11/1/2015 search.proquest.com/criminaljusticeperiodicals/printviewfile?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewfile?accountid=33337 1/8
Abstract
Full Text
Back to previous page
document 1 of 1
Tracking the CybercrimeTrail
Sartin, Bryan. Security Management 48.9 (Sep 2004): 95100.
Private cybercrime investigators and law enforcement can collaborate to both protect the bottom line and
stem crime. In the case discussed, several credit card associations and major credit card issuers began to
notice increasing instances of fraud over a threeor fourmonth stretch. By looking at the patterns and types
of fraud and tying that information back to common points, they believed they had identified one company as
the source of the fraud. They contacted the company and asked them to cooperate with forensic examiners
from Ubizen who would be sent to their site to investigate the possibility that a security breach had occurred
within their production network environment. The primary objective of the forensic investigations was to
determine the source and full extent of the breach. If sufficient evidence was found to prove that a crime had
been committed, another objective would be to assist law enforcement in gathering additional evidence for
prosecution. The team conducted an indepth analysis of the fraud patterns and found that the fraud resulted
from duplicated credit cards used in cardpresent transactions.
Headnote
In addition to knowing how to follow the bits of evidence, forensic detectives must know how to work with law
enforcement.
IN SPRING OF 2003, several credit card associations and major credit card issuers began to notice increasing
instances of fraud over a threeor fourmonth stretch. By looking at the patterns and types of fraud and tying
that information back to common points, they believed they had identified one company (we'll call them
Company A) as the source of the fraud. While the patterns of evidence pointed to Company A, it was still too
circumstantial to call in law enforcement. Hard evidence was needed. So the associations and credit card
issuers joined forces and contacted Ubizen (the author's company), which conducts cybercrime investigations.
They also contacted Company A and asked them to cooperate with forensic examiners from Ubizen who would
be sent to their site to investigate the possibility that a security breach had occurred within their production
network environment. Company A officials said that they were not aware of any security breach, but they
agreed to work with the investigators.
Company A is a software company that provides electronic payment software to numerous retail outlets,
including restaurants, retail stores, and Internet companies. Company A's core business is its payment
gateway service that processes credit card and check transactions. While the majority of Company A's
transactions come from the Internet, wireless transactions are also common. The .
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docxdickonsondorris
Unit VI Case Study
Headnote
In addition to knowing how to follow the bits of evidence, forensic detectives must know how to work with law enforcement.
IN SPRING OF 2003, several credit card associations and major credit card issuers began to notice increasing instances of fraud over a three-or four-month stretch. By looking at the patterns and types of fraud and tying that information back to common points, they believed they had identified one company (we'll call them Company A) as the source of the fraud. While the patterns of evidence pointed to Company A, it was still too circumstantial to call in law enforcement. Hard evidence was needed. So the associations and credit card issuers joined forces and contacted Ubizen (the author's company), which conducts cybercrime investigations. They also contacted Company A and asked them to cooperate with forensic examiners from Ubizen who would be sent to their site to investigate the possibility that a security breach had occurred within their production network environment. Company A officials said that they were not aware of any security breach, but they agreed to work with the investigators.
Company A is a software company that provides electronic payment software to numerous retail outlets, including restaurants, retail stores, and Internet companies. Company A's core business is its payment gateway service that processes credit card and check transactions. While the majority of Company A's transactions come from the Internet, wireless transactions are also common. The two different types of transactions are routed through two separate payment gateways, and together they often account for more than 200,000 electronic payment transactions daily.
The primary objective of the forensic investigations "was to determine the source and full extent of the breach. If sufficient evidence was found to prove that a crime had been committed, another objective would be to assist law enforcement in gathering additional evidence for prosecution.
Discovery. Before arriving at the company's site, the forensic team conducted an exhaustive discovery process. This advance work would enable the forensic team to hit the ground running when they went on to the company site.
Stolen data. The team conducted an in-depth analysis of the fraud patterns and found that the fraud resulted from duplicated credit cards used in "card-present transactions." These are seenarios where legitimate account numbers are fraudulently reproduced on unauthorized duplicate cards and used by criminals to purchase goods or services in person, often using matching falsified information.
For a criminal to duplicate a credit card with account information that will pass muster, he or she must have gotten access to the data contained in the magnetic stripe on the back of a card. A credit card magnetic stripe contains two separate tracks of information. Track 1 data contains information printed on the card, such as the cardholder's name, bu ...
Case in PointInaction Caused Costly Hacking At Large Retailer.docxcowinhelen
Case in Point
Inaction Caused Costly Hacking At Large Retailer
November/December 2008
By Jon J. Lambiras, J.D., CFE, CPA
Hackers penetrated a large retailer's central database and stole at least 45 million credit card and debit card numbers along with 456,000 customers' personal information. Fraudulent charges approaching $100 million appeared around the world. The worst part? The company essentially rolled out the red carpet to the hackers by not installing industry-standard safeguards.
This article is excerpted and adapted from "Computer Fraud Casebook: The Bytes that Byte," edited by Joseph T. Wells, CFE, CPA, to be published in January, 2009 by John T. Wiley & Sons Inc.
According to nationwide news reports, hackers pointed a telescope-shaped antenna toward a U.S. retail store. A laptop computer helped decode data streaming through the air among handheld inventory management devices, cash registers, and store computers. From there, the hackers found their way into the company's central database at its headquarters more than 1,000 miles away. The hackers' entry point was an outdated wireless network connected to a computer system plagued with a host of data securityshortfalls.
What followed was one of the biggest data-security breaches in history. At least 45 million credit card and debit card numbers were stolen, along with approximately 456,000 customers' driver's license, state, or military identification (personal ID) numbers with accompanying names and addresses. Many of the personal ID numbers were the same as the customers' Social Security numbers.
The hackers sold much of the stolen data on Web sites used to traffic stolen information. One cardholder's account experienced unauthorized transactions at a large discount store and at online vendors. Another account had $45,000 in fraudulent charges for gift cards. Fraudulent charges approaching $100 million surfaced throughout the United States and as far away as Mexico, Italy, Sweden, Thailand, China, Japan, and Australia.
At the heart of the data breach is RackCo, a major U.S. retailer. (All names have been changed in this article.) Parent company to a chain of several stores, there are collectively more than 2,000 retail locations throughout the United States. The business boasts $17 billion in annual sales worldwide.
At first blush, RackCo appears to be a helpless victim of a highly specialized gang of data thieves. But a closer look shows that, because of numerous violations of core data security standards, the company essentially invited the hackers in. As a result, the fraudsters methodically stole data from RackCo's computer system within a year and a half.
(I'm an attorney involved in litigation against RackCo. In light of my role in the litigation, this case study is limited, by necessity, to publicly available information. The data breach was high-profile, so there's much information in major national media. I don't attest to the accuracy of the information fro.
Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States.
Investigators in both countries uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called “phishing.” The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal financial information.
The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego.
Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing
Defendants were accused with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering
Explore the gripping history of cyberattacks targeting leading law firms. Uncover motives, methods, and consequences behind notorious breaches. Discover the cutting-edge strategies employed to defend against cyber threats.
This ebook is an essential resource for legal professionals, cybersecurity experts, and anyone interested in the dynamic intersection of law and technology. It sheds light on the evolving nature of cybercrime and emphasizes the critical importance of proactive cybersecurity measures in today's digital era.
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docxdickonsondorris
Unit VI Case Study
Headnote
In addition to knowing how to follow the bits of evidence, forensic detectives must know how to work with law enforcement.
IN SPRING OF 2003, several credit card associations and major credit card issuers began to notice increasing instances of fraud over a three-or four-month stretch. By looking at the patterns and types of fraud and tying that information back to common points, they believed they had identified one company (we'll call them Company A) as the source of the fraud. While the patterns of evidence pointed to Company A, it was still too circumstantial to call in law enforcement. Hard evidence was needed. So the associations and credit card issuers joined forces and contacted Ubizen (the author's company), which conducts cybercrime investigations. They also contacted Company A and asked them to cooperate with forensic examiners from Ubizen who would be sent to their site to investigate the possibility that a security breach had occurred within their production network environment. Company A officials said that they were not aware of any security breach, but they agreed to work with the investigators.
Company A is a software company that provides electronic payment software to numerous retail outlets, including restaurants, retail stores, and Internet companies. Company A's core business is its payment gateway service that processes credit card and check transactions. While the majority of Company A's transactions come from the Internet, wireless transactions are also common. The two different types of transactions are routed through two separate payment gateways, and together they often account for more than 200,000 electronic payment transactions daily.
The primary objective of the forensic investigations "was to determine the source and full extent of the breach. If sufficient evidence was found to prove that a crime had been committed, another objective would be to assist law enforcement in gathering additional evidence for prosecution.
Discovery. Before arriving at the company's site, the forensic team conducted an exhaustive discovery process. This advance work would enable the forensic team to hit the ground running when they went on to the company site.
Stolen data. The team conducted an in-depth analysis of the fraud patterns and found that the fraud resulted from duplicated credit cards used in "card-present transactions." These are seenarios where legitimate account numbers are fraudulently reproduced on unauthorized duplicate cards and used by criminals to purchase goods or services in person, often using matching falsified information.
For a criminal to duplicate a credit card with account information that will pass muster, he or she must have gotten access to the data contained in the magnetic stripe on the back of a card. A credit card magnetic stripe contains two separate tracks of information. Track 1 data contains information printed on the card, such as the cardholder's name, bu ...
Case in PointInaction Caused Costly Hacking At Large Retailer.docxcowinhelen
Case in Point
Inaction Caused Costly Hacking At Large Retailer
November/December 2008
By Jon J. Lambiras, J.D., CFE, CPA
Hackers penetrated a large retailer's central database and stole at least 45 million credit card and debit card numbers along with 456,000 customers' personal information. Fraudulent charges approaching $100 million appeared around the world. The worst part? The company essentially rolled out the red carpet to the hackers by not installing industry-standard safeguards.
This article is excerpted and adapted from "Computer Fraud Casebook: The Bytes that Byte," edited by Joseph T. Wells, CFE, CPA, to be published in January, 2009 by John T. Wiley & Sons Inc.
According to nationwide news reports, hackers pointed a telescope-shaped antenna toward a U.S. retail store. A laptop computer helped decode data streaming through the air among handheld inventory management devices, cash registers, and store computers. From there, the hackers found their way into the company's central database at its headquarters more than 1,000 miles away. The hackers' entry point was an outdated wireless network connected to a computer system plagued with a host of data securityshortfalls.
What followed was one of the biggest data-security breaches in history. At least 45 million credit card and debit card numbers were stolen, along with approximately 456,000 customers' driver's license, state, or military identification (personal ID) numbers with accompanying names and addresses. Many of the personal ID numbers were the same as the customers' Social Security numbers.
The hackers sold much of the stolen data on Web sites used to traffic stolen information. One cardholder's account experienced unauthorized transactions at a large discount store and at online vendors. Another account had $45,000 in fraudulent charges for gift cards. Fraudulent charges approaching $100 million surfaced throughout the United States and as far away as Mexico, Italy, Sweden, Thailand, China, Japan, and Australia.
At the heart of the data breach is RackCo, a major U.S. retailer. (All names have been changed in this article.) Parent company to a chain of several stores, there are collectively more than 2,000 retail locations throughout the United States. The business boasts $17 billion in annual sales worldwide.
At first blush, RackCo appears to be a helpless victim of a highly specialized gang of data thieves. But a closer look shows that, because of numerous violations of core data security standards, the company essentially invited the hackers in. As a result, the fraudsters methodically stole data from RackCo's computer system within a year and a half.
(I'm an attorney involved in litigation against RackCo. In light of my role in the litigation, this case study is limited, by necessity, to publicly available information. The data breach was high-profile, so there's much information in major national media. I don't attest to the accuracy of the information fro.
Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States.
Investigators in both countries uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called “phishing.” The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal financial information.
The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego.
Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing
Defendants were accused with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering
Explore the gripping history of cyberattacks targeting leading law firms. Uncover motives, methods, and consequences behind notorious breaches. Discover the cutting-edge strategies employed to defend against cyber threats.
This ebook is an essential resource for legal professionals, cybersecurity experts, and anyone interested in the dynamic intersection of law and technology. It sheds light on the evolving nature of cybercrime and emphasizes the critical importance of proactive cybersecurity measures in today's digital era.
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docxbudbarber38650
Francophoned – A Sophisticated Social Engineering Attack
By: Symantec Security Response ngRepeat: badge in author.badges SYMANTEC EMPLOYEE end ngRepeat: badge in author.badges
Created 28 Aug 2013 ngIf: privateContentItem ngIf: coAuthors.length
· 0 Comments ngIf: translationLinks.length Translations: ngRepeat: link in controller.listItems 日本語 end ngRepeat: link in controller.listItems end ngIf: translationLinks.length Share
ngIf: videoEmbed
In April 2013, the administrative assistant to a vice president at a French-based multinational company received an email referencing an invoice hosted on a popular file sharing service. A few minutes later, the same administrative assistant received a phone call from another vice president within the company, instructing her to examine and process the invoice. The vice president spoke with authority and used perfect French. However, the invoice was a fake and the vice president who called her was an attacker.
The supposed invoice was actually a remote access Trojan (RAT) that was configured to contact a command-and-control (C&C) server located in Ukraine. Using the RAT, the attacker immediately took control of the administrative assistant’s infected computer. They logged keystrokes, viewed the desktop, and browsed and exfiltrated files.
These tactics, using an email followed up by a phone call using perfect French, are highly unusual and are a sign of aggressive social engineering. In May 2013, Symantec Security Response published details on the first attacks of this type targeting organizations in Europe. Further investigations have revealed additional details of the attack strategy, attacks that are financially motivated and continue to this day.
Aggressive tactics
Many organizations and their banks employ defenses to prevent unauthorized money transfers. However, the attackers exercised additional aggressive social engineering tactics to defeat each of the defensive practices. For example, in one instance:
· The attacker initially compromised systems within an organization using their RAT.
· Once the systems were infected with the RAT, the attacker retrieved identifying information, including disaster recovery plans, of the organization’s bank and telecom providers, its points of contact with both providers and its bank and telecom account data.
· Using this data, the attacker was able to impersonate a company representative and called the organization’s telecom provider. They proved their authenticity to the telecom provider, claimed that a physical disaster had occurred and said that they needed all of the organization’s phone numbers to be redirected to attacker-controlled phones
· Immediately following the phone number redirection, the attacker faxed a request to the organization’s bank, requesting multiple large-sum wire transfers to numerous offshore accounts.
· As this was an unusual transaction, the bank representative called the organization’s number on record to validate the transaction. Th.
Securing information in the New Digital Economy- Oracle Verizon WPPhilippe Boivineau
Situation : A lucrative information black market has created a data breach epidemic. The perimeter security that most IT organizations depend on has become largely ineffective.
Why it matters : IT organizations devote almost 70% of security resources to perimeter security controls, but while
the threats are external, the vulnerabilities exploited are mostly internal.
Call to Action : Securing the new digital economy means thinking security inside out and focusing more on data and
internal controls.
Accessing Password Protected andor Encrypted Mobile DataAbstrac.docxnettletondevon
Accessing Password Protected and/or Encrypted Mobile Data
Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.
Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsAppI. Introduction
As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication dataonly to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.
The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.
Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.
As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law .
9 Trends in Identity Verification (2023) by RegulaRegula
Regula held an internal panel discussion and compiled nine expert opinion-based identity verification trends to watch and leverage in 2023. You can find the full text in our blog: https://regulaforensics.com/blog/identity-verification-trends-2023/
Introduction, How data leakage takes place, Biggest data breaches of the 21st century, Existing data leakage detection techniques, Disadvantages of existing techniques, Future scope of Data Leakage Detection ,Applications, Conclusion
The paper explains the various strategies used by cyberrcriminals and the mesures to be adopted by the law enforcement officers or security service to combat cyber criminality. It also presents future targets and some reasons for collaboration between the security service and security students.
Identity crime is well known, prevalent, and costly, and credit application scam is a specific case of identity crime. The existing no data mining recognition system of business rules and scorecards and known scam matching have confines. To address these confines and combat identity crime in real time, this paper proposes a new multilayered discovery system complemented with two additional layers: communal detection (CD) and spike detection (SD). CD finds real social relationships to reduce the suspicion score, and is tamper unaffected to synthetic social relationships. It is the whitelist-oriented methodology on a fixed set of attributes. SD finds spikes in false to increase the suspicion score, and is probe-unaffected for elements. It is the attribute-oriented approach on a variable-size set of elements. Together, CD and SD can detect more types of attacks, better account for changing legal activities, and remove the redundant elements. Experiments were carried out on CD and SD with several million real credit applications. Results on the data support the suggestion that successful credit application scam patterns are sudden and exhibit sharp spikes in false. Although this research is specific to credit application scam recognition, the concept of flexibility, together with adaptively and quality data discussed in the paper, are general to the model, implementation, and evaluation of all recognition systems.
Balancing Security and Customer ExperienceTransUnion
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customer’s device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, you’ll learn from Max Anhoury, our VP of Global partnerships, about:
* Today’s fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
Your company name
Your name
Instruction Page
1. On the cover page
a. Replace ‘Your Company Name’ with your company name, city and state
b. Replace ‘Date’ with the date of the plan
c. Consider inserting graphics:
i. Company logo
ii. Insert a picture or graphic of your product or service
iii. Photo of your facilities
iv. Photo of your location
2. Replace ‘ENTER YOUR COMPANY NAME HERE’ with your company name on the page with the Statement of Confidentiality & Non-Disclosure
3. Open the document header and enter your company name and your name
4. Update the table of contents as you build your business plan.
Delete this page before submitting your business plan.
Business Plan
Your Company Name Here
City, State
Date
Statement of Confidentiality & Non-Disclosure
THIS BUSINESS PLAN CONTAINS PROPRIETARY AND CONFIDENTIAL INFORMATION.
All data submitted to the receiver is provided in reliance upon its consent not to use or disclose any information contained herein except in the context of its business dealings with ENTER YOUR COMPANY NAME HERE (Company). The recipient of this document agrees to inform its present and future employees and partners who view or have access to the document's content of its confidential nature.
The recipient agrees to instruct each employee that they must not disclose any information concerning this document to others except to the extent such matters are generally known to, and are available for use by, the public. The recipient also agrees not duplicate or distribute or permit others to duplicate or distribute any material contained herein without the Company's express written consent.
The Company retains all title, ownership and intellectual property rights to the material and trademarks contained herein, including all supporting documentation, files, marketing material, and multimedia.
Disclaimer Notice
THIS BUSINESS PLAN IS FOR INFORMATIONAL PURPOSES ONLY AND DOES NOT CONSTITUTE AN OFFER TO SELL OR THE SOLICITATION OF AN OFFER TO BUY ANY SECURITIES.
The Company reserves the right, in its sole discretion, to reject any and all proposals made by or on behalf of any recipient, to accept any such proposals, to negotiate with one or more recipients at any time, and to enter into a definitive agreement without prior notice to other recipients. The company also reserves the right to terminate, at any time, further participation in the investigation and proposal process by, or discussions or negotiations with, any recipient without reason.
BY ACCEPTANCE OF THIS DOCUMENT, THE RECIPIENT AGREES TO BE BOUND BY THE AFOREMENTIONED STATEMENT.
Table of Contents
Introduction and Overview 6
Executive Summary 6
Objectives 6
Mission 6
Keys to Success 6
Company Summary 6
Company Ownership 6
Start-up 6
What We Sell 7
Summary 7
Our products 7
Our services 7
Market Analysis and Sales Forecast 8
Market and Sales Forecast Summary 8
Total Market 8
Target Market Summar.
Your Company NameYour Company NameBudget Proposalfor[ent.docxhyacinthshackley2629
Your Company Name
Your Company Name
Budget Proposal
for
[enter years here]
BUSN278
[Term]
Professor[name]
DeVry University
Table of Contents
Section
Title
Subsection
Title
Page Number1.0Executive Summary
2.0Sales Forecast
2.1Sales Forecast
2.2Methods and Assumptions
3.0Capital Expenditure Budget
4.0Investment Analysis
4.1Cash Flows
4.2NPV Analysis
4.3Rate of Return Calculations
4.4Payback Period Calculations
5.0Pro Forma Financial Statements
5.1Pro Forma Income Statement
5.2Pro Forma Balance Sheet
5.3Pro Forma Cash Budget
6.0Works Cited
7.0Appendices
7.1Appendix 1: [description]
7.2Appendix 2:
[description]
(Please put page numbers in the last column of the table of contents above, because they apply to your finished assignment. Do this after your project is complete. Remove this text and all text that is in italics in this template when finished with your project.)
(Also, please submit your Excel spreadsheet that shows your supporting calculations.)
1.0 Executive Summary
The first paragraph of this executive summary should give a brief description of the business to which this budget applies. Very briefly describe the products and services of this company, the geography or demographics of the customers it serves, and why people purchase the main product of this business. Much or all of this information will be found in the business profile provided to you. Please use your own words, and please do not simply copy and paste the explanation in the course materials. Make assumptions if necessary.
Also, provide a second paragraph that describes how the budget supports the company’s strategy.
Finally, provide a third paragraph in which you summarize the key points from your budget, including the planning horizon; the amount of up-front investment; the NPV, payback, and IRR of the project; and key figures from your income statement, cash budget, and balance sheet.
Remember, this is not a thesis or introduction of what you will talk about—it contains the major, specific content of each section. The second and third paragraphs should be written after you have completed all other sections of this template.
As you complete sections of this template, please remove all italicized text in all sections of this template and replace it with your own text or you will lose points!
2.0 Sales Forecast
Briefly introduce the sales forecast section.
2.1 Sales Forecast
Here you should include a simple table showing the years and the total sales for each year, along with a brief explanation of why sales are expected to rise, fall, change, or stay the same in certain years. Provide a brief explanation of the sales forecast, indicating why you expect sales to rise or fall during the planning horizon. Your explanation should be consistent with the trends and changes in sales found in your table.
Year 1
Year 2
Year 3
Year 4
Year 5
Sales
2.2 Methods and Assumptions
Here you should describe how you arrived at your sales forecast in sect.
More Related Content
Similar to 1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
Find out how to protect your petroleum retail assets from cyber attacks and discover 6 steps to take once you uncover a hack, how to notify data breach victims, what to do if you discover malware, red flags to watch for on social media, and more!
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
Francophoned – A Sophisticated Social Engineering AttackBy Syma.docxbudbarber38650
Francophoned – A Sophisticated Social Engineering Attack
By: Symantec Security Response ngRepeat: badge in author.badges SYMANTEC EMPLOYEE end ngRepeat: badge in author.badges
Created 28 Aug 2013 ngIf: privateContentItem ngIf: coAuthors.length
· 0 Comments ngIf: translationLinks.length Translations: ngRepeat: link in controller.listItems 日本語 end ngRepeat: link in controller.listItems end ngIf: translationLinks.length Share
ngIf: videoEmbed
In April 2013, the administrative assistant to a vice president at a French-based multinational company received an email referencing an invoice hosted on a popular file sharing service. A few minutes later, the same administrative assistant received a phone call from another vice president within the company, instructing her to examine and process the invoice. The vice president spoke with authority and used perfect French. However, the invoice was a fake and the vice president who called her was an attacker.
The supposed invoice was actually a remote access Trojan (RAT) that was configured to contact a command-and-control (C&C) server located in Ukraine. Using the RAT, the attacker immediately took control of the administrative assistant’s infected computer. They logged keystrokes, viewed the desktop, and browsed and exfiltrated files.
These tactics, using an email followed up by a phone call using perfect French, are highly unusual and are a sign of aggressive social engineering. In May 2013, Symantec Security Response published details on the first attacks of this type targeting organizations in Europe. Further investigations have revealed additional details of the attack strategy, attacks that are financially motivated and continue to this day.
Aggressive tactics
Many organizations and their banks employ defenses to prevent unauthorized money transfers. However, the attackers exercised additional aggressive social engineering tactics to defeat each of the defensive practices. For example, in one instance:
· The attacker initially compromised systems within an organization using their RAT.
· Once the systems were infected with the RAT, the attacker retrieved identifying information, including disaster recovery plans, of the organization’s bank and telecom providers, its points of contact with both providers and its bank and telecom account data.
· Using this data, the attacker was able to impersonate a company representative and called the organization’s telecom provider. They proved their authenticity to the telecom provider, claimed that a physical disaster had occurred and said that they needed all of the organization’s phone numbers to be redirected to attacker-controlled phones
· Immediately following the phone number redirection, the attacker faxed a request to the organization’s bank, requesting multiple large-sum wire transfers to numerous offshore accounts.
· As this was an unusual transaction, the bank representative called the organization’s number on record to validate the transaction. Th.
Securing information in the New Digital Economy- Oracle Verizon WPPhilippe Boivineau
Situation : A lucrative information black market has created a data breach epidemic. The perimeter security that most IT organizations depend on has become largely ineffective.
Why it matters : IT organizations devote almost 70% of security resources to perimeter security controls, but while
the threats are external, the vulnerabilities exploited are mostly internal.
Call to Action : Securing the new digital economy means thinking security inside out and focusing more on data and
internal controls.
Accessing Password Protected andor Encrypted Mobile DataAbstrac.docxnettletondevon
Accessing Password Protected and/or Encrypted Mobile Data
Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.
Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsAppI. Introduction
As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication dataonly to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.
The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.
Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.
As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law .
9 Trends in Identity Verification (2023) by RegulaRegula
Regula held an internal panel discussion and compiled nine expert opinion-based identity verification trends to watch and leverage in 2023. You can find the full text in our blog: https://regulaforensics.com/blog/identity-verification-trends-2023/
Introduction, How data leakage takes place, Biggest data breaches of the 21st century, Existing data leakage detection techniques, Disadvantages of existing techniques, Future scope of Data Leakage Detection ,Applications, Conclusion
The paper explains the various strategies used by cyberrcriminals and the mesures to be adopted by the law enforcement officers or security service to combat cyber criminality. It also presents future targets and some reasons for collaboration between the security service and security students.
Identity crime is well known, prevalent, and costly, and credit application scam is a specific case of identity crime. The existing no data mining recognition system of business rules and scorecards and known scam matching have confines. To address these confines and combat identity crime in real time, this paper proposes a new multilayered discovery system complemented with two additional layers: communal detection (CD) and spike detection (SD). CD finds real social relationships to reduce the suspicion score, and is tamper unaffected to synthetic social relationships. It is the whitelist-oriented methodology on a fixed set of attributes. SD finds spikes in false to increase the suspicion score, and is probe-unaffected for elements. It is the attribute-oriented approach on a variable-size set of elements. Together, CD and SD can detect more types of attacks, better account for changing legal activities, and remove the redundant elements. Experiments were carried out on CD and SD with several million real credit applications. Results on the data support the suggestion that successful credit application scam patterns are sudden and exhibit sharp spikes in false. Although this research is specific to credit application scam recognition, the concept of flexibility, together with adaptively and quality data discussed in the paper, are general to the model, implementation, and evaluation of all recognition systems.
Balancing Security and Customer ExperienceTransUnion
Using Device Insight to Balance Fraud Prevention and Customer Experience
Today, your customer’s device has become their proxy for a large percentage of their online retail and banking activity. By using insight from those devices, you can reduce risk and ensure a smooth experience along the entire customer journey.
In this webinar, you’ll learn from Max Anhoury, our VP of Global partnerships, about:
* Today’s fraud and security trends
* What a fraud ring looks like
* The evolving online experience with EMV
* How to create frictionless security across the consumer journey
Your company name
Your name
Instruction Page
1. On the cover page
a. Replace ‘Your Company Name’ with your company name, city and state
b. Replace ‘Date’ with the date of the plan
c. Consider inserting graphics:
i. Company logo
ii. Insert a picture or graphic of your product or service
iii. Photo of your facilities
iv. Photo of your location
2. Replace ‘ENTER YOUR COMPANY NAME HERE’ with your company name on the page with the Statement of Confidentiality & Non-Disclosure
3. Open the document header and enter your company name and your name
4. Update the table of contents as you build your business plan.
Delete this page before submitting your business plan.
Business Plan
Your Company Name Here
City, State
Date
Statement of Confidentiality & Non-Disclosure
THIS BUSINESS PLAN CONTAINS PROPRIETARY AND CONFIDENTIAL INFORMATION.
All data submitted to the receiver is provided in reliance upon its consent not to use or disclose any information contained herein except in the context of its business dealings with ENTER YOUR COMPANY NAME HERE (Company). The recipient of this document agrees to inform its present and future employees and partners who view or have access to the document's content of its confidential nature.
The recipient agrees to instruct each employee that they must not disclose any information concerning this document to others except to the extent such matters are generally known to, and are available for use by, the public. The recipient also agrees not duplicate or distribute or permit others to duplicate or distribute any material contained herein without the Company's express written consent.
The Company retains all title, ownership and intellectual property rights to the material and trademarks contained herein, including all supporting documentation, files, marketing material, and multimedia.
Disclaimer Notice
THIS BUSINESS PLAN IS FOR INFORMATIONAL PURPOSES ONLY AND DOES NOT CONSTITUTE AN OFFER TO SELL OR THE SOLICITATION OF AN OFFER TO BUY ANY SECURITIES.
The Company reserves the right, in its sole discretion, to reject any and all proposals made by or on behalf of any recipient, to accept any such proposals, to negotiate with one or more recipients at any time, and to enter into a definitive agreement without prior notice to other recipients. The company also reserves the right to terminate, at any time, further participation in the investigation and proposal process by, or discussions or negotiations with, any recipient without reason.
BY ACCEPTANCE OF THIS DOCUMENT, THE RECIPIENT AGREES TO BE BOUND BY THE AFOREMENTIONED STATEMENT.
Table of Contents
Introduction and Overview 6
Executive Summary 6
Objectives 6
Mission 6
Keys to Success 6
Company Summary 6
Company Ownership 6
Start-up 6
What We Sell 7
Summary 7
Our products 7
Our services 7
Market Analysis and Sales Forecast 8
Market and Sales Forecast Summary 8
Total Market 8
Target Market Summar.
Your Company NameYour Company NameBudget Proposalfor[ent.docxhyacinthshackley2629
Your Company Name
Your Company Name
Budget Proposal
for
[enter years here]
BUSN278
[Term]
Professor[name]
DeVry University
Table of Contents
Section
Title
Subsection
Title
Page Number1.0Executive Summary
2.0Sales Forecast
2.1Sales Forecast
2.2Methods and Assumptions
3.0Capital Expenditure Budget
4.0Investment Analysis
4.1Cash Flows
4.2NPV Analysis
4.3Rate of Return Calculations
4.4Payback Period Calculations
5.0Pro Forma Financial Statements
5.1Pro Forma Income Statement
5.2Pro Forma Balance Sheet
5.3Pro Forma Cash Budget
6.0Works Cited
7.0Appendices
7.1Appendix 1: [description]
7.2Appendix 2:
[description]
(Please put page numbers in the last column of the table of contents above, because they apply to your finished assignment. Do this after your project is complete. Remove this text and all text that is in italics in this template when finished with your project.)
(Also, please submit your Excel spreadsheet that shows your supporting calculations.)
1.0 Executive Summary
The first paragraph of this executive summary should give a brief description of the business to which this budget applies. Very briefly describe the products and services of this company, the geography or demographics of the customers it serves, and why people purchase the main product of this business. Much or all of this information will be found in the business profile provided to you. Please use your own words, and please do not simply copy and paste the explanation in the course materials. Make assumptions if necessary.
Also, provide a second paragraph that describes how the budget supports the company’s strategy.
Finally, provide a third paragraph in which you summarize the key points from your budget, including the planning horizon; the amount of up-front investment; the NPV, payback, and IRR of the project; and key figures from your income statement, cash budget, and balance sheet.
Remember, this is not a thesis or introduction of what you will talk about—it contains the major, specific content of each section. The second and third paragraphs should be written after you have completed all other sections of this template.
As you complete sections of this template, please remove all italicized text in all sections of this template and replace it with your own text or you will lose points!
2.0 Sales Forecast
Briefly introduce the sales forecast section.
2.1 Sales Forecast
Here you should include a simple table showing the years and the total sales for each year, along with a brief explanation of why sales are expected to rise, fall, change, or stay the same in certain years. Provide a brief explanation of the sales forecast, indicating why you expect sales to rise or fall during the planning horizon. Your explanation should be consistent with the trends and changes in sales found in your table.
Year 1
Year 2
Year 3
Year 4
Year 5
Sales
2.2 Methods and Assumptions
Here you should describe how you arrived at your sales forecast in sect.
Your company recently reviewed the results of a penetration test.docxhyacinthshackley2629
Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified, and the IT security management team has recommended mitigation. The manager has asked you to construct a plan of action and milestones (POA&M) given that the following vulnerabilities and mitigations were identified:
The penetration test showed that not all systems had malware protection software in place. The mitigation was to write a malware defense process to include all employees and retest the system after the process was implemented.
The penetration test indicated that the data server that houses employee payroll records had an admin password of “admin.” The mitigation was to perform extensive hardening of the data server.
The penetration test also identified many laptop computers that employees brought to work and connected to the internal network,some of which were easily compromised. The mitigation was to write a bring your own device (BYOD) policy for all employees and train the employees how to use their devices at work.
Complete
the 1- to 2-page
Plan of Action and Milestones Template
. (Must use this template!)
.
Your company wants to explore moving much of their data and info.docxhyacinthshackley2629
Your company wants to explore moving much of their data and information technology infrastructure to the cloud. The company is a small online retailer and requires a database and a web storefront. Currently, only IT is over budget on database maintenance. The initial analysis points to significant cost savings by moving to a cloud environment.
Research
the differences between Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).
Discuss
the differences between IaaS, SaaS, and PaaS. Give an example of the appropriate use of each of the cloud models (Iaas, SaaS, and PaaS).
.
Your company plans to establish MNE manufacturing operations in Sout.docxhyacinthshackley2629
Your company plans to establish MNE manufacturing operations in South Korea. You have been asked to conduct a cultural audit focusing on leadership behaviors of South Korea. The results of your report will be used for internal training for plant managers due to be reassigned to work with South Korean managers in a few months. You are aware of a high-collectivism culture with a Confucian code of ethical behavior in South Korea. What kinds of South Korean leadership behaviors would you expect to include in your report? Describe these in terms of interaction between the U.S. and Korean managers as well as interaction between Korean leader-followers.
By
Saturday, June 21, 2014
respond to the discussion question assigned by the faculty. Submit your response to the appropriate
Discussion Area
. Use the same
Discussion Area
to comment on your classmates' submissions and continue the discussion until
Wednesday, June 25, 2014
.
Comment on how your classmates would address differing views.
.
Your company just purchased a Dell server MD1420 DAS to use to store.docxhyacinthshackley2629
Your company just purchased a Dell server MD1420 DAS to use to store databases. the databases will contain all employee records and personal identified information (PII). You know that databases like this are often targets. The Chief Information Officer has asked you draft a diagram for the server and 3 connected workstations. The diagram must use proper UML icons.
- Research:
network topology to protect database server (Google Term and click images)
-
Create a diagram using proper UML
icon, the protects the server and the 3 workstations.
-
Include where Internet access will be located
, firewall and other details.
- The
body (Min 1 page)
- Provide a summary after the diagram how and why you topology should protect the database.
.
your company is moving to a new HRpayroll system that is sponsored .docxhyacinthshackley2629
your company is moving to a new HR/payroll system that is sponsored by a firm called Workday.com. You have been asked to oversee the stakeholder management aspects of this project. Identify some of the key stakeholders at your company and describe how you plan to keep them engaged during your year-long project. Be sure to include the appropriate methods since not all of your stakeholders are located at the HQ office in Herndon, VA.
.
Your company is considering the implementation of a technology s.docxhyacinthshackley2629
Your company is considering the implementation of a technology solution to address a business problem. As a member of the IT team for a manufacturing company, you were asked to select a product to address the identified needs, informing the stakeholders about its fit to the identified needs, and providing implementation details. Several past process changes have been unsuccessful at implementation and user acceptance. You will create two artifacts that communicate product information tailored to meet the needs of each of the following stakeholder groups:
• Audience 1: executive leadership of the organization, such as the CIO, CFO, etc.
• Audience 2: cross-functional team, including members from IT who will be implementing the product
.
Your company is a security service contractor that consults with bus.docxhyacinthshackley2629
Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.
Your client is Health Coverage Associates, a health insurance exchange in California and a healthcare covered entity. The Patient Protection and Affordable Care Act (ACA) enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:
A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client protected health information (PHI) that allowed access to PHI stored within the database
An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized to have access to the PHI
An unauthorized access to client accounts through cracking of weak passwords via the company’s website login
Health Coverage Associates would like you to
develop
a security management plan that would address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.
Write
a 1- to 2-page high-level executive summary of the legal and regulatory compliance requirements for Health Coverage Associates executives. The summary should provide
Accurate information on the HIPAA requirements for securing PHI
FISMA and HIPAA requirements for a security plan
Scope of the work you will perform to meet the Health Coverage Associates’ requests
Compile
a 1-to 2-page list of at least 10 of the CIS controls that provide key alignment with the administrative (policies), physical (secured facilities), and technical safeguards required under HIPAA to protect against the attacks listed above. Include corresponding NIST controls mapped to the selected CIS controls.
Write
a 1- to 2-page concise outline of the contents of the security management plan. Include
Policies Health Coverage Associates will need to manage, protect, and provide access to PHI
The recommended risk management framework Health Coverage Associates should adopt
Key elements Health Coverage Associates should include in its plan of actions and milestones
Cite
all sources using APA guidelines.
.
Your company has just sent you to a Project Management Conference on.docxhyacinthshackley2629
Your company has just sent you to a Project Management Conference on the latest trends in project scope management. When you return to work, you will have to provide a report at the staff meeting on what you learned.
In your initial post
, share some of the trends that you heard at the conference. Conduct research and use sources to support your findings. Be sure to acknowledge any sources you use.
.
Your company has designed an information system for a library. The .docxhyacinthshackley2629
Your company has designed an information system for a library. The project included a new network (wired and wireless), a data entry application, a Web site, database and documentation.
Design a generic test plan that describes the testing for an imaginary system, make sure to address unit, integration and system testing.
Create a one-page questionnaire to distribute to users in a post-implementation evaluation of a recent information system project. Include at least 10 questions that cover the important information you want to obtain.
.
Your company has had embedded HR generalists in business units for t.docxhyacinthshackley2629
Your company has had embedded HR generalists in business units for the past several years. Over that time, it has become more costly and more difficult to maintain standards, and is a frustration for business units to have that budget “hit.” The leadership has decided to move to a more centralized model of delivering HR services and has asked you to evaluate that proposition and begin establishing a project team to initiate the needed changes. The project team is selected, and you must now provide general direction.
.
Your company You are a new Supply Chain Analyst with the ACME.docxhyacinthshackley2629
Your company: You are a new Supply Chain Analyst with the ACME Corporation. We design specialty electronics that are components in larger finished goods such as major appliances, automobiles and industrial equipment. Manufacturing is outsourced to low-cost suppliers due to the significant labor contribution and closeness to electronic component suppliers.
Your product: ACME Corp. designs a leading-edge family of devices branded as “Voice Assistants.” These are add-on boxes that many OEMs are using as plug-and-play devices in a wide variety of Internet-of-Things products. They are also sold directly to consumers as after-market items, but only for IoT devices that were built with our proprietary data-port.
Figure 1: Product line of ACME Corp Voice Assistant IoT Add-on Boxes
Your task: Your Chief Supply Chain Officer (CSCO) is requesting a review of supplier-to-customer processes as related to recent growth in our company and increasing demand for faster responsiveness to customers. One alternative is to decentralize our inventory into regional Distribution Centers; however, our ERP system is currently limited in the data available to make some of these decisions – and the output reports are very antiquated. Starting off the process, the CSCO directed that your Analysis Team use population data to pro-rate our national sales data as a starting point. For this analysis, you are asked to focus only on the flagship product, Voice Assistant IoT Add-on Box, 4GB, SKU #123-456789. The challenge is now yours to complete some computations and interpret the results!
Your data: A detailed report from your ERP system along with secondary data from the U.S. Census Bureau (reference: https://www.census.gov/programs-surveys/popest/data/data-sets.html) is provided. (Note: Sales to Alaska, Hawaii and Puerto Rico are handled by a 3PL provider and therefore are NOT part of this analysis.) The consolidated EXCEL® file has incorporated several tasks already performed by the Analysis Team --- sort, cleanse, inventory optimization, etc. Other tasks remain for your team.
Detailed Requirements: Prepare a formal report summarizing your results and providing recommendations that are supported by facts. The required layout follows:
A. Supply Chain Management:
a. Identify a single key supplier and a single key customer for your product, including a brief description of their product.
b. Identify the proper type of business relationship that your company should have with the supplier and customer from Part A, above, then briefly describe the data that you would share with them.
c. When implementing Supply Chain Management with your #1 key supplier for the first time, create a timeline that lists each of the six SCOR processes in the order that you recommend implementation; include process leader (by job title), primary contact at supplier/customer (by job title), and duration to implement.
d. Briefly describe each of the four enablers of supply chain .
Your company has asked that you create a survey to collect data .docxhyacinthshackley2629
Your company has asked that you create a survey to collect data on customer satisfaction related to their health care experience at your hospital.
Assignment Details (4-5 pages)
Please Add Title to page
Page 1:
A brief summary of the health care issue/topic (wait time, medication errors, etc.)
Number and access of source to sample and population
Limitations of the survey (parameters)
Time line for completion of survey
Page 2: Survey Questions
Survey questions: Limit the questions to 10
Page 3: Compilation of Data
Time line for assessment and evaluation of data
Challenges faced during this process
Page 4: Results and Conclusions
Results of study
Conclusions and potential value of the findings
Reference page
Deliverable Length
4–5 pages
Title and reference pages
.
"Your Communications Plan"
Description
A.
What is your challenge or opportunity?
The topic I would like to present is pitching an Project idea for some investor to invest in my Women’s Resources center.(Voices Of Women)
B.
.
Why is this professionally important to you?
Goal
A.
What goal or outcome do you want to achieve with this communication?
I.
Is it clear, concise, and actionable?
Audience
A.
Who is you target audience?
What are the professional positions of the audience?
I.
What demographic characteristics will the audience comprise?
II.
What is your relationship to the audience?
III.
What background knowledge and expertise does the audience have?
IV.
What does the audience know, feel about, and expect concerning this communication?
V.
What preconceptions or biases do you possess that might prevent you from building rapport with your audience?
B.
What information is available about your audience?
A.
b.
c.
I.
What research/sources will you use to obtain information about the audience?
II.
What conclusions have you been able to draw about the audience?
C.
What tone will you
"Your Communications Plan"
Description
A.
What is your challenge or opportunity?
The topic I would like to present is pitching an Project idea for some investor to invest in my Women’s Resources center.(Voices Of Women)
B.
.
Why is this professionally important to you?
Goal
A.
What goal or outcome do you want to achieve with this communication?
I.
Is it clear, concise, and actionable?
Audience
A.
Who is you target audience?
What are the professional positions of the audience?
I.
What demographic characteristics will the audience comprise?
II.
What is your relationship to the audience?
III.
What background knowledge and expertise does the audience have?
IV.
What does the audience know, feel about, and expect concerning this communication?
V.
What preconceptions or biases do you possess that might prevent you from building rapport with your audience?
B.
What information is available about your audience?
A.
b.
c.
I.
What research/sources will you use to obtain information about the audience?
II.
What conclusions have you been able to draw about the audience?
C.
What tone will you use to convey your message?
I.
Is the setting casual or formal?
II.
Is the communication personal or impersonal?
Key Message
A.
What is the primary message you must convey to your audience?use to convey your message?
I.
Is the setting casual or formal?
II.
Is the communication personal or impersonal?
Key Message
A.
What is the primary message you must convey to your audience?
.
Your community includes people from diverse backgrounds. Answer .docxhyacinthshackley2629
Your community includes people from diverse backgrounds. Answer the following questions related to how culture affects nutrition.
1. How does your culture shape decisions that you make about nutrition? (Culture includes history, values, politics, economics, communication styles, beliefs, and practices.)
2. Describe at least 1 different cultures present at your community. How do these cultures impact food choices?
3. Describe how you interact with someone from another culture related to diet. Provide specific examples.
4. Assume that you are preparing a Thanks Giving dinner for a group of your classmates that represent a variety of cultures. Describe how you will prepare the menu and set the table. Include how you will address food safety at the picnic.
Explore ways to address the problem of food insecurity in your community.
1. What programs are available to meet the nutrition needs of individuals in the area?
2. What types of options exist in the area to purchase food?
3. What role do you believe society should take to ensure that individuals have access to adequate healthy food?
4. What do you see as your role in the community related to proper nutrition?
.
Your Communications Plan Please respond to the following.docxhyacinthshackley2629
"Your Communications Plan"
Please respond to the following:
Provide a brief overview of your Strategic Communications Plan. Include a short description for each of the following
in bullet point format
:
- The purpose of the communication
- Your goal
- Audience
- Key Message
- Supporting Points
- Channel Selection
- Action Request
Note:
Remember, feedback is a powerful and essential tool. Thoughtful, useful feedback is specific. It combines suggestions for improvement with the recognition of good ideas. When you offer feedback, you should contribute new ideas and new perspectives to help your peers learn and move forward.
.
Your Communication InvestigationFor your mission after reading y.docxhyacinthshackley2629
Your Communication Investigation
For your mission after reading your assignment, you are to take yourself and a notebook into your environment and observe human interaction for 15 minutes noting two persons and their interpersonal exchange(s) but don't join the conversation. This can be a place of your choosing but describe it in some (not complete) detail. Note significant features of the communication environment. Using terms from our textbook write down your observations.
Identify the elements from our Transactional model
Briefly describe the transactional nature of the communication of the persons you are observing. Do you see attempts at ‘communicare’ of "making something common"? What is it that you saw that led you to this conclusion? Sender? Receiver? Message?
Report back to us
Describe the communication behavior you observed in a brief but specific report. What got your attention? Why? What elements of the transactional communication model did you see as you were observing their behavior? What about your 'decoding' of the scene? Do you think you had any personal 'noise' or bias that may have affected how you saw or interpreted the scene?
Post your report to the Discussion Board and then read all of the posts
Post your replies to two classmates and using your skills in perception take a position of empathy
.
Explain how you perceive the scene your classmate reports and take a perspective demonstrating empathy as defined in our textbook in chapter 2 (page 52) putting yourself in the place of either or both persons your classmate observed. What you can learn from the description of the scene reported by your classmate and you considering Empathy, Perception, and observed Communication. More through reports and replies will receive higher scores.
.
Your Communications PlanFirst step Choose a topic. Revi.docxhyacinthshackley2629
"Your Communications Plan"
First step: Choose a topic. Review the Communication Challenge Topics and choose one that is relevant and interesting to you. Make sure to review the examples and anecdotes that follow each topic in this document. You can also find this information under the Course Info tab.
Second step: Review the Strategic Communication Plan example. Your plan should mirror this example in format and length. You can also find this example under the Course Info tab.
Third step: In this discussion, please respond to the following:
Part 1: What is your topic?
Part 2: Provide a rough draft of your Strategic Communications Plan for peer review and instructor feedback. Your draft should include enough detail that we can provide strong constructive feedback and input.
COM510 ASSIGNMENT COMMUNICATION CHALLENGE TOPICS
In the world of business, we can create opportunities through strategic communication. Throughout our professional careers, there are key events that raise the stakes of our communications approach.
WHAT YOU’LL DO
1) Review the Communication Challenge Topics and their accompanying case study examples.
2) Select 1 topic that is professionally relevant for you.
3) Use for your COM510 assignments (the topic you have selected, not the case study example).
Note: If there is another challenge or current opportunity in your professional life that is more relevant for you, you may choose a topic that is not on this list. Keep in mind that the communication challenge you select must in- clude both written and verbal communication elements to meet the needs of this course. (Your professor must approve your selection before you proceed.)
1
Examples of each scenario are provided to demonstrate what thoughtful, professional communication would look like in each of these situations. These are only examples and should not be used for completing the assignment. You can create and establish all necessary assumptions. The scenario is yours to explain.
COMMUNICATION CHALLENGE TOPICS
Choose one of the following topics for your assignments.
• Internal Promotion Opportunity
• New Job Opportunity Interview
• Running a Meeting
• Coaching Your Direct Employees
• Pitching a Project Idea
INTERNAL PROMOTION
Seeking a promotion from within your company is one opportunity in which strategic communication could mean the difference be- tween success and failure. If you choose this scenario, you’ll need to create both a written and a verbal (audio or video) communica- tion. These elements should explain why you are the right person for the internal promotion while addressing potential questions you might need to answer as part of the process.
Things to Consider
• Have you checked the listings on your company’s job board lately?
• Is there a new position you would like to secure?
• Have you taken on more responsibility at work?
• Have your outcomes been positive?
• Do your job title and job description match what you do? .
Your coffee franchise cleared for business in both countries (Mexico.docxhyacinthshackley2629
Your coffee franchise cleared for business in both countries (Mexico, and China). You now have to develop your global franchise team and start construction of your restaurants. . You invite all of the players to the headquarters in the United States for a big meeting to explain the project and get to know one another since they represent the global division of your company.
You are concerned with the following two issues. Substantively address each in a two-part paper, applying Beyond the Book, MUSE, Intellipath and library resources to support your reasoning
Part 1: Effective communication with participants
What are the implications of the cultural variables for your communication with the team representative from each country in the face to face meeting?
Address Hall’s high and low context regarding verbal and non-verbal communication. The United States is a low context culture, while each country is high context.
Tip: Write at least one substantive paragraph for each country
Video on Hall's high and Low Context Communication
Part 2: Effective communication among participants
What are examples of barriers and biases in cross-cultural business communications that may impact the effectiveness of communication among the meeting participants and in potential negotiations?
What are some of the issues you should be concerned about regarding verbal and nonverbal communication for this group to avoid misinterpretations and barriers to communication?
Please submit your assignment.
.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
1. 11/1/2015
search.proquest.com/criminaljusticeperiodicals/printviewfile?ac
countid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewf
ile?accountid=33337 1/8
Abstract
Full Text
Back to previous page
document 1 of 1
Tracking the CybercrimeTrail
Sartin, Bryan. Security Management 48.9 (Sep 2004): 95-100.
Private cybercrime investigators and law enforcement can colla
borate to both protect the bottom line and
stem crime. In the case discussed, several credit card associatio
ns and major credit card issuers began to
notice increasing instances of fraud over a three-or four-month s
tretch. By looking at the patterns and types
of fraud and tying that information back to common points, they
believed they had identified one company as
the source of the fraud. They contacted the company and asked t
hem to cooperate with forensic examiners
from Ubizen who would be sent to their site to investigate the p
ossibility that a security breach had occurred
within their production network environment. The primary objec
tive of the forensic investigations was to
2. determine the source and full extent of the breach. If sufficient
evidence was found to prove that a crime had
been committed, another objective would be to assist law enforc
ement in gathering additional evidence for
prosecution. The team conducted an in-depth analysis of the fra
ud patterns and found that the fraud resulted
from duplicated credit cards used in card-present transactions.
Headnote
In addition to knowing how to follow the bits of evidence, foren
sic detectives must know how to work with law
enforcement.
IN SPRING OF 2003, several credit card associations and major
credit card issuers began to notice increasing
instances of fraud over a three-or four-month stretch. By lookin
g at the patterns and types of fraud and tying
that information back to common points, they believed they had
identified one company (we'll call them
Company A) as the source of the fraud. While the patterns of ev
idence pointed to Company A, it was still too
circumstantial to call in law enforcement. Hard evidence was ne
eded. So the associations and credit card
issuers joined forces and contacted Ubizen (the author's compan
y), which conducts cybercrime investigations.
They also contacted Company A and asked them to cooperate wi
th forensic examiners from Ubizen who would
be sent to their site to investigate the possibility that a security
breach had occurred within their production
network environment. Company A officials said that they were
not aware of any security breach, but they
agreed to work with the investigators.
Company A is a software company that provides electronic pay
ment software to numerous retail outlets,
including restaurants, retail stores, and Internet companies. Co
3. mpany A's core business is its payment
gateway service that processes credit card and check transaction
s. While the majority of Company A's
transactions come from the Internet, wireless transactions are al
so common. The two different types of
transactions are routed through two separate payment gateways,
and together they often account for more
than 200,000 electronic payment transactions daily.
http://search.proquest.com/criminaljusticeperiodicals/docview/2
31156268/fulltext/D2C9D238C81542FBPQ/1?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals?accountid
=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/au/Sartin,+Bryan/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/pubidlink
handler/sng/pubtitle/Security+Management/$N/7251/PrintViewF
ile/231156268/$B/BC64AD188A9E4444PQ/1?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingv
olumeissuelinkhandler/7251/Security+Management/02004Y09Y
01$23Sep+2004$3b++Vol.+48+$289$29/48/9?accountid=33337
11/1/2015
search.proquest.com/criminaljusticeperiodicals/printviewfile?ac
countid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewf
ile?accountid=33337 2/8
The primary objective of the forensic investigations "was to det
ermine the source and full extent of the
breach. If sufficient evidence was found to prove that a crime h
ad been committed, another objective would
be to assist law enforcement in gathering additional evidence fo
r prosecution.
4. Discovery. Before arriving at the company's site, the forensic te
am conducted an exhaustive discovery
process. This advance work would enable the forensic team to h
it the ground running when they went on to
the company site.
Stolen data. The team conducted an in-depth analysis of the frau
d patterns and found that the fraud resulted
from duplicated credit cards used in "card-present transactions."
These are seenarios where legitimate
account numbers are fraudulently reproduced on unauthorized d
uplicate cards and used by criminals to
purchase goods or services in person, often using matching falsi
fied information.
For a criminal to duplicate a credit card with account informatio
n that will pass muster, he or she must have
gotten access to the data contained in the magnetic stripe on the
back of a card. A credit card magnetic stripe
contains two separate tracks of information. Track 1 data contai
ns information printed on the card, such as
the cardholder's name, but this data is not a component of the tr
ansaction authorization-it merely verifies
that the name on the card has not been changed. Track 2 contain
s more sensitive information, including the
CVV code (the card verification value, a number string that is p
rinted, not embossed, on a card), which helps
verify that a transaction is authorized.
Sophisticated fraud could be perpetrated by skimming this infor
mation from individual cards. But the fraud
pattern in this case made it likely that theft of data in large batc
hes had occurred. In fact, the investigation
revealed that full mag-stripe information had been taken from C
ompany A's network.
5. Because mag-stripe information allows criminals to duplicate a
credit card, the payment service industry
stipulates that this type of information not be stored subsequent
to authorization. The finding of theft at
Company A raised questions about whether the mag-stripe infor
mation was being handled properly, according
to the payment service industry's commonly accepted security st
andards. The fact that mag-stripe
information was involved in this breach meant that the informati
on was likely stored despite the standard
against doing so.
Investigators needed to locate where on the customer's network
this type of information resided. They could
then identify the most likely avenues of intrusion through the ne
twork.
Lay of the land. To accomplish this, the forensic experts studied
diagrams to learn the layout of Company A's
computer network and determine whether it was vulnerable and
which parts of the network were most likely
to be exposed if a hacker had been able to penetrate the system.
Frequently, the most likely targets are
Internet-visible systems, such as Web servers and FTP servers,
or weakly configured wireless network access
points. The team found that, indeed, Company A's network -was
not sufficiently hardened against an attack,
making it likely that hackers could have penetrated the system a
nd stolen the account information.
FBI assistance. Given these findings, the forensic team recogniz
ed that it was time for law enforcement to be
brought into the process. This was a point sometimes overlooke
d by private firms: It was vital that the
appropriate government agents be on the scene to help in the ass
6. embling of evidence that could lead to the
capture and eventual prosecution of the attacker. In this case, be
cause of the nature of the crime and the
magnitude of the fraud, FBI agents were contacted.
In early June, FBI agents from the Atlanta field office -were the
first to visit the site, although they were soon
replaced by agents from the Chicago field office, who had much
more extensive experience investigating
cybercrimes. These agents had in fact worked with Ubizen inves
tigators on previous investigations. Ubizen s
11/1/2015
search.proquest.com/criminaljusticeperiodicals/printviewfile?ac
countid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewf
ile?accountid=33337 3/8
forensic experts also visited the FBI field office to hold discussi
ons over the specifics of the investigation, such
as what forensic tools would be used to ensure the integrity of a
ny data taken and how chain of custody
would be maintained.
At the scene with the FBI agents, Ubizeris investigators began d
ata collection; they first collected mirror
images of Company A's payment gateway, which they shared wi
th the FBI investigators. Together the two
teams then interviewed Company A's staff for additional inform
ation on how the breach could have occurred,
determining, for example, who in the organization had access to
particular servers. Track 2 information had
been compromised, so it was important to understand where in t
7. he network such data sat, which would
indicate to the team what systems must have been touched by th
e attacker. This information could also help
answer other questions, such as whether it could have been an i
nside job or whether the Internet was the
avenue of attack.
After interviewing the staff and examining the organizations net
work diagram, several systems were identified
that seemed likely avenues of attack based on their proximity to
the Internet and lack of suitable security
controls. The team investigated several servers where they susp
ected a significant point of exposure and
found on one of the systems a number of files that had not been
installed by Company A's administrators.
These files included keystroke loggers and a common backdoor
program called HackerDefender. This made it
clear that the system had indeed been compromised, leading the
team to rule out an inside job.
Footprints. FBI agents and the Ubizen team looked at files and a
udit logs to find the hacker's footprint and
attack signature-that is, how the hacker broke in and what the h
acker did once he or she had access. Without
more in-depth analysis it would be impossible to determine how
the intruder was first able to gain access to
the systems.
However, based on the immediately visible footprint left behind
by the intruder, it became clear that the
server had become the staging point through which the intruder
could continually gain access into other
components of Company A's production network environment.
Once the intruder had gained a foothold into
the environment from the outside, he or she placed hacking tool
s and utilities within the systems, effectively
8. exploiting the breach.
Live prey. When tracing the hacker's steps, the investigators loo
ked closely at dates and time stamps to
determine when the hacker last penetrated the company's networ
k. They found files created by the hacker
the day before the investigation began, proving that there was a
n ongoing breach, an important development
since it could help the investigators to catch the attacker in the
act.
Sewing up the breaches. The team first needed to repair the brea
ch. Since the incidents of fraud associated
with Company A were rapidly escalating-as many as hundreds p
er day-it was imperative to immediately lock
out the hacker's access to private information.
The team began by purging from the organization's systems sens
itive cardholder data that, under industry
standards, should never have been stored on the systems. With t
hat data removed, the exposure created by
any future unauthorized access would be much less severe.
The team also took several of Company A's servers offline, repl
acing many of the compromised systems. They
then enabled and configured logging and auditing functions to e
nsure that if unauthorized access were
attempted again, the organization would be able to detect and re
spond to the unwanted activity.
All of the information collected on site was preserved, includin
g hard drives from the compromised systems
and logs from the intrusion detection system, the firewall, and t
he routers. The information was shipped back
to Ubizeris labs for in-depth analysis and preservation for evide
ntiary purposes.
9. 11/1/2015
search.proquest.com/criminaljusticeperiodicals/printviewfile?ac
countid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewf
ile?accountid=33337 4/8
A number of different open-source tools were used to identify a
nd salvage any other traces left behind by the
intruder that might shed more light on the timeline of the attack
or other systems that might be involved.
The tools used included both Ubizen-proprietary and over-the-c
ounter forensic tools such as Encase. Because
these tools had been tested extensively in court, the FBI team co
uld be sure that any evidence (such as
copies of drives) provided by Ubizen would be admissible.
Setting the trap. With the loss of data stanched, investigators we
re ready to catch the hacker in the act. To
accomplish this, the Ubizen team and the FBI set a trap with thr
ee components.
The first part was a packet sniffer, a laptop with a software prog
ram called EtherPeek that would watch traffic
in and out of the affected servers. It allowed investigators to mo
nitor any data the hacker was sending, such
as individual keystrokes, the machines the intruder was attempti
ng to access, and how he or she was
attempting to do so. Also, the sniffer would capture firsthand ev
idence of files removed from the network that
would, under normal circumstances, contain sensitive informati
on or data that could be used for fraud.
10. Next, the files on those servers were loaded with dummy credit-
card information to prevent additional fraud
from occurring and to keep the hacker unaware that he or she ha
d been noticed. The third part of the trap
was the use of Tripwire, a program that monitors the integrity o
f files, which was configured to set off an
alarm the moment any of the date and time-stamps of the files u
nder observation were changed. That would
allow the investigators to know exactly when the attacker hit so
that they could catch the intruder in the act.
Underlying the trap was the fact that the investigators had deter
mined precisely how the hacker would
attack. The investigation had shown the particular backdoor the
attacker was using and what port would be
used in the compromise. But with a huge amount of traffic flowi
ng back and forth across the network (this
company also conducts e-commerce business), waiting for a Tri
pwire alarm was not necessarily going to allow
the investigators to see the compromise as it happened. So, a Ub
izen technician worked with the FBI's
Quantico-based Data Analysis Team to create a signature that th
ey could look for on the sniffer to see exactly
when and where the hacker was attacking.
Hooked. The trap worked perfectly. When the hacker snuck in t
o begin copying what looked like credit-card
information that Company A had backed up, he fell right into th
e ambush and was caught red handed. From
this point, FBI agents took the evidence collected by the Ubizen
and FBI teams and began the hunt for the
suspect.
They contacted a law enforcement computer-crime liaison group
in the Eastern European country where it
was determined that the hacker was located. Ultimately, the hac
11. ker-a college-age male-was arrested and
extradited, and the evidence gathered against him will be used
when the case comes to trial.
Aftermath. While Company A breathed a sigh of relief when the
hacker was caught, the work of the Ubizen
investigative team wasn't over yet. Their mission was not only t
o help identify the hacker but also to
determine the full extent of the breach and figure out precisely
how many credit cards had been
compromised, and when.
Targets. The complete analysis showed that there were in fact se
veral intruders who took advantage of the
backdoor the original hacker left, and they seemed to be unawar
e of each other's presence. Altogether these
attackers maintained some level of access into Company A for
more than six months, two months longer than
the previously recognized fraud dates. The team was also able t
o identify other machines on the network that
had been compromised. These included the organizations two da
tabase servers, the mail server, two file and
print servers, and each of the Internet-visible systems.
Recommendations. The final step was to provide recommendatio
ns to Company A on how to bolster its
11/1/2015
search.proquest.com/criminaljusticeperiodicals/printviewfile?ac
countid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewf
ile?accountid=33337 5/8
12. security against future attacks. These included the obvious sugg
estion of adapting to industry best practices.
MasterCard and VISA have led the industry in establishing guid
elines to secure customer credit card data.
MasterCard's Site Data Protection Service (SDP) and Visas Card
holder Information Security Program (CISP) are
industry mandates with serious financial penalties for noncompl
iance. These programs define a standard of
due care for deploying security compliance programs, ensuring t
hat online merchants and payment service
providers are adequately protected against hacker intrusions and
account data compromises. The investigative
team determined that Company A was far from fulfilling these r
equirements and outlined exactly what
measures the company needed to take to be fully compliant.
A key suggestion was for Company A to conduct regular vulner
ability scanning internally or to outsource the
scans to an expert. This inexpensive automated process proactiv
ely identifies vulnerabilities to find out if and
where a computer system can be exploited or is vulnerable.
Finally, the team provided a set of recommendations above and
beyond the established credit card industry
standards. The team advised Company A to either add an interna
l IT team dedicated solely to security or to
consider outsourcing key elements of its security program to a
managed security services provider. The
amount of data generated by security devices is overwhelming,
and it can only be properly monitored by a
dedicated team whose sole function is to oversee the network da
ta.
Since the attackers had access to stored credit card data, the tea
m also urged Company A not to retain credit
13. card data longer than needed. As this case made clear, storing th
is type of sensitive information opens up a
high risk of exposure.
This case illustrates how private cybercrime investigators and la
w enforcement can collaborate to both protect
the bottom line and stem crime. That's good news for long-belea
guered online businesses, and bad news for
online fraudsters.
Sidebar
Forensic detectives can often quickly identify the most likely ta
rgets of a hacker attack on a given network.
Sidebar
Two Teams are Better Than One
Cybercrime investigations are Often initiated by the victimized
company not through a call to the police, but
through a call to a private firm that specializes in computer fore
nsics examinations. These private-sector
teams will then call law enforcement into the process as soon as
they confirm that illegal activity is occurring.
Cooperation between law enforcement and private-sector investi
gators is still a fairly new idea, however.
Several years ago, when the author's company first started cond
ucting forensics investigations, it was often
met with distrust by both their private sector clients, who feared
bad publicity or losing control of company
data, and law enforcement agents, who were reluctant to share i
nformation with third-party vendors.
However, this reluctance is diminishing as law enforcement bec
omes more accustomed to working with third-
party cyberforensics experts and as clients see that the process c
an work. Companies like Ubizen work under
14. strict conditions and with detailed nondisclosure agreements, w
hich protects clients and helps allay fears.
Although they need to work together, it is important to understa
nd that ultimately the two groups of
investigators have different goals. The private-sector team has t
he ultimate goal of understanding the full
extent of the compromise and helping the client find and close t
he vulnerability that led to the breach-in other
words, to protect its reputation and profits. Law enforcement is
focused on the illegal activity and in collecting
any evidence that will lead to the attacker and help in a prosecut
ion.
11/1/2015
search.proquest.com/criminaljusticeperiodicals/printviewfile?ac
countid=33337
http://search.proquest.com/criminaljusticeperiodicals/printviewf
ile?accountid=33337 6/8
Details
Subject Credit card fraud;
Forensic sciences;
Network security;
Investigations;
Case studies
Location United States, US
Name: Ubizen NV
NAICS: 514191
15. Company /
organization
Classification 9190: United States
5140: Security management
5250: Telecommunications systems & Internet communications
9110: Company specific
8331: Internet services industry
Title Tracking the CybercrimeTrail
Author Sartin, Bryan
Publication title Security Management
Volume 48
Issue 9
The two groups also work differently due to the nature of their r
esponsibilities. A private forensic firm is doing
paid work for a client and will devote a team to getting the work
done in a short time frame. For example, this
case took Ubizen two days on site and another two weeks to co
mplete the analysis and write a report. By
contrast, law enforcement agents typically are juggling multiple
cases or responsibilities and may take longer
to complete an investigation or may have difficulty devoting suf
ficient resources to a specific case.
While the goals are different, the groundwork serves both object
ives. For that reason, the analysis completed
by the private-sector team is often useful to law enforcement, sa
ving them time and giving them a head start
in understanding all the technical details of an investigation so t
hat they can make a case for protection.
16. AuthorAffiliation
Bryan Sartin is director of technology for Ubizen, where he is r
esponsible for all customer-facing issues
regarding the technology of its managed security solution offeri
ngs.
Copyright American Society for Industrial Security Sep 2004
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/subject/Credit+card+fraud/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/subject/Forensic+sciences/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/subject/Network+security/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/subject/Investigations/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/subject/Case+studies/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/loc/United+States/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/loc/US/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/org/Ubizen+NV/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/naics/514191/$N?accountid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/cc/9190:+United+States/Keyword?accountid=333
37
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/cc/5140:+Security+management/Keyword?accoun
tid=33337
http://search.proquest.com/criminaljusticeperiodicals/indexingli
nkhandler/sng/cc/5250:+Telecommunications+systems+$26+Int
ernet+communications/Keyword?accountid=33337