as well for assisting the with the selection of the sureness layer for the since that pledge stratum is Chosen based on the protection needs and the application of purpose.

The understand that such evaluations and their subsequent maintenance not trivial tasks: They take weeks or months to complete depending on the stage , the preparedness of the to supply the required evidence, and the complexity of the . Usual Criteria evaluations play an important role in protecting . For this reason, procurement officers, narrow officers, and vendors should familiarize themselves with the criteria and the process.

About The Author
Donald Jones http://www.northfaceoutlet.net/.

Share This