1
Cyber Risks to Next Generation 911
The advent of Next Generation 911 (NG911) systems, which operate on an Internet Protocol (IP)
platform, enables interconnection on with a wide range of public and private networks, such as wireless
networks, the Internet, and regular phone networks. NG911 systems will enhance the current capabilities
of today’s 911 networks, allowing
compatibility with more types of
communication, providing greater situational
awareness to dispatchers and emergency
responders, and establishing a level of
resilience not previously possible. NG911
will allow Public Safety Answering Points
(PSAPs) to accept and process a range of
information from responders and the public
alike, including real-time text, images, video,
and voice calls. In addition, NG911 will
provide PSAPs with supplemental location
data, which may enable more effective
response.
Traditional 911 services typically operate over standard voice-based telephone networks and use
software, such as computer-aided dispatch systems, that operate on closed, internal networks with little
to no interconnections with other systems. The limited means of entry into the traditional 911 network
significantly limited potential attack vectors, and what little cyber risk existed could be easily managed.
NG911’s interconnections enable new response capabilities, as shown in Figure 1. However, they also
represent new vectors for attack that can disrupt or disable PSAP operations, broadening the concerns
of―and complicating the mitigation and management of―cyber risks across all levels of government.
The potential cyber risks to a NG911 system do not undermine its tremendous benefits. Nevertheless,
cyber risks do present a new level of exposure that PSAPs must understand and actively manage as a part
of a comprehensive risk management program. Past events have proven 911 systems are attractive targets
for cyber-attacks. For example, attackers have disrupted availability of traditional 911 systems by using
auto-dialers to overwhelm PSAP phone lines and cause congestion, preventing legitimate 911 calls from
going through [commonly called Telephone Denial of Service (TDoS) attacks] and location-based
records and databases that support NG911 are of interest to cyber criminals, data miners, and even nation-
states wanting to access and exploit that information.
As cyber threats grow in complexity and sophistication, attacks could be more severe against an NG911
system as attackers can launch multiple distributed attacks with greater automation from a broader
geography against more targets. This issue paper provides an overview of NG911 cyber infrastructure,
conveys the cyber risk landscape associated with NG911, offers an approach for assessing and managing
risks, and provides additional NG911 resources.
Figure 1: NG911 Benefits and Risks
Benefits
NG911 will enhance
response capabilities:
Enables receipt of data
(e.g., v ...
Discussion post responses.Please respond to the following two di.docxmadlynplamondon
Discussion post responses.
Please respond to the following two discussions.
After completing your reading and assignments this week, what do you think about the trends in communication and networking? How have you seen it impact business or do you think it will impact business? Do you think the burden on managers is greater or lesser when it comes to technology skills? Why do you think that?
RR’s post states the following:Top of Form
I agree with the author Thomas Case who stated, “Three different forces have consistently driven the architecture and evolution of data communications and networking facilities: traffic growth, development of new services, and advances in technology” (Case, n.d.). I think these forces continue to force a trend in which companies must continue to increase communication, and grow their networking systems.
These trends have impacted businesses and it is evident. For example, advances in technology led The Columbia Association for the city of Columbia Maryland to implement a converged network that would combine voice and data to minimize operating costs and improve service to their customers. Prior to the implementation the Association had a 20-year-old central mainframe, no data networks connecting its facilities, and an outdated legacy telephone network (“Data Trends”, n.d.).
I believe the burden on managers is greater when it comes to technology skills. Managers can no longer afford to be out of step with an evolving IT landscape. If they are unable to understand business objectives and architect a technical solution to achieve the business objectives, they will find themselves less essential to the business and unable to competently do their job.
Reference:
Case, T. Business Data Communications- Infrastructure, Networking and Security. [Strayer University Bookshelf]. Retrieved from https://strayer.vitalsource.com/#/books/9780133464764
Data Trends (Data Communications and Networking), (n.d.). Retrieved from https://what-when-how.com/data-communications-and-networking/future-trends-data-communications-and-networking/
BB’s post states the following:Top of Form
After completing your reading and assignments this week, what do you think about the trends in communication and networking? How have you seen it impact business or do you think it will impact business? Do you think the burden on managers is greater or lesser when it comes to technology skills? Why do you think that?
I read through the material last night, and I did definitely notice and learn about some obvious trends in communication and networking. Especially in our textbook, Business Data Communications by William Stallings, in Chapter 1.2 (Data Communications and Networking for Today’s Enterprise Trends), I learned a lot about today’s upcoming trends in communication and networking in technology. For instance, organizations have been increasingly drifting toward some form and level of commitment to unified communications. “The unified communica ...
Technology and public safety are merging. Cities are getting smarter every day. The next generation of 9-1-1 communication is already here, and cities and emergency responders can’t afford to wait to upgrade.
Technology and public safety are merging. Cities are getting smarter every day. The next generation of 9-1-1 communication is already here, and cities and emergency responders can’t afford to wait to upgrade.
Whitepaper - Software Defined Networking for the Telco Industryaap3 IT Recruitment
is SDN (Software Defined Networking) the next big thing in Network Security, or another headache and potential skills gap for the next generation of business networks?
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
To learn more visit: http://www.unisys.com/stealth
For years, security involved layering perimeter defenses and physical technology infrastructure that drove up operations and IT costs. But advanced, innovative technologies are driving public sector leaders to step outside the conventional Band-Aid approach. A new breed of public sector security opportunities around software-defined networking has emerged – one that strengthens security and cuts costs. The key – hide all endpoints completely from attackers so there’s no vector to target. There are five ways public sector leaders can increase security and decrease costs:
Cloak your endpoints and go undetectable;
Segment your data center by using communities of interest;
Isolate disparate networks;
Move mission-critical workloads to a more secure cloud;
Convert existing computing devices into secure communications tools.
The United States National Institute of Standards and Technology (NIST) has p...Michael Hudak
The NIST Definition of Cloud Computing
http://www.championcloudservices.com/Blog/bid/71922/8-18-2011-FINALLY-an-Agreement-on-Defining-what-the-CLOUD-is
Discussion post responses.Please respond to the following two di.docxmadlynplamondon
Discussion post responses.
Please respond to the following two discussions.
After completing your reading and assignments this week, what do you think about the trends in communication and networking? How have you seen it impact business or do you think it will impact business? Do you think the burden on managers is greater or lesser when it comes to technology skills? Why do you think that?
RR’s post states the following:Top of Form
I agree with the author Thomas Case who stated, “Three different forces have consistently driven the architecture and evolution of data communications and networking facilities: traffic growth, development of new services, and advances in technology” (Case, n.d.). I think these forces continue to force a trend in which companies must continue to increase communication, and grow their networking systems.
These trends have impacted businesses and it is evident. For example, advances in technology led The Columbia Association for the city of Columbia Maryland to implement a converged network that would combine voice and data to minimize operating costs and improve service to their customers. Prior to the implementation the Association had a 20-year-old central mainframe, no data networks connecting its facilities, and an outdated legacy telephone network (“Data Trends”, n.d.).
I believe the burden on managers is greater when it comes to technology skills. Managers can no longer afford to be out of step with an evolving IT landscape. If they are unable to understand business objectives and architect a technical solution to achieve the business objectives, they will find themselves less essential to the business and unable to competently do their job.
Reference:
Case, T. Business Data Communications- Infrastructure, Networking and Security. [Strayer University Bookshelf]. Retrieved from https://strayer.vitalsource.com/#/books/9780133464764
Data Trends (Data Communications and Networking), (n.d.). Retrieved from https://what-when-how.com/data-communications-and-networking/future-trends-data-communications-and-networking/
BB’s post states the following:Top of Form
After completing your reading and assignments this week, what do you think about the trends in communication and networking? How have you seen it impact business or do you think it will impact business? Do you think the burden on managers is greater or lesser when it comes to technology skills? Why do you think that?
I read through the material last night, and I did definitely notice and learn about some obvious trends in communication and networking. Especially in our textbook, Business Data Communications by William Stallings, in Chapter 1.2 (Data Communications and Networking for Today’s Enterprise Trends), I learned a lot about today’s upcoming trends in communication and networking in technology. For instance, organizations have been increasingly drifting toward some form and level of commitment to unified communications. “The unified communica ...
Technology and public safety are merging. Cities are getting smarter every day. The next generation of 9-1-1 communication is already here, and cities and emergency responders can’t afford to wait to upgrade.
Technology and public safety are merging. Cities are getting smarter every day. The next generation of 9-1-1 communication is already here, and cities and emergency responders can’t afford to wait to upgrade.
Whitepaper - Software Defined Networking for the Telco Industryaap3 IT Recruitment
is SDN (Software Defined Networking) the next big thing in Network Security, or another headache and potential skills gap for the next generation of business networks?
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
To learn more visit: http://www.unisys.com/stealth
For years, security involved layering perimeter defenses and physical technology infrastructure that drove up operations and IT costs. But advanced, innovative technologies are driving public sector leaders to step outside the conventional Band-Aid approach. A new breed of public sector security opportunities around software-defined networking has emerged – one that strengthens security and cuts costs. The key – hide all endpoints completely from attackers so there’s no vector to target. There are five ways public sector leaders can increase security and decrease costs:
Cloak your endpoints and go undetectable;
Segment your data center by using communities of interest;
Isolate disparate networks;
Move mission-critical workloads to a more secure cloud;
Convert existing computing devices into secure communications tools.
The United States National Institute of Standards and Technology (NIST) has p...Michael Hudak
The NIST Definition of Cloud Computing
http://www.championcloudservices.com/Blog/bid/71922/8-18-2011-FINALLY-an-Agreement-on-Defining-what-the-CLOUD-is
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel interested in obtaining knowledge in securing communication devices/infrastructure. This research provides a framework that can be used in an organization to eliminate digital anomalies through network forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
Firewall and vpn investigation on cloud computing performanceIJCSES Journal
The paper presents the way to provide the security to one of the recent development in computing, cloud
computing. The main interest is to investigate the impact of using Virtual Private Network VPN together
with firewall on cloud computing performance. Therefore, computer modeling and simulation of cloud
computing with OPNET modular simulator has been conducted for the cases of cloud computing with and
without VPN and firewall. To achieve clear idea on these impacts, the simulation considers different
scenarios and different form application traffic applied. Simulation results showing throughput, delay,
servers traffic sent and received have been collected and presented. The results clearly show that there is
impact in throughput and delay through the use of VPN and firewall. The impact on throughput is higher
than that on the delay. Furthermore, the impact show that the email traffic is more affected than web
traffic.
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
Cloud Security Alliance EMEA Congress
Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
Text of the presentation by Miguel A. Amutio
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
As per the recent studies, the volatile growth has been seen in the use of mobile devices as
the supporting technology for accessing Internet based services, as well as for personal
communication needs in networking. Various studies indicate that it is impossible to utilize strong
cryptographic functions for implementing security protocols on mobile devices. Our research negates
this. Explicitly, a performance analysis focused on the most commonly used cryptographic protocols
based on the location address (latitude & longitude) of the user for mobile applications and projected
provably secure authentication protocol that is more efficient than any of the prevailing
authentication protocol is being used by the network security methods. Understanding the use of
public key cryptography which makes potential use of discrete logarithms problem. The security of
ECC depends on the difficulty of Elliptic Curve Discrete Logarithm. To provide secure
communication for mobile devices, authenticated protocol is an important primitive for establishing
trusted connection. In this paper, it has been shown that the location based system using improved
Rabin Algorithm provides a better security and acquires much less energy consumption than the
existing authentication protocols.
EXPLORING THE EFFECTIVENESS OF VPN ARCHITECTURE IN ENHANCING NETWORK SECURITY...IJNSA Journal
The rapid development of technology in communications has transformed the operations of companies and institutions, paving the way for increased productivity, revenue growth, and enhanced customer service. Multimedia calls and other modern communication technologies boost mobile network, thus their utilization is critical to moving the business forward. However, these widely used networks are also vulnerable to security threats, leading network vendors and technicians to implement various techniques to ensure network safety. As the need to safeguard technologies grow and there has been a significant increase in growth the idea of a virtual private network (VPN) emerged as a key strategy for tackling the threat to network security. the authors suggested looking into this issue and presenting the findings of a study that contained insightful observations from the literature reviews that served as the primary source of research besides questionnaire responses as opinions from those who have experience in the network industry and its security. Through this research, it became evident that several technologies and approaches exist to safeguard networks, but the Transport Layer Security (TLS) architecture stood out as a superior solution, particularly for mobile networks.
Private sector cyber resilience and the role of data diodesOllie Whitehouse
This whitepaper intended for enterprise architects and cyber security professionals looks at the role of data diodes in modern network design and operation.
I. Design Principles for 5G Security
II. Cyber Security Business Models in 5G
III. Physical Layer Security
IV. 5G WLAN Security
V. Safety of 5G Network Physical Infrastructures
M3 ch12 discussionConnecting Eligible Immigrant Families to Heal.docxjeremylockett77
M3 ch12 discussion
Connecting Eligible Immigrant Families to Health Coverage
Instructions:
Read the report
Connecting Eligible Immigrant Families to Health Coverage and Care
.
Write a one page post offering solutions to the problem from the nurse's standpoint.
.
Loudres eats powdered doughnuts for breakfast and chocolate that sh.docxjeremylockett77
Loudres eats powdered doughnuts for breakfast and chocolate that she can get out of the vending machines before class. Between classes , she grabs some chips and a caffine drink for lunch. By the end of the day, she is exhauted and cannot study very long before she falls asleep for a few hours. Then, she stays up untils 2.A.M to finish her work and take care of things she could not do during the day. She feels that she has to eat sugary foods and caffeinated drinks to keep her schedule going and to fit in all her activities. What advice would you give her?
.
More Related Content
Similar to 1 Cyber Risks to Next Generation 911 The advent of Next .docx
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel interested in obtaining knowledge in securing communication devices/infrastructure. This research provides a framework that can be used in an organization to eliminate digital anomalies through network forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
Firewall and vpn investigation on cloud computing performanceIJCSES Journal
The paper presents the way to provide the security to one of the recent development in computing, cloud
computing. The main interest is to investigate the impact of using Virtual Private Network VPN together
with firewall on cloud computing performance. Therefore, computer modeling and simulation of cloud
computing with OPNET modular simulator has been conducted for the cases of cloud computing with and
without VPN and firewall. To achieve clear idea on these impacts, the simulation considers different
scenarios and different form application traffic applied. Simulation results showing throughput, delay,
servers traffic sent and received have been collected and presented. The results clearly show that there is
impact in throughput and delay through the use of VPN and firewall. The impact on throughput is higher
than that on the delay. Furthermore, the impact show that the email traffic is more affected than web
traffic.
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
Cloud Security Alliance EMEA Congress
Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
Text of the presentation by Miguel A. Amutio
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
As per the recent studies, the volatile growth has been seen in the use of mobile devices as
the supporting technology for accessing Internet based services, as well as for personal
communication needs in networking. Various studies indicate that it is impossible to utilize strong
cryptographic functions for implementing security protocols on mobile devices. Our research negates
this. Explicitly, a performance analysis focused on the most commonly used cryptographic protocols
based on the location address (latitude & longitude) of the user for mobile applications and projected
provably secure authentication protocol that is more efficient than any of the prevailing
authentication protocol is being used by the network security methods. Understanding the use of
public key cryptography which makes potential use of discrete logarithms problem. The security of
ECC depends on the difficulty of Elliptic Curve Discrete Logarithm. To provide secure
communication for mobile devices, authenticated protocol is an important primitive for establishing
trusted connection. In this paper, it has been shown that the location based system using improved
Rabin Algorithm provides a better security and acquires much less energy consumption than the
existing authentication protocols.
EXPLORING THE EFFECTIVENESS OF VPN ARCHITECTURE IN ENHANCING NETWORK SECURITY...IJNSA Journal
The rapid development of technology in communications has transformed the operations of companies and institutions, paving the way for increased productivity, revenue growth, and enhanced customer service. Multimedia calls and other modern communication technologies boost mobile network, thus their utilization is critical to moving the business forward. However, these widely used networks are also vulnerable to security threats, leading network vendors and technicians to implement various techniques to ensure network safety. As the need to safeguard technologies grow and there has been a significant increase in growth the idea of a virtual private network (VPN) emerged as a key strategy for tackling the threat to network security. the authors suggested looking into this issue and presenting the findings of a study that contained insightful observations from the literature reviews that served as the primary source of research besides questionnaire responses as opinions from those who have experience in the network industry and its security. Through this research, it became evident that several technologies and approaches exist to safeguard networks, but the Transport Layer Security (TLS) architecture stood out as a superior solution, particularly for mobile networks.
Private sector cyber resilience and the role of data diodesOllie Whitehouse
This whitepaper intended for enterprise architects and cyber security professionals looks at the role of data diodes in modern network design and operation.
I. Design Principles for 5G Security
II. Cyber Security Business Models in 5G
III. Physical Layer Security
IV. 5G WLAN Security
V. Safety of 5G Network Physical Infrastructures
M3 ch12 discussionConnecting Eligible Immigrant Families to Heal.docxjeremylockett77
M3 ch12 discussion
Connecting Eligible Immigrant Families to Health Coverage
Instructions:
Read the report
Connecting Eligible Immigrant Families to Health Coverage and Care
.
Write a one page post offering solutions to the problem from the nurse's standpoint.
.
Loudres eats powdered doughnuts for breakfast and chocolate that sh.docxjeremylockett77
Loudres eats powdered doughnuts for breakfast and chocolate that she can get out of the vending machines before class. Between classes , she grabs some chips and a caffine drink for lunch. By the end of the day, she is exhauted and cannot study very long before she falls asleep for a few hours. Then, she stays up untils 2.A.M to finish her work and take care of things she could not do during the day. She feels that she has to eat sugary foods and caffeinated drinks to keep her schedule going and to fit in all her activities. What advice would you give her?
.
Lori Goler is the head of People at Facebook. Janelle Gal.docxjeremylockett77
Lori Goler is the head
of People at Facebook.
Janelle Gale is the head
of HR Business Partners
at Facebook. Adam Grant
is a professor at Wharton,
a Facebook consultant,
and the author of Originals
and Give and Take.
ZS
U
ZS
A
N
N
A
IL
IJ
IN
HBR.ORG
Let’s Not Kill
Performance
Evaluations Yet
Facebook’s experience shows
why they can still be valuable.
BY LORI GOLER, JANELLE GALE, AND ADAM GRANT
November 2016 Harvard Business Review 91
LET’S NOT KILL PERFORMANCE EVALUATIONS YET
tThe reality is, even when companies get rid of performance evaluations, ratings still exist. Employees just can’t see them. Ratings are done sub-jectively, behind the scenes, and without input from the people being evaluated.
Performance is the value of employees’ contribu-
tions to the organization over time. And that value
needs to be assessed in some way. Decisions about
pay and promotions have to be made. As research-
ers pointed out in a recent debate in Industrial and
Organizational Psychology, “Performance is always
rated in some manner.” If you don’t have formal
evaluations, the ratings will be hidden in a black box.
At Facebook we analyzed our performance man-
agement system a few years ago. We conducted fo-
cus groups and a follow-up survey with more than
300 people. The feedback was clear: 87% of people
wanted to keep performance ratings.
Yes, performance evaluations have costs—but
they have benefits, too. We decided to hang on
to them for three reasons: fairness, transparency,
and development.
Making Things Fair
We all want performance evaluations to be fair. That
isn’t always the outcome, but as more than 9,000
managers and employees reported in a global sur-
vey by CEB, not having evaluations is worse. Every
organization has people who are unhappy with their
bonuses or disappointed that they weren’t pro-
moted. But research has long shown that when the
process is fair, employees are more willing to accept
undesirable outcomes. A fair process exists when
evaluators are credible and motivated to get it right,
and employees have a voice. Without evaluations,
people are left in the dark about who is gauging their
contributions and how.
At Facebook, to mitigate bias and do things sys-
tematically, we start by having peers write evalua-
tions. They share them not just with managers but
also, in most cases, with one another—which reflects
the company’s core values of openness and transpar-
ency. Then decisions are made about performance:
Managers sit together and discuss their reports
face-to-face, defending and championing, debating
and deliberating, and incorporating peer feedback.
Here the goal is to minimize the “idiosyncratic rater
effect”—also known as personal opinion. People
aren’t unduly punished when individual managers
are hard graders or unfairly rewarded when they’re
easy graders.
Next managers write the performance reviews.
We have a team of analysts who examine evalua-
tions f.
Looking for someone to take these two documents- annotated bibliogra.docxjeremylockett77
Looking for someone to take these two documents- annotated bibliography and an issue review(outline)
to conduct an argumentative paper about WHY PEOPLE SHOULD GET THE COVID-19 VACCINE
Requirements:
Length: 4-6 pages (not including title page or references page)
1-inch margins
Double spaced
12-point Times New Roman font
Title page
References page
.
Lorryn Tardy – critique to my persuasive essayFor this assignm.docxjeremylockett77
Lorryn Tardy – critique to my persuasive essay
For this assignment I’ll be workshopping the work of Lisa Oll-Adikankwu. Lisa has chosen the topic of Assisted Suicide; she is against the practice and argues that it should be considered unethical and universally illegal.
Lisa appears to have a good understanding of the topic. Her sources are well researched and discuss a variety of key points from seemingly unbiased sources. Her sources are current, peer reviewed and based on statistical data.
Lisa’s summaries are well written, clear and concise. One thing I noticed is that the majority of her writing plan is summarized and cited at the end of each paragraph. I might suggest that she integrate more synthesis of the different sources, by combining evidence from more than one source per paragraph and using more in text citations or direct quotes to reinforce her key points.
I think that basic credentialing information could be provided for Lisa’s sources, this is something that looking back, I need to add as well. I think this could easily be done with just a simple “(Authors name, and their title, i.e. author, statistician, physician etc.…)”, when the source is introduced into the paper might provide a reinforced credibility of the source.
As far as connection of sources, as previously mentioned, I think that in order to illustrate a stronger argument, using multiple sources to reinforce a single key point would solidify Lisa’s argument. I feel that more evidence provided from a variety of different sources, will provide the reader with a stronger sense of credibility and less room for bias that could be argued if the point is only credited to one source.
One area that stuck out to me for counter argument, being that my paper is in favor of this issue, is in paragraph two where Lisa states that “physicians are not supposed to kill patients or help them kill themselves, and terminally ill patients are not in a position of making rational decisions about their lives.” I’d like to offer my argument for this particular statement. In states where assisted suicide (or as I prefer to refer to it, assisted dying) is legal, there are several criteria that a patient has to meet in order to be considered a candidate. These criteria include second, even third opinions to determine that death is imminent, as well psychological evaluation(s) and an extensive informed consent process that is a collaborative effort between the patient, the patient’s family, physicians, psychologists and nurses. It is a process that takes weeks to months. Patients that wish to be a candidate, should initiate the process as soon as they have been diagnosed by seeking a second opinion. As an emergency room nurse, I have been present for a substantial amount of diagnoses that are ‘likely’ terminal. Many of these patients presented to the emergency for a common ailment and have no indication that they don’t have the capacity to make such a decision. Receiving a terminal diagnos.
M450 Mission Command SystemGeneral forum instructions Answ.docxjeremylockett77
M450 Mission Command: System
General forum instructions: Answer the questions below and provide evidence to support your claims (See attached slides). Your answers should be derived primarily from course content. When citing sources, use APA style. Your initial posts should be approximately 150-500 words.
1. Describe and explain two of the Warfighting Functions.
2. How do commanders exercise the Command and Control System?
.
Lymphedema following breast cancer The importance of surgic.docxjeremylockett77
Lymphedema following breast cancer: The importance of
surgical methods and obesity
Rebecca J. Tsai, PhDa,*, Leslie K. Dennis, PhDa,b, Charles F. Lynch, MD, PhDa, Linda G.
Snetselaar, RD, PhD, LDa, Gideon K.D. Zamba, PhDc, and Carol Scott-Conner, MD, PhD,
MBAd
aDepartment of Epidemiology, College of Public Health, University of Iowa, Iowa City, IA, USA.
bDivision of Epidemiology and Biostatistics, College of Public Health, University of Arizona,
Tucson, AZ, USA.
cDepartment of Biostatistics, College of Public Health, University of Iowa, Iowa City, IA, USA.
dDepartment of Surgery, College of Medicine, University of Iowa, Iowa City, IA, USA.
Abstract
Background: Breast cancer-related arm lymphedema is a serious complication that can
adversely affect quality of life. Identifying risk factors that contribute to the development of
lymphedema is vital for identifying avenues for prevention. The aim of this study was to examine
the association between the development of arm lymphedema and both treatment and personal
(e.g., obesity) risk factors.
Methods: Women diagnosed with breast cancer in Iowa during 2004 and followed through 2010,
who met eligibility criteria, were asked to complete a short computer assisted telephone interview
about chronic conditions, arm activities, demographics, and lymphedema status. Lymphedema was
characterized by a reported physician-diagnosis, a difference between arms in the circumference
(> 2cm), or the presence of multiple self-reported arm symptoms (at least two of five major arm
symptoms, and at least four total arm symptoms). Relative risks (RR) were estimated using
logistic regression.
Results: Arm lymphedema was identified in 102 of 522 participants (19.5%). Participants treated
by both axillary dissection and radiation therapy were more likely to have arm lymphedema than
treated by either alone. Women with advanced cancer stage, positive nodes, and larger tumors
along with a body mass index > 40 were also more likely to develop lymphedema. Arm activity
level was not associated with lymphedema.
*Correspondence and Reprints to: Rebecca Tsai, National Institute for Occupational Safety and Health, 4676 Columbia Parkway,
R-17, Cincinnati, OH 45226. [email protected] Phone: (513)841-4398. Fax: (513) 841-4489.
Authorship contribution
All authors contributed to the conception, design, drafting, revision, and the final review of this manuscript.
Competing interest
Conflicts of Interest and Source of Funding: This study was funded by the National Cancer Institute Grant Number: 5R03CA130031.
All authors do not declare any conflict of interest.
All authors do not declare any conflict of interest.
HHS Public Access
Author manuscript
Front Womens Health. Author manuscript; available in PMC 2018 December 14.
Published in final edited form as:
Front Womens Health. 2018 June ; 3(2): .
A
u
th
o
r M
a
n
u
scrip
t
A
u
th
o
r M
a
n
u
scrip
t
A
u
th
o
r M
a
n
u
scrip
t
A
u
th
.
Love Beyond Wallshttpswww.lovebeyondwalls.orgProvid.docxjeremylockett77
Love Beyond Walls
https://www.
lovebeyondwalls
.org
Provide a brief background of your chosen nonprofit entity using evidence from their publications or any other published materials. Then evaluate the factors, which may include economic, political, historic, cultural, institutional conditions, and changes that contributed to the creation and growth (decline) of the nonprofit organization. Justify your response.
.
Longevity PresentationThe purpose of this assignment is to exami.docxjeremylockett77
Longevity Presentation
The purpose of this assignment is to examine societal norms regarding aging and to integrate the concepts of aging well and living well into an active aging framework that promotes longevity.
Using concepts from the Hooyman and Kiyak (2011) text and the Buettner (2012) book, consider the various perspectives on aging.
Identify the underlying values or assumptions that serve as the basis for longevity, including cultural, religious, and philosophical ideas.
Present an overview of three holistic aging theories.
Integrate the values, assumptions, and theories to indicate what is necessary for an active aging framework where individuals both live well and age well.
Presentations should be 10-15 minutes in length, use visual aids, and incorporate references from the course texts and 5 additional scholarly journal articles.
.
Look again at the CDCs Web page about ADHD.In 150-200 w.docxjeremylockett77
Look again at the
CDC's Web page about ADHD
.
In 150-200 words, please analyze the document’s purpose and audience. Who, for example, is the CDC's audience? What are the CDC's beliefs about ADHD, and how does the CDC's Web page relate itself to those beliefs? Why would the federal government post a Web page about ADHD? What role does the general public expect the government to play regarding disorders such as ADHD?
.
M8-22 ANALYTICS o TEAMS • ORGANIZATIONS • SKILLS .fÿy.docxjeremylockett77
M8-22 ANALYTICS o TEAMS • ORGANIZATIONS • SKILLS .fÿy' ÿ,oÿ ()V)g
The Strategy That Wouldn't Travel
by Michael C. Beer
It was 6:45 P.M. Karen Jimenez was reviewing the
notes on her team-based productMty project tbr
what seemed like the hundredth time. I31 two days,
she was scheduled to present a report to the senior
management group on the project's progress. She
wasn't at all sure what she was going to say.
The project was designed to improve productiv-
it3, and morale at each plant owned and operated by
Acme Minerals Extraction Company. Phase one--
implemented in early 1995 at the site in Wichita,
I(amsas--looked like a stunning, success by the mid-
dle of 1996. Productivity and mo[ÿale soared, and
operating and maintenance costs decreased signifi-
cantly. But four months ago, Jimenez tried to
duplicate the results at the project's second
target--the plant in Lubbock, Texas--and some-
thing went wrong. The techniques that had worked
so well in Wichita met with only moderate success
in Lubbock. ProductMty improved marginally and
costs went down a bit, but morale actually seemed
to deteriorate slightl): Jimenez was stumped,
approach to teamwork and change. As it turned
out, he had proved a good choice. Daniels was a
hands-on, high-energy, charismatic businessman
who seemed to enjoy media attention. Within his
first year as CEO, he had pretty much righted the
floundering company by selling oft:some unrelated
lines of business. He had also created the share-
services deparnnent--an internal consulting organ-
ization providing change management, reengineer-
ing, total quailB, management, and other
services--and had rapped Jimenez to head the
group. Her first priority Daniels told her, would be
to improve productiviB, and morale at the com-
pany's five extraction sites. None of them were
meeting their projections. And although Wichita
was the only site at which the labor-management
conflict was painfiflly apparent, Daniels and Jimenez
both thought that morale needed an all-around
boost. Hence the team-based productivity project.
She tried to "helicopter up" and think about
the problem in the broad context of the com-
pany's history. A few ),ears ago, Acme had been in
bad financial shape, but what had really brought
things to a head--and had led to her current
dilemma--was a labor relations problem. Acme
had a wide variety of labor requirements For its
operations. The company used highly sophisti-
cated technologB employing geologists, geophysi-
cists, and engineers on what was referred to as the
"brains" side of the business, as well as skilled and
semi-skilled labor on the "brawn" side to run the
extraction operations. And in the summer of
1994, brains and brawn clashed in an embarrass-
ingly public way. A number of engineers at the
Wichita plant locked several union workers out of
the offices in 100-degree heat. Although most
Acme employees now felt that the incident had
been blown out of propo,'tion by the press, .
Lombosoro theory.In week 4, you learned about the importance.docxjeremylockett77
Lombosoro theory.
In week 4, you learned about the importance of theory, the various theoretical perspectives and the ways in which theory help guide research in regards to crime and criminal behavior.
To put this assignment into context, I want you to think about how Lombroso thought one could identify a criminal. He said that criminals had similar facial features. If that was the case you would be able to look at someone and know if they were a criminal! Social theories infer that perhaps it is the social structures around us that encourage criminality. Look around your city- what structures do you think may match up to something you have learned about this week in terms of theory? These are just two small examples to put this assignment into context for you. The idea is to learn about the theories, then critically think about how can one "show" the theory without providing written explanation for their chosen image.
Directions: With the readings week 4 in mind, please do the following:
1. Choose a theoretical perspective (I.e., biological, psychological sociological)
2. Look through media images (this can be cartoons, magazines, newspapers, internet stories, etc...) and select 10 images that you think depict your chosen theory without written explanation.
3. Provide a one paragraph statement of your theory, what kinds of behavior it explains and how it is depicted through images. Be sure to use resources to support your answer.
4. You will copy and paste your images into a word document, along with your paragraph. You do not need to cite where you got your images, but you do need to cite any information you have in number 3.
Format Directions:
Typed, 12 point font, double spaced
APA format style (Cover page, in text citations and references)
.
Looking over the initial material on the definitions of philosophy i.docxjeremylockett77
Looking over the initial material on the definitions of philosophy in
the course content section, which definition (Aristotle, Novalis,
Wittgenstein) would you say gives you the best feel for philosophy? What
is it about the definition that interests you? do you find there to be any problems with the definition? what other questions do you have regarding the meaning of philosophy?
ARISTOTLE :
Definition 1: Philosophy begins with wonder. (Aristotle)
Our study of philosophy will begin with the ancient Greeks. This is not because the Greeks were necessarily the first to philosophize. They were the first to address philosophical questions in a systematic manner. Also, the bodies of works which survive from the Greeks is quite substantial so in studying philosophy we have a lot to go on if we start with the Greeks.
Philosophy is, in fact, a Greek word. Philo is one of the Greek words for love: in this case the friendship type of love. (What other words can you think of that have "philo" as a part?) Sophia, has a few different uses in Greek. Capitalized it is the name of a woman or a Goddess: wisdom. Philosophy, then, etymologically, (that is from its roots) means love of wisdom.
But what exactly is wisdom? Is it merely knowledge? Intelligence? If I know how to perform a given skill does this necessarily imply that I also have wisdom or am wise?
The word "wise" is not in fact a Greek word. Remember for the Greeks that's "Sophia". Wise is Indo-European and is related to words like "vision", "video", "Veda" (the Indian Holy scriptures). The root has something to do with seeing. Wisdom then has to do with applying our knowledge in a meaningful and practically beneficial way. Perhaps this is the reason why philosophy is associated with the aged. Aristotle believes that philosophy in fact is more suitably studied by the old rather than the young who are inclined to be controlled by the emotions. Do you think this is correct? Nevertheless, whether Aristotle is correct or not, typically the elderly are more likely to be wise as they have more experience of life: they have seen more and hopefully know how to respond correctly to various situations.
Philosophy is not merely confined to the old. Aristotle also says that philosophy begins with wonder and that all people desire to know. Children often are paradigm cases of wondering. Think about how children (perhaps a young sibling or a son or daughter, niece or nephew of your acquaintance) inquistively ask their parents "why" certain things are the case? If the child receives a satisfying answer, one that fits, she is satisfied. If not there is dissatisfaction and frustration. Children assume that their elders know more than they do and thus rely on them for the answers. Though there is a familiar cliche that ignorance is bliss, (perhaps what is meant by this is that ignorance of evil is bliss), Aristotle sees ignorance as painful, a wonder that I would rather fill with knowledge. After all wha.
Lucky Iron Fish
By: Ashley Snook
Professor Phillips
MGMT 350
Spring 2018
Table of Contents
Executive Summary
Introduction
Human Relations Theory
Communications Issues
Intercultural Relations
Ethics Issues
Conclusion
Works Cited
Executive Summary
The B-certified organization that I chose is Lucky Iron Fish Enterprise which is located in Guelph, Ontario Canada. The company distributes iron fish that are designed to solve iron deficiency and anemia for the two billion people who are affected worldwide.
The human relations model is comprised of McGregor’s Theory X and Theory Y, Maslow’s Hierarchy of Needs, and theories from Peters and Waterman. These factors focus on the organizational structure of the company as it relates to the executives, the staff, and the customers. The executives provide meaningful jobs for the staff which gives them high levels of job satisfaction. Together, they are able to provide a product that satisfies the thousands of customers they have already reached.
Communication in this company flows smoothly. They implement open communication, encourage participation, and have high levels of trust among employees. Each of their departments are interconnected through teamwork.
Their intercultural relations, although successful, require a significant amount of time. They need to emphasize to the high context cultures that they are willing to understand their culture and possibly adopt some aspects of it. Additionally, they face barriers such as language dissimilarity and lack of physical store locations.
Ethics remains a top priority for this organization. They have high ethical standards that are integrated into their operations. They make decisions that do the most good for the most people, they do not take into consideration financial or political influence, and they strive to protect the environment through their sustainability measures.
Every employee is dedicated to improving the lives of those who suffer from iron deficiency
and anemia. As their organization grows, they continue to impact thousands of lives around the world. They are on a mission to put “a fish in every pot” (Lucky Iron Fish).
Introduction
Lucky Iron Fish, located in Guelph Canada, is a company that is dedicated to ending worldwide iron deficiency and anemia. They do this by providing families with iron fish that release iron when heated in food or water. They sell this product in developed countries in order to support their business model of buy one give one. Each time an iron fish is purchased, one is donated to a family in a developing country. They designed their product to resemble the kantrop fish of Cambodia; in their culture this fish is a symbol of luck. Another focus of theirs is to remain sustainable, scalable, and impactful (Lucky Iron Fish). Each of their products is made from recycled material and their packaging is biodegradable. Their organization has a horizontal stru.
Lucky Iron FishBy Ashley SnookMGMT 350Spring 2018ht.docxjeremylockett77
Lucky Iron Fish
By: Ashley Snook
MGMT 350
Spring 2018
https://www.youtube.com/watch?v=G6Rx3wDqTuI
Table of Contents
Case Overview
Introduction
Human Relations
Communications
Intercultural Relations
Ethics
Conclusion
Works Cited
https://www.youtube.com/watch?v=iY0D-PIcgB4
Video ends at 1:45
2
Case Overview
Company located in Guleph, Ontario Canada
Mission is to end iron deficiency and anemia
A fish in every pot
Gavin Armstrong, Founder/CEO
Introduction
Idea originated in Cambodia
Distribute fish through buy one give one model
Sustainable, scalable, impactful
Human Relations
McGregor’s Theory X and Y
-X: employees focused solely on financial gain
-Y: strive to improve worldwide health
Maslow’s Hierarchy of Needs
-Affiliation: desire to be part of a unit, motivated by connections
-Self-esteem: recognition for positive impact
Peters and Waterman
-Close relations to the customer
-Simple form & lean staff
Communications
Time and Distance
-Make product easily and quickly accessible
Communication Culture
-Encourages active participation
Teamwork
-Each role complements the overall mission
Gavin Armstrong Kate Mercer Mark Halpren Melissa Saunders Ashley Leone
Founder & CEO VP Marketing Chief Financial Officer Logistics Specialist Dietician
Intercultural Relations
High/Low Context
-Targets high context cultures
Barriers
-Language dissimilarity
Overcoming Barriers
-Hire a translator
Ethics
Utilitarianism
-Targets countries where majority of people will benefit
Veil of Ignorance
-Not concerned with financial influence
Categorical Imperative
-Accept projects only if environmentally friendly
Conclusion
Buy one give one model
Expansion
Sustainability
Works Cited
Guffey, Mary. “Essentials of Business Communication.” Ohio: Erin Joyner. 2008. Print.
“Lucky Iron Fish.” Lucky Iron Fish. Accessed 30 May 2018. https://luckyironfish.com/
“Lucky Iron Fish Enterprise.” B Corporation.net. Accessed 30 May 2018. https://www.bcorporation.net/community/lucky-iron-fish-enterprise
Lucky Iron Fish. “Lucky Iron Fish: A Simple
Solution
for a global problem.” Youtube. 28 October 2014. Accessed 4 June 2018. https://www.youtube.com/watch?v=iY0D-PIcgB4
“Lucky little fish to fight iron deficiency among women in Cambodia.” Grand Challenges Canada. Accessed 6 June 2018. http://www.grandchallenges.ca/grantee-stars/0355-05-30/
Podder, Api. “Lucky Iron Fish Wins 2016 Big Innovation Award.” SocialNews.com. 5 February 2016. Accessed 4 June 2018. http://mysocialgoodnews.com/lucky-iron-fish-wins-2016-big-innovation-award/
Zaremba, Alan. “Organizational Communication.” New York: Oxford University Press Inc. 2010. Print.
Lucky Iron Fish
By: Ashley Snook
Professor Phillips
MGMT 350.
look for a article that talks about some type of police activity a.docxjeremylockett77
look for a article that talks about some type of police activity and create PowerPoint and base on the history describe
-What is the role of a police officer in society? (general statement )
-how are they viewed by society?
what is the role of the police in this case?
how it is seems by society?
Article
An unbelievable History of Rape
An 18-year-old said she was attacked at knifepoint. Then she said she made it up. That’s where our story begins.
by T. Christian Miller, ProPublica and Ken Armstrong, The Marshall Project December 16, 2015
https://www.propublica.org/article/false-rape-accusations-an-unbelievable-story
.
Look at the Code of Ethics for at least two professional agencies, .docxjeremylockett77
Look at the Code of Ethics for at least two professional agencies, federal agencies, or laws that would apply to Health IT professionals. In two pages (not including the reference list), compare and contrast these standards. How much overlap did you find? Is one reference more specific than the other? Does one likely fit a broader audience, etc... Would you add anything to either of these documents?
.
Locate an example for 5 of the 12 following types of communica.docxjeremylockett77
Locate
an example for 5 of the 12 following types of communication genres:
Business card
Resume/CV
Rules and regulations
Policy handbook
Policy manual
Policy guide
Policy or departmental memorandum
Public policy report
Government grant
Government proposal
Departmental brochure or recruitment materials
Governmental agency social media (Twitter, Facebook, etc...)
Write
a 1,050- to 1,400-word paper in which you refer to your examples for each of the above listed communication genres. Be sure to address the following in your paper:
How does the purpose of the communication relate to the particular communication genre? In what ways does the genre help readers grasp information quickly and effectively? In what way is the genre similar or different than the other genres you chose?
What role has technology played in the development of the genre? How is it similar or different than the other genres you chose?
How does the use of these conventions promote understanding for the intended audience of the communication? How is it similar or different than the other genres you chose?
Is the communication intended for external or internal distribution? Describe ethical and privacy considerations used for determining an appropriate method of distribution. How is it similar or different than the other genres you chose?
Cite
at least three academic sources in your paper.
Format
your paper consistent with APA guidelines.
.
Locate and read the other teams’ group project reports (located .docxjeremylockett77
Locate and read the other teams’ group project reports (located in Doc Sharing).
Provide some comments for two reports in terms of what you think they did right, what you learned from these reports, as well as what else they could have done.
In addition, read the comments that other students made about your team’s report and respond to at least one of them.
Review ATTACHMENTS!!!!
.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
1 Cyber Risks to Next Generation 911 The advent of Next .docx
1. 1
Cyber Risks to Next Generation 911
The advent of Next Generation 911 (NG911) systems, which
operate on an Internet Protocol (IP)
platform, enables interconnection on with a wide range of
public and private networks, such as wireless
networks, the Internet, and regular phone networks. NG911
systems will enhance the current capabilities
of today’s 911 networks, allowing
compatibility with more types of
communication, providing greater situational
awareness to dispatchers and emergency
responders, and establishing a level of
resilience not previously possible. NG911
will allow Public Safety Answering Points
(PSAPs) to accept and process a range of
information from responders and the public
alike, including real-time text, images, video,
and voice calls. In addition, NG911 will
provide PSAPs with supplemental location
data, which may enable more effective
response.
Traditional 911 services typically operate over standard voice-
based telephone networks and use
software, such as computer-aided dispatch systems, that operate
on closed, internal networks with little
to no interconnections with other systems. The limited means
of entry into the traditional 911 network
significantly limited potential attack vectors, and what little
cyber risk existed could be easily managed.
2. NG911’s interconnections enable new response capabilities, as
shown in Figure 1. However, they also
represent new vectors for attack that can disrupt or disable
PSAP operations, broadening the concerns
of―and complicating the mitigation and management of―cyber
risks across all levels of government.
The potential cyber risks to a NG911 system do not undermine
its tremendous benefits. Nevertheless,
cyber risks do present a new level of exposure that PSAPs must
understand and actively manage as a part
of a comprehensive risk management program. Past events have
proven 911 systems are attractive targets
for cyber-attacks. For example, attackers have disrupted
availability of traditional 911 systems by using
auto-dialers to overwhelm PSAP phone lines and cause
congestion, preventing legitimate 911 calls from
going through [commonly called Telephone Denial of Service
(TDoS) attacks] and location-based
records and databases that support NG911 are of interest to
cyber criminals, data miners, and even nation-
states wanting to access and exploit that information.
As cyber threats grow in complexity and sophistication, attacks
could be more severe against an NG911
system as attackers can launch multiple distributed attacks with
greater automation from a broader
geography against more targets. This issue paper provides an
overview of NG911 cyber infrastructure,
conveys the cyber risk landscape associated with NG911, offers
an approach for assessing and managing
risks, and provides additional NG911 resources.
Figure 1: NG911 Benefits and Risks
Benefits
3. NG911 will enhance
response capabilities:
(e.g., video, text) from
the public over a variety
of networks
ables data sharing
between PSAPs
PSAPs for survivability
Risks
NG911 is different from
traditional systems:
identity management and
credentialing across
systems
ntial attacks
to quickly escalate or
proliferate across systems
vectors
2
4. Cyber Infrastructure
The National Emergency Number Association (NENA) describes
NG911 systems as an IP-based system
comprised of hardware, software, data, and operational policies
and procedures that:
• Provides standardized interfaces from emergency call and
message services;
• Processes all types of emergency calls, including voice, data,
and multimedia information;
• Acquires and integrates additional emergency call data useful
to call routing and handling;
• Delivers emergency calls, messages, and data to the
appropriate PSAP and other entities;
• Supports data and communications needs for coordinated
incident response and management; and
• Provides broadband service to PSAPs or other first responder
entities.1
NENA defines several basic building blocks of NG911 systems,
as described below:
• Emergency Services IP Networks
(ESInets). ESInets are at the center
of NG911 systems. These broadband
networks are engineered and managed
to use Internet protocols and standards
to carry voice and data traffic (e.g.,
text, pictures, videos) in support of
local, regional, state, and national
emergency management authorities.
• Applications and Databases. NG911
uses a wide range of internal and
external databases to support its services. Internal databases
validate and route data, record call details,
and enforce policy and business rules. External databases host
5. many of the datasets that call takers
and dispatchers rely on to provide improved accuracy and
shortened response time, including location
data, government records, law enforcement records, healthcare
information, and infrastructure data.
• Standards and Security. NG911 uses functions and protocols
that are compliant with international
IP standards, as well as standards developed within the
emergency response community. NENA
defines NG911 standards based on Internet Engineering Task
Force (IETF) IP standards.2 In addition
to NENA, there are a number of other entities that establish
standards for NG911 systems, including
the Association of Public-Safety Communications Officials
(APCO), the Alliance for
Telecommunications Industry
Solution
s (ATIS), and the IETF.3
1 “What is NG911?”.NENA.
http://c.ymcdn.com/sites/www.nena.org/resource/resmgr/ng9-1-
1_project/whatisng911.pdf.
2 The full list of NG911 functions, called the “i3” architecture,
are defined in NENA 08-003, “Detailed Functional and
Interface Standards for NG911.” NENA has also defined
security standard 75-001, “NENA Security for Next Generation
6. 9-1-1 Standard (NG-SEC).” The i3 functions and standards,
NG-SEC, and the full suite of other NG911 standards can
be found at https://www.nena.org/?page=Standards.
3 A full review of NG911 standards can be found on the
National 911 Program’s website at
http://www.911.gov/pdf/NG911-Standards-Identification-and-
Analysis-March2015.pdf.
Figure 2: Simplified ESInet Diagram
http://c.ymcdn.com/sites/www.nena.org/resource/resmgr/ng9-1-
1_project/whatisng911.pdf
https://www.nena.org/?page=Standards
http://www.911.gov/pdf/NG911-Standards-Identification-and-
Analysis-March2015.pdf
3
Per the definition above, cyber infrastructure for NG911
systems includes the IP-based networks, assets,
databases, and services, as they are involved in the processing,
storage, and transport of data.
Specifically, an NG911 system’s cyber infrastructure includes:
7. • Assets that are part of, or interconnect with, ESInets
• Service provider networks and applications that interconnect
with ESInets
• Government applications and services that connect to ESInets
• Dispatch systems and components that connect to ESInets
Traditionally, the term “cyber” has been applied to only
information technology (IT) systems and assets,
while communications infrastructure was considered separate.
However, defining cyber infrastructure as
including both IT and communications systems accounts for the
many ways in which these systems have
converged. NG911 administrators should recognize this
convergence in order to more effectively counter
risks. Risks to any component of these systems could threaten
an entire NG911 system or its data, so it
is important to consider systems holistically.
The NG911 Cybersecurity Risk Landscape
Cybersecurity4 risks occur when a threat exploits a
vulnerability, leading to an undesired event that has
a negative consequence on the desired state of the network. The
three attributes most necessary for a
secure system are often referred to as the C-I-A Triad:
• Confidentiality: Ensures that data is only accessed by those
8. authorized to see it.
• Integrity: Ensures that data is trustworthy and is not altered
through transmittal, storage, or retrieval.
• Availability: Ensures that the infrastructure—either
components of the network or the network as
a whole—is operational and committable to its intended
purpose.
The CIA Triad is used as a benchmark for evaluating
information system security by the National Institute
of Standards and Technology (NIST), the International
Telecommunications Union (ITU), and others.
Loss of confidentiality, integrity, or availability has especially
severe impacts in the emergency response
domain. For example, loss of confidentiality within NG911
systems could expose information to identity
thefts or disrupt ongoing investigations; loss of integrity could
disrupt response to 911 calls; and loss of
availability could prevent urgent requests from reaching a
PSAP.
4 Cybersecurity is “the prevention of damage to, unauthorized
use of, exploitation of, and, if needed, the restoration of
electronic information and communications systems and
9. services (and the information contained therein) to ensure
confidentiality, integrity, and availability”, Department of
Homeland Security (DHS) National Infrastructure Protection
Plan,
2009. http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf.
“Cyber infrastructure includes electronic information and
communication systems, and the information contained in these
systems.
…Information and communications systems are composed of
hardware and software that process, store, and communicate
data of all types. Processing includes the creation, access,
modification, and destruction of information. Storage includes
paper,
magnetic, electronic, and all other media types.
Communications include sharing and distribution of
information."
National Infrastructure Protection Plan (2009, Revised and
Updated 2013)
http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf
4
10. Cybersecurity risks to NG911 systems,
such as those shown in Figure 3, have
severe potential impacts, including loss
of life or property because of hampered
response operations; job disruption for
affected network users; substantial
financial costs from the unauthorized
use of data and subsequent resolution;
and potential lawsuits from those
whose data is breached or whose lives
are adversely affected. To understand
the significance of different risks to the
confidentiality, integrity, or availabity
of a NG911 system, the terms threat,
vulnerability, likelihood, and
consequence must be understood.
Threats. Threats are anything that has
the potential to harm the system and
are produced by “threat actors.” There are a variety of potential
actors, each with different intent and
capabilities to carry out an attack. By understanding the
motivations and capabilities of those responsible
for launching attacks, system administrators can better
11. anticipate the types of attacks they might face and
better protect data and assets that are likely targets. Threat
actors who have caused real-world damage
include, but are not limited to, those in Figure 4:
In addition to attacks, unintentional threats can disrupt the
confidentiality, integrity, or availability of
NG911 systems. Unintentional threat actors include employees,
vendors, contractors, or subcontractors.
For example, one of these actors could:
• Improperly safeguard data when sending or storing (for
example, not using proper encryption, sending
data to unauthorized individuals, putting weak protection on
databases)
• Enter typing mistakes that result in loss of data integrity
• Accidentally make a data resource unavailable when
performing maintenance or upgrade operations
• Not follow physical or cyber protection procedures
• Improperly test or maintain back-up systems and power
sources
Figure 4:
Threat Actors
12. structure, private or public, and acts with few constraints
.Manager of
organized crime organization with significant resources
from intrusion or destruction of property, without agenda
gatherer external to the company (includes cyber methods)
-sponsored spy or
agent as a trusted insider, supporting idealistic goals
-sponsored
attacker with significant resources to affect major disruption
-state……………………………………………….A
sovereign territory with significant resources to cause harm
Activist……………………………………………...Highly
motivated, potentially destructive supporter of cause
of violence to support personal socio-political agenda
Figure 3: Potential Risks to NG911 System Components
5
13. Vulnerabilities. Vulnerabilities are weaknesses
in a system, network, or asset that could enable an
undesired outcome, such as a network outage or
security breach. Vulnerabilities take two forms,
those that are vulnerable to external threats and
those that are vulnerable to internal threats. One
of the key tactics of an attacker is to gain credentials
and access to a network, and then exploit
vulnerabilities within the network as a seemingly
“trusted entity.” Vulnerabilities can also be within
a network and available to malicious threat actors
who gain access to the internal system, either
improperly (through hacking) or by misusing their current
position (insider threats). These actors
typically take advantage of databases or system applications
with bad encryption, poor authorization
and access control measures or policies, and interconnections or
interfaces with an external network or
entity. With vast interconnection possibilities, PSAPs may
suffer from vulnerabilities associated with
systems for which they have not contributed funds, hold no
direct authority, or provide other resources
to support beyond network access and perhaps mutual-aid
agreements—even if they share redundancies,
14. databases, or other resources. In addition, different vendor
implementations using proprietary
technologies can lead to varying degrees of protection and
interoperability, even when addressing
the same standards and system requirements. NG911
developments have focused primarily on
deployment or modernization projects, but rarely on the
governance and oversight of cyber risk
management that are critical to cybersecurity.
Likelihood. Likelihood refers to the possibility that a risk
scenario could occur. Determining the
likelihood of a risk depends on the level of both the threat and
the vulnerability and is the probability that
a given threat type will exploit a set of vulnerabilities, resulting
in the occurrence of a risk. For example,
if a system has no vulnerabilities, the likelihood of risk is low
even if there is a significant threat because
the threat would have nothing to exploit. On the other hand, if
the system contains a significant
vulnerability but there is no threat to exploit it, the likelihood
of a risk will be equally low. A risk with
both a greater threat and greater vulnerability level is much
more likely to occur than one with a low
threat and low vulnerability level.
15. Consequences. While the potential consequences of
cybersecurity breaches depend in large part on
the type of breach, the severity of the breach is determined by
its ability to impact and degrade NG911
systems and PSAP operations, or its ability to harm the citizens
they serve and the public’s confidence in
911 systems. Additional consequences include loss of sensitive
records, including personal information
about citizens, law enforcement data, critical infrastructure
information, healthcare data, dispatch
information, and possible legal liability for parties responsible
for protecting the systems. When
evaluating potential consequences, it is important for
administrators to assume the worst possible
outcome. For example, a particular type of data breach could be
small and insignificant, but
Example Vulnerabilities
Old Systems: Systems that are out of date or past their
lifecycle that lack modern security measures
Shared Systems: Shared systems/databases with other
entities that have not employed security measures
Lack of Diversity and Redundancy: Lack of diverse routing
for communications or redundancy for electric power
16. decreases resilience
Lack of Security Policies: Ad hoc or non-existent security
policies enable insiders to accidently or intentionally disrupt
operations and/or security
6
administrators should account for the greatest reasonable
consequence if that data breach were to occur.
Because it is impossible to address every risk, it is helpful to
look at which risks are more likely to occur
to make more informed decisions about where to best allocate
resources to ensure the most risk reduction.
However, likelihood is only one part of the equation—the
consequences of risks must also be assessed.
Improving NG911 Cybersecurity Posture
Given the dynamic nature of technology and the evolving cyber
risk landscape, organizations should
adopt a cybersecurity framework. An effective framework
enables response organizations to:
• Identify new and evolving risks
17. • Assess and prioritize risks
• Develop and prioritize mitigation stategies based
on cost-benefit analysis and other factors
• Evaluate the impacts of mitigation
implementation
• Develop an approach to detection and effective
response and recovery procedures
The Department of Homeland Security (DHS)
strongly recommends adopting the NIST
Cybersecurity Framework, which is a flexible, risk-
based approach to improving the security of critical
infrastructure.5 Collaboratively developed between
government and the private sector, the framework is
based on industry standards and best practices and can
be used for NG911 systems. The NIST Cybersecurity
Framework is designed to complement an existing cybersecurity
risk management process or to develop
a credible program if one does not exist. Figure 5 demonstrates
the five core tenets of the NIST
Framework: identify, protect, detect, respond, and recover.
More information, including informative
18. reference for addressing each tenet can be found in the
Framework.
5 The most recent NIST Cybersecurity Framework and related
newsletters are available at
http://www.nist.gov/cyberframework/.
Risk = the likelihood of a threat exploiting a vulnerability
and the potential consequence or impact of that event
Figure 5: NIST Framework Core Structure
http://www.nist.gov/cyberframework/
7
Identifying and Assessing Risks
Regardless of the cybersecurity framework chosen,
administrators will need to identify, evaluate
and prioritize risks for their organization. Figure 6 provides a
sample risk assessment process.
Figure 6: Sample Risk Assessment Plan (to be followed with
19. mitigation and response/recovery)
8
Mitigating Risks: Protect and Detect
While no single mitigation strategy can comprehensively
address all the risk scenarios identified, the
individual evaluation of mitigation techniques may identify
complementary mitigation strategies for
creation of a broad-reaching, holistic approach. In general,
mitigation strategies aim to either prevent
and protect against an identified risk being exploited, or seek to
ensure timely awareness of a
cybersecurity breach or occurrence. Mitigation strategies
should employ safeguards that decrease the
impact of a risk, if exploited, on the organization and its ability
to deliver critical services.
Table 1 describes sample mitigation strategies for NG911
cybersecurity. This list is not exhaustive and
should not replace a comprehensive requirements analysis;
however, it is intended to provide a starting
point for requirements, planning, and implementation. Some
20. elements may be addressed through
nationwide standards, industry best practices, or policy
guidance, while others may be developed and
practiced by PSAP administrators.
SAMPLE Strategy Description
Access Privileges Ensure access privileges are used
appropriately are restricted to appropriate personnel
and that privilege elevations
Application Layer Determine application layer interoperability
requirements and standards and
Protect
Interoperability implement a process for regular review and
update
Authentication And
Identity Management
Develop and implement policies on authentication and identity
management
that are applied uniformly and meet public safety requirements
21. for
performance, security, and time-sensitive mission demands
Capacity Planning Engage in assessing capacity assets
requirements for PSAP infrastructure and
Data Encryption Develop requirements for data encryption that
apply to both primary back-up data
and
Database Back-Up Develop guidance or policies for performing
and retrieving database backups
Information Security
Policies
Establish and enforce consistent information security policies
and ensure
those policies are continually updated as new threats and
technologies
emerge
Training Develop role-specific training requirements for users
and administrators, include training on security, resiliency, and
operations
22. to
Continuous Develop continuous diagnostics and mitigation
capabilities or use existing
Detect
Monitoring government capabilities
Log Management
And Audit
Capabilities
Ensure that log management and audit capabilities,
are strong, appropriate, and responsive
policies, and technology
Physical Security Develop and implement physical security and
access control policies for
And Access Control facilities
Table 1: Sample NG911 Security Mitigation Strategies (non-
comprehensive)
23. 9
Exploited Risks: Response and Recovery
Incident Response Teams (IRTs), incident response plans,
recovery or resiliency plans, and continuity
of operations plans are useful in cybersecurity incident
response. PSAP administrators may
consider establishing a Computer Security Incident Response
Team (CSIRT) or reach an agreement
with US-CERT to assist in carrying out cybersecurity planning.
US-CERT is a CSIRT run by the DHS
National Cybersecurity and Communications Integration Center
(NCCIC).6 A CSIRT serves as a
centralized location to report and analyze security issues within
an organization. A CSIRT may also
recommend potential solutions to the threats and publicize
known threats, vulnerabilities, and solutions
generally or to a specific information-sharing community. The
CSIRT could also work with hardware
and software vendors to obtain information about vulnerabilities
and potential solutions.
Leveraging federal resources, such as US-CERT, can aid in the
protection of the NG911 system and its
data. In addition, coordinating response and recovery efforts
24. with the Statewide Interoperability
Coordinator (SWIC), State Single Points of Contact (SPOC),
and other PSAP administrators can
increase cybersecurity posture. Sample response and recovery
actions are shown in Figure 2.
Table 2: Sample NG911 Response and Recovery Actions (non-
comprehensive)
SAMPLE
Action Description
Response
• Incident Response Plan. Develop incident response plans,
policies, and capabilities for
the networks, personnel and user equipment that prevent
expansion of the event, mitigate
its effects, and eradicate the incident
• Incident Response Team. Establish an incident response team
with or utilize existing
capabilities like US-CERT to ensure response activities are
coordinated with appropriate
stakeholders
25. • Contain Cybersecurity Event. Execute response processes and
procedures, preventing
expansion of the event, mitigate its effects, and eradicate the
incident
• Deploy IRT. Coordinate with internal and external
stakeholders, as appropriate, including
external support from law enforcement agencies and response
centers, such as US-CERT
Recovery
• Recovery Plan. Develop and implement the appropriate
activities to maintain plans for
resilience and to restore any capabilities or services that were
impaired due to a
cybersecurity event
• Continuity Planning7. Establishing and maintaining
redundancy is a key strategy that
promotes network reliability, resiliency, and continuity of
service
• Coordination. Restoration activities are coordinated with
internal and external parties,
26. such as coordinating centers, internet service providers, owners
of attacking systems,
victims, response partners, and vendors
• Process Improvements. Recovery planning processes and
strategies are improved by
incorporating lessons learned into future activities. Response
personnel should be trained
on the latest security, resiliency, continuity and operational
practices and maintain in-
service training as new technology and methods are made
available
6 See: https://www.us-cert.gov/ccubedvp.
7 For continuity recommendations, see FEMA’s Continuity
Guidance Circular (CGC) 1 and 2 available at
http://www.fema.gov/media-library/resources-
documents/collections/343
https://www.us-cert.gov/ccubedvp
http://www.fema.gov/media-library/resources-
documents/collections/343
10
27. Actions for Improving NG911 Cybersecurity
This document provides an overview of the cyber risks that will
be faced by NG911 systems. It is
intended to serve only as an informational tool for system
administrators to better understand the full
scope and range of potential risks, as well as recommend
mitigations to these risks. The following actions
are provided for system administrators intending to improve
their NG911 systems:
• Adopt a “security first” perspective. Cybersecurity has
become an integral part of mission
function and operations for NG911 systems. Working with
others within the NG911 community,
government, industry, and academia to establish consistent
standards, policies, procedures,
interoperability and implementation guidance for NG911
deployments is crucial.
• Leverage historically-successful cybersecurity strategies.
Researching available references and
resources, as well as gathering experiences from other NG911
community members, is important
to constructing the ideal solution set for each NG911 system’s
28. unique circumstances.
• Establish a CSIRT or reach an agreement with US-CERT to
assist in carrying out
cybersecurity planning. A CSIRT serves as a centralized
location to report, analyze, and respond
to security issues within an organization. Tracking
developments in the cybersecurity field and
providing prioritized implementation of cybersecurity solutions
are also CSIRT activities.
• Establish a cybersecurity risk framework. The NIST
Cybersecurity Framework is highly
recommended as a flexible, risk-based approach to improving
the security of critical infrastructure.
• Identify, evaluate, and prioritize risks using a community-
based risk assessment process.
This process should account for threats, vulnerabilities, and
consequences associated with system
assets. To identify and assess vulnerabilities in their own
systems, PSAP administrators should
work closely with all partners with whom they interconnect,
such as service providers, neighboring
jurisdictions, and other agencies in order to identify the full
29. architecture of their system and assess
it for physical and network vulnerabilities. This assessment
should also include a review of their
current processes and standard operating procedures against
available government and industry
cybersecurity best practices and standards.
• Develop mitigations. An examination of the likelihood and
consequences of attacks should help
to prioritize and inform mitigation strategies. Using both
prevention and detection techniques,
administrators should strive to negate or decrease the impact of
an attack. Researching available
mitigation techniques and employing them in a prioritized
fashion will produce a comprehensive
cybersecurity solution.
• Solidify Response and Recovery actions. Establishing a
CSIRT and developing incident
response plans, policies, and capabilities for the networks,
personnel, and user equipment can
prevent expansion of the event, mitigate its effects, and
eradicate the incident. These efforts should
be supported by regular training and exercises and coordination
with external parties so that all
30. participants are aware and capable of their role during and after
an event.
11
Once risks are identified and protection mitigations are in place,
the NG911 community has an
opportunity to focus on detection and advance planning.
Instead of focusing on the individual
cybersecurity events and data recovery, an effective framework
uses data analytics in PSAPs, joint field
offices, and emergency operations centers to accelerate and
automate analysis, and to shift from a posture
of “what just happened, and how do we fix it?” to “what is
going to happen, and how can we prevent
it?” The NG911 community should remain in front of potential
cyber events through its ability to feed
relevant event data to emergency operation centers, fusion
centers, and cyber centers.
Resources
Table 3 provides a list of resources to assist NG911
administrators improving the cybersecurity posture
31. of their systems.
Organization Resource Name Description and Link
Department of
Homeland Security
(DHS)
Office of Emergency
Communications
DHS offers a collection of programs and initiatives that can be
applied to reduce NG911 cyber risks.
Many of these efforts support approved missions that cover
federal, state, and local users, as well
as public and private critical infrastructure entities.
http://www.dhs.gov/office-emergency-communications
National Cybersecurity and
Communications
Integration Center (NCCIC)
NCCIC is a 24/7 cyber monitoring, incident response, and
management center. Organizations can
leverage NCCIC’s United States Computer Emergency
32. Readiness Team (US-CERT) for cybersecurity
information and assistance.
http://www.dhs.gov/national-cybersecurity-communications-
integration-center
Federal
Communications
Commissions (FCC)
Legal and Regulatory
Framework for NG911
Services
An overview on the development and creation of a NG911
network that provides specific citations from
the FCC on statutory requirements and funding possibilities.
https://apps.fcc.gov/edocs_public/attachmatch/DOC-
319165A1.pdf
Communications Security,
Reliability and
Interoperability Council
(CSRIC)
CSRIC’s mission is to provide recommendations to the FCC to
33. ensure, among other things, optimal
security and reliability of communications systems, including
telecommunications, media, and public
safety. Guidance includes:
• Transition to Next Generation 9-1-1.
https://transition.fcc.gov/pshs/docs/csric/CSRIC-WG4B-Final-
Report.pdf
• Cybersecurity Risk Management and Best Practices.
https://transition.fcc.gov/pshs/advisory/csric4/CSRIC_WG4_Re
port_Final_March_18_2015.pdf
Task Force on Optimal
PSAP Architecture
(TFOPA): Optimal
Cybersecurity Approach for
PSAPs
The TFOPA is a federal advisory committee chartered under the
Federal Advisory Committee Act to
provide recommendations to the FCC regarding actions that
PSAPs can take to optimize their
security, operations, and funding as they migrate to NG911.
https://transition.fcc.gov/pshs/911/TFOPA/TFOPA_WG1_FINA
L_Report-121015.pdf
34. National 911
Program 911.gov
911.gov is a comprehensive resource for all things related to
NG911. The website includes a
resource center with an information clearinghouse, a Technical
Assistance Center, and a 911 profile
database for tracking the progress of 911 authorities around the
Nation in enhancing their systems
and deploying NG911 capabilities. www.911.gov
National
Emergency Number
Assoc. (NENA)
Standards (including i3 and
NG-SEC)
NENA’s website contains a complete archive of all its 911
standards, including those related to
NG911, such as NG-SEC standard (NENA 75-001).
https://www.nena.org/?page=Standards
National Institute of
35. Standards and
Technology (NIST)
Cybersecurity Framework
The NIST Cybersecurity Framework is a prioritized, flexible,
repeatable, and cost-effective approach
that can help NG911 system administrators manage
cybersecurity-related risk.
http://www.nist.gov/cyberframework/
Recommendations on
Cybersecurity (Special
Publications 800/1800
Series)
NIST’s 800 and 1800 series provides targeted cybersecurity
guidance and are strongly encouraged to
be incorporated into cybersecurity planning.
http://csrc.nist.gov/publications/PubsSPs.html#SP800
Table 3: NG911 Resources
http://www.dhs.gov/office-emergency-communications
http://www.dhs.gov/office-emergency-communications
http://www.dhs.gov/national-cybersecurity-communications-