C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
“While computer security technologies will be useful for network systems, the reality
tells us that this conventional approach is not effective enough for the complex, large-scale
national infrastructure.
“Not only does the author provide comprehensive methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which
attempts to use secrecy to provide security.”
— Byeong Gi Lee ,
President, IEEE Communications Society, and
Commissioner of the Korea Communications Commission (KCC)
C y b e r A t t a c k s
Protecting National
Infrastructure
Edward G. Amoroso
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Butterworth-Heinemann is an imprint of Elsevier
Acquiring Editor: Pam Chester
Development Editor: Gregory Chalson .
Cyber At tacks
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
“While computer security technologies will be useful for network systems, the reality
tells us that this conventional approach is not effective enough for the complex, large-scale
national infrastructure.
“Not only does the author provide comprehensive methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which
attempts to use secrecy to provide security.”
— Byeong Gi Lee ,
President, IEEE Communications Society, and
Commissioner of the Korea Communications Commission (KCC)
Cyber At tacks
Protecting National
Infrastructure
Edward G. Amoroso
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Butterworth-Heinemann is an imprint of Elsevier
Acquiring Editor: Pam Chester
Development Editor: Gregory Chalson
Project Manage.
Gannon UniversityDepartment of Mechanical EngineeringDecision .docxshericehewat
Gannon University
Department of Mechanical Engineering
Decision Making Under Uncertainty, GENG 623
Problem # 10
In your own words, explain six sigma (6 ) process in detail including DMAIC & DFSS. Find five big and famous corporations that use six sigma process to reduce the variation in every process. Explain how this process was used to help them reduce variation. Present your report with at least one example for each corporation. Submit all internet material with URL listed at the bottom of the page.
Cyber At tacks
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
“While computer security technologies will be useful for network systems, the reality
tells us that this conventional approach is not effective enough for the complex, large-scale
national infrastructure.
“Not only does the author provide comprehensive methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which
attempts to u ...
Feedback Assignment Set 4Great job on this assignment. I know yo.docxmglenn3
Feedback Assignment Set 4
Great job on this assignment. I know you know how to do WACC. I am not sure if you rushed on th second answer or if it was a typo but you did give an incorrect answer.
30 (30%)
Points Range:27 (27%) - 30 (30%)
Thoroughly calculated Bad Boys, Inc.'s cost of capital.
Feedback:
Great job showing your work and getting correct answer.
23.7 (23.7%)
Points Range:21 (21%) - 23.7 (23.7%)
Partially calculated Bad Boys, Inc.'s cost of capital.
Feedback:
In this section you provided the wrong answer.
30 (30%)
Points Range:27 (27%) - 30 (30%)
Thoroughly identified two corporations that have dealt with cannibalization and what steps were taken to overcome cannibalization. Thoroughly provided citations and references.
Feedback:
Great job explaining cannibalization and giving examples.
10 (10%)
Points Range:9 (9%) - 10 (10%)
0-2 errors present
Feedback:
no errors detected.
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
.
Week 2 Assignment 2: Presentation Topics
Submit Assignment
· Due Sunday by 4pm
· Points 15
· Submitting a file upload
Required Resources
Read/review the following resources for this activity:
· Textbook: Chapter 4
· Lesson
· Minimum of 3 scholarly sources (in addition to the textbook)
Instructions
For this assignment, address the following:
· Topics: Review the table of contents in the textbook.
· Choose a communication skill that you believe you need to improve. This skill can also be your CCC 1E statement (from Week 1).
· Put together a numbered list of at least 6 communication presentation topics you might have an interest in researching and developing for the Week 6 Assignment: Presentation. This must be about communication.
· Rank the topics with your strongest choice at the top of the list and the others in descending order.
· Sources: Using your first-topic choice, do the following:
· Write a paragraph about why you choose this topic.
· List 3 APA formatted references (on a references page) that would be suitable as research sources to support a presentation. These should be in addition to your textbook and not come from the open Web (e.g., a Google search, a blog, or Wikipedia). The best place to look is the Chamberlain University Library.
Your professor will approve or deny your topic, so make sure that you review his/her comments in the gradebook.
Writing Requirements (APA format)
· Length: 0.5-1 page (not including references page)
· 1-inch margins
· Double spaced
· 12-point Times New Roman font
· References page (minimum of 3 scholarly sources)
Grading
This activity will be graded based on the W2 Presentation Topics Grading Rubric.
Course Outcomes (CO): 3
Due Date: By 4 p.m. EST on Sunday
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellen ...
Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures — and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities.
@author Jane Programmer @cwid 123 45 678 @class.docxShiraPrater50
/**
* @author Jane Programmer
* @cwid 123 45 678
* @class COSC 2336, Spring 2019
* @ide Visual Studio Community 2017
* @date April 8, 2019
* @assg Assignment 12
*
* @description Assignment 12 Binary Search Trees
*/
#include <cassert>
#include <iostream>
#include "BinaryTree.hpp"
using namespace std;
/** main
* The main entry point for this program. Execution of this program
* will begin with this main function.
*
* @param argc The command line argument count which is the number of
* command line arguments provided by user when they started
* the program.
* @param argv The command line arguments, an array of character
* arrays.
*
* @returns An int value indicating program exit status. Usually 0
* is returned to indicate normal exit and a non-zero value
* is returned to indicate an error condition.
*/
int main(int argc, char** argv)
{
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree construction ----------------" << endl;
BinaryTree t;
cout << "<constructor> Size of new empty tree: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 0);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree insertion -------------------" << endl;
t.insert(10);
cout << "<insert> Inserted into empty tree, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 1);
t.insert(3);
t.insert(7);
t.insert(12);
t.insert(15);
t.insert(2);
cout << "<insert> inserted 5 more items, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 6);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree height -------------------" << endl;
//cout << "<height> Current tree height: " << t.height() << endl;
//assert(t.height() == 3);
// increase height by 2
//t.insert(4);
//t.insert(5);
//cout << "<height> after inserting nodes, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.height() == 5);
//assert(t.size() == 8);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree clear -------------------" << endl;
//t.clear();
//cout << "<clear> after clearing tree, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.size() == 0);
//assert(t.height() == 0);
cout << endl;
// return 0 to indicate successful completion
return 0;
}
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smalle ...
@author Jane Programmer @cwid 123 45 678 @classtroutmanboris
/**
* @author Jane Programmer
* @cwid 123 45 678
* @class COSC 2336, Spring 2019
* @ide Visual Studio Community 2017
* @date April 8, 2019
* @assg Assignment 12
*
* @description Assignment 12 Binary Search Trees
*/
#include <cassert>
#include <iostream>
#include "BinaryTree.hpp"
using namespace std;
/** main
* The main entry point for this program. Execution of this program
* will begin with this main function.
*
* @param argc The command line argument count which is the number of
* command line arguments provided by user when they started
* the program.
* @param argv The command line arguments, an array of character
* arrays.
*
* @returns An int value indicating program exit status. Usually 0
* is returned to indicate normal exit and a non-zero value
* is returned to indicate an error condition.
*/
int main(int argc, char** argv)
{
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree construction ----------------" << endl;
BinaryTree t;
cout << "<constructor> Size of new empty tree: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 0);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree insertion -------------------" << endl;
t.insert(10);
cout << "<insert> Inserted into empty tree, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 1);
t.insert(3);
t.insert(7);
t.insert(12);
t.insert(15);
t.insert(2);
cout << "<insert> inserted 5 more items, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 6);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree height -------------------" << endl;
//cout << "<height> Current tree height: " << t.height() << endl;
//assert(t.height() == 3);
// increase height by 2
//t.insert(4);
//t.insert(5);
//cout << "<height> after inserting nodes, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.height() == 5);
//assert(t.size() == 8);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree clear -------------------" << endl;
//t.clear();
//cout << "<clear> after clearing tree, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.size() == 0);
//assert(t.height() == 0);
cout << endl;
// return 0 to indicate successful completion
return 0;
}
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smalle ...
Cyber At tacks
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
“While computer security technologies will be useful for network systems, the reality
tells us that this conventional approach is not effective enough for the complex, large-scale
national infrastructure.
“Not only does the author provide comprehensive methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which
attempts to use secrecy to provide security.”
— Byeong Gi Lee ,
President, IEEE Communications Society, and
Commissioner of the Korea Communications Commission (KCC)
Cyber At tacks
Protecting National
Infrastructure
Edward G. Amoroso
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Butterworth-Heinemann is an imprint of Elsevier
Acquiring Editor: Pam Chester
Development Editor: Gregory Chalson
Project Manage.
Gannon UniversityDepartment of Mechanical EngineeringDecision .docxshericehewat
Gannon University
Department of Mechanical Engineering
Decision Making Under Uncertainty, GENG 623
Problem # 10
In your own words, explain six sigma (6 ) process in detail including DMAIC & DFSS. Find five big and famous corporations that use six sigma process to reduce the variation in every process. Explain how this process was used to help them reduce variation. Present your report with at least one example for each corporation. Submit all internet material with URL listed at the bottom of the page.
Cyber At tacks
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
“While computer security technologies will be useful for network systems, the reality
tells us that this conventional approach is not effective enough for the complex, large-scale
national infrastructure.
“Not only does the author provide comprehensive methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which
attempts to u ...
Feedback Assignment Set 4Great job on this assignment. I know yo.docxmglenn3
Feedback Assignment Set 4
Great job on this assignment. I know you know how to do WACC. I am not sure if you rushed on th second answer or if it was a typo but you did give an incorrect answer.
30 (30%)
Points Range:27 (27%) - 30 (30%)
Thoroughly calculated Bad Boys, Inc.'s cost of capital.
Feedback:
Great job showing your work and getting correct answer.
23.7 (23.7%)
Points Range:21 (21%) - 23.7 (23.7%)
Partially calculated Bad Boys, Inc.'s cost of capital.
Feedback:
In this section you provided the wrong answer.
30 (30%)
Points Range:27 (27%) - 30 (30%)
Thoroughly identified two corporations that have dealt with cannibalization and what steps were taken to overcome cannibalization. Thoroughly provided citations and references.
Feedback:
Great job explaining cannibalization and giving examples.
10 (10%)
Points Range:9 (9%) - 10 (10%)
0-2 errors present
Feedback:
no errors detected.
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellent guide
to the understanding of the cyber-scape that the security professional navigates. The book
takes complex concepts of security and simplifi es it into coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of threats by botnets suggests that
this cyber security issue has become a serious problem, and we are losing the war against
these attacks.
.
Week 2 Assignment 2: Presentation Topics
Submit Assignment
· Due Sunday by 4pm
· Points 15
· Submitting a file upload
Required Resources
Read/review the following resources for this activity:
· Textbook: Chapter 4
· Lesson
· Minimum of 3 scholarly sources (in addition to the textbook)
Instructions
For this assignment, address the following:
· Topics: Review the table of contents in the textbook.
· Choose a communication skill that you believe you need to improve. This skill can also be your CCC 1E statement (from Week 1).
· Put together a numbered list of at least 6 communication presentation topics you might have an interest in researching and developing for the Week 6 Assignment: Presentation. This must be about communication.
· Rank the topics with your strongest choice at the top of the list and the others in descending order.
· Sources: Using your first-topic choice, do the following:
· Write a paragraph about why you choose this topic.
· List 3 APA formatted references (on a references page) that would be suitable as research sources to support a presentation. These should be in addition to your textbook and not come from the open Web (e.g., a Google search, a blog, or Wikipedia). The best place to look is the Chamberlain University Library.
Your professor will approve or deny your topic, so make sure that you review his/her comments in the gradebook.
Writing Requirements (APA format)
· Length: 0.5-1 page (not including references page)
· 1-inch margins
· Double spaced
· 12-point Times New Roman font
· References page (minimum of 3 scholarly sources)
Grading
This activity will be graded based on the W2 Presentation Topics Grading Rubric.
Course Outcomes (CO): 3
Due Date: By 4 p.m. EST on Sunday
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smaller and less complex environments. He proposes a brand
new type of national infrastructure protection methodology and outlines a strategy presented
as a series of ten basic design and operations principles ranging from deception to response.
The bulk of the text covers each of these principles in technical detail. While several of these
principles would be daunting to implement and practice they provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This text is thought-provoking and
should be a ‘must read’ for anyone concerned with cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infra-
structure balanced against practices that reduce the exposures. This is an excellen ...
Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures — and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities.
@author Jane Programmer @cwid 123 45 678 @class.docxShiraPrater50
/**
* @author Jane Programmer
* @cwid 123 45 678
* @class COSC 2336, Spring 2019
* @ide Visual Studio Community 2017
* @date April 8, 2019
* @assg Assignment 12
*
* @description Assignment 12 Binary Search Trees
*/
#include <cassert>
#include <iostream>
#include "BinaryTree.hpp"
using namespace std;
/** main
* The main entry point for this program. Execution of this program
* will begin with this main function.
*
* @param argc The command line argument count which is the number of
* command line arguments provided by user when they started
* the program.
* @param argv The command line arguments, an array of character
* arrays.
*
* @returns An int value indicating program exit status. Usually 0
* is returned to indicate normal exit and a non-zero value
* is returned to indicate an error condition.
*/
int main(int argc, char** argv)
{
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree construction ----------------" << endl;
BinaryTree t;
cout << "<constructor> Size of new empty tree: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 0);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree insertion -------------------" << endl;
t.insert(10);
cout << "<insert> Inserted into empty tree, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 1);
t.insert(3);
t.insert(7);
t.insert(12);
t.insert(15);
t.insert(2);
cout << "<insert> inserted 5 more items, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 6);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree height -------------------" << endl;
//cout << "<height> Current tree height: " << t.height() << endl;
//assert(t.height() == 3);
// increase height by 2
//t.insert(4);
//t.insert(5);
//cout << "<height> after inserting nodes, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.height() == 5);
//assert(t.size() == 8);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree clear -------------------" << endl;
//t.clear();
//cout << "<clear> after clearing tree, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.size() == 0);
//assert(t.height() == 0);
cout << endl;
// return 0 to indicate successful completion
return 0;
}
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smalle ...
@author Jane Programmer @cwid 123 45 678 @classtroutmanboris
/**
* @author Jane Programmer
* @cwid 123 45 678
* @class COSC 2336, Spring 2019
* @ide Visual Studio Community 2017
* @date April 8, 2019
* @assg Assignment 12
*
* @description Assignment 12 Binary Search Trees
*/
#include <cassert>
#include <iostream>
#include "BinaryTree.hpp"
using namespace std;
/** main
* The main entry point for this program. Execution of this program
* will begin with this main function.
*
* @param argc The command line argument count which is the number of
* command line arguments provided by user when they started
* the program.
* @param argv The command line arguments, an array of character
* arrays.
*
* @returns An int value indicating program exit status. Usually 0
* is returned to indicate normal exit and a non-zero value
* is returned to indicate an error condition.
*/
int main(int argc, char** argv)
{
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree construction ----------------" << endl;
BinaryTree t;
cout << "<constructor> Size of new empty tree: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 0);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree insertion -------------------" << endl;
t.insert(10);
cout << "<insert> Inserted into empty tree, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 1);
t.insert(3);
t.insert(7);
t.insert(12);
t.insert(15);
t.insert(2);
cout << "<insert> inserted 5 more items, size: " << t.size() << endl;
cout << t << endl;
assert(t.size() == 6);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree height -------------------" << endl;
//cout << "<height> Current tree height: " << t.height() << endl;
//assert(t.height() == 3);
// increase height by 2
//t.insert(4);
//t.insert(5);
//cout << "<height> after inserting nodes, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.height() == 5);
//assert(t.size() == 8);
cout << endl;
// -----------------------------------------------------------------------
cout << "--------------- testing BinaryTree clear -------------------" << endl;
//t.clear();
//cout << "<clear> after clearing tree, height: " << t.height()
// << " size: " << t.size() << endl;
//cout << t << endl;
//assert(t.size() == 0);
//assert(t.height() == 0);
cout << endl;
// return 0 to indicate successful completion
return 0;
}
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber attack using security techniques
established to protect much smalle ...
Whenever you work with power tools or on electrical circuits there is a risk of electrical hazards, especially electrical shock. Anyone can be exposed to these hazards at home or at work. Workers are exposed to more hazards because job sites can be cluttered with
tools and materials, fast-paced, and open to the weather. Risk is also higher at work because many jobs involve electric power tools. Electrical trades workers must pay special attention to electrical hazards because they work on electrical circuits. Coming in contact with an electrical voltage can cause current to flow through the body,
resulting in electrical shock and burns. Serious injury or even death may occur. As a source of energy, electricity is used without much thought about the hazards it can cause. Because electricity is a familiar part of our lives, it often is not treated with enough caution. As a result, an average of one worker is electrocuted on the job every day of every year!
В докладе рассматриваются реформы сектора безопасности Украины, дается оценка работы различных институтов, выявлены пробелы, которые исключают возможность создания эффективной, действенной, прозрачной и подотчетной системы безопасности в Украине.
Cyber-Terrorism Finding a Common Starting Point By JeOllieShoresna
Cyber-Terrorism: Finding a Common Starting Point
By
Jeffrey Thomas Biller
B.A., March 1998, University of Washington
M.H.R., June 2004, University of Oklahoma
J.D., May 2007, University of Kansas
A Thesis submitted to
The Faculty of
The George Washington University Law School
in partial satisfaction of the requirements
for the degree of Master of Laws
May 20, 2012
Thesis directed by
Gregory E. Maggs
Professor of Law, Co-director, National Security and U.S. Foreign Relations Law
Program
All rights reserved
INFORMATION TO ALL USERS
The quality of this reproduction is dependent on the quality of the copy submitted.
In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
All rights reserved. This edition of the work is protected against
unauthorized copying under Title 17, United States Code.
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
UMI 1515265
Copyright 2012 by ProQuest LLC.
UMI Number: 1515265
ii
Acknowledgements
The author appreciates the generous support of the United States Air Force Jag Corps, for
the opportunity to study; Professor Gregory Maggs, for the excellent feedback and
guidance; and the author’s family, for the time and occasional solitude to complete this
paper.
iii
Disclaimer
Major Jeffrey T. Biller serves in the U.S. Air Force Judge Advocate General’s Corps.
This paper was submitted in partial satisfaction of the requirements for the degree of
Master of Laws in National Security and Foreign Relations at The George Washington
University Law School. The views expressed in this paper are solely those of the author
and do not reflect the official policy or position of the United States Air Force,
Department of Defense or U.S. Government.
iv
Abstract
Cyber-Terrorism: Finding a Common Starting Point
Attacks on computer systems for both criminal and political purposes are on the
rise in both the United States and around the world. Foreign terrorist organizations are
also developing information technology skills to advance their goals. Looking at the
convergence of these two phenomena, many prominent security experts in both
government and private industry have rung an alarm bell regarding the potential for acts
of cyber-terrorism. However, there is no precise definition of cyber-terrorism under
United States law or in practice among cyber-security academicians. The lack of a
common starting point is one of the reasons existing law fails to directly address cyber-
terrorism.
This paper furnishes a lexicon of cyber-related malicious activities and argues for a
common working definition of cyber-terrorism. This definition can be both incorporated
into current counter-terror legislation and used by government agencies to combat cyb ...
Cenet-- capability enabled networking: towards least-privileged networkingJithu Joseph
In today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender or not. The downside of this openness is that every host is vulnerable to an attack by any other host. We ob- serve that this unrestricted network access (network ambient authority) from compromised systems is also a main reason for data exfiltration attacks within corporate networks. We address this issue using the network version of capability based access control. We bring the idea of capabilities and capability-based access control to the domain of networking. CeNet provides policy driven, fine-grained network level access control enforced in the core of the network (and not at the end-hosts) thereby removing network ambient authority. Thus CeNet is able to limit the scope of spread of an attack from a compromised host to other hosts in the network. We built a capability-enabled SDN network where communication privileges of an endpoint are limited according to its function in the network. Network capabilities can be passed between hosts, thereby allowing a delegation-oriented security policy to be realized. We believe that this base functionality can pave the way for the realization of sophisticated security policies within an enterprise network. Further we built a policy manager that is able to realize Role-Based Access Control (RBAC) policy based network access control using capability operations. We also look at some of the results of formal analysis of capability propagation models in the context of networks.
BBA 3551, Information Systems Management 1 Course Lea.docxtarifarmarie
BBA 3551, Information Systems Management 1
Course Learning Outcomes for Unit II
Upon completion of this unit, students should be able to:
4. Explain how information systems can be used to gain and sustain competitive advantage.
4.1 Discuss how collaboration IS can provide competitive advantages for a specific organization.
4.2 Explain why collaboration IS are important from the organization’s perspective.
7. Summarize the requirements for successful collaboration in information systems management.
7.1 Discuss how collaboration tools can improve team communication.
7.2 Identify the tools that will help create a successful collaboration IS.
Course/Unit
Learning Outcomes
Learning Activity
4.1
Unit Lesson
Chapter 2
Chapter 3
Unit II PowerPoint Presentation
4.2
Unit Lesson
Chapter 2
Chapter 3
Unit II PowerPoint Presentation
7.1
Unit Lesson
Chapter 2
Unit II PowerPoint Presentation
7.2
Unit Lesson
Chapter 2
Unit II PowerPoint Presentation
Reading Assignment
Chapter 2: Collaboration Information Systems
Chapter 3: Strategy and Information Systems, Q3-1 – Q3-8
Unit Lesson
Chapter 2 investigates ways that information systems (IS) can support collaboration. It defines collaboration
and discusses collaborative activities and criteria for successful collaboration. It also discusses the kind of
work that collaborative teams do, requirements for collaborative IS, and important collaborative tools for
improving communicating content. The chapter ends with a discussion of collaboration in 2024.
Collaboration and Cooperation
Cooperation occurs when people work together toward a common goal. For example, in teamwork, each
team member is given a task to complete such as a project component. Collaboration occurs when people,
together or remotely, work together toward a common goal (Kroenke & Boyle, 2017). For example, a team
member in California and a team member in Texas might meet using Skype to discuss ideas for a project.
Figure 1 below illustrates collaboration in a team environment. In this illustration, the project manager is
responsible for collaborating with team members who are in different departments. For example, the project
manager may assign a project administrator who will document the various stages of project development,
UNIT II STUDY GUIDE
Collaboration Information Systems and
Strategy and Information Systems
BBA 3551, Information Systems Management 2
UNIT x STUDY GUIDE
Title
assign a person from software development to develop the software application, and assign a person from
operations to set up a testing environment. Each of these team members would work with the project
manager and with each other throughout the project; however, the project manager would be the main point
of contact.
Feedback and iteration are involved so that the
results of the collaborative effort are greater
than could be produced by any of the
individuals .
Whenever you work with power tools or on electrical circuits there is a risk of electrical hazards, especially electrical shock. Anyone can be exposed to these hazards at home or at work. Workers are exposed to more hazards because job sites can be cluttered with
tools and materials, fast-paced, and open to the weather. Risk is also higher at work because many jobs involve electric power tools. Electrical trades workers must pay special attention to electrical hazards because they work on electrical circuits. Coming in contact with an electrical voltage can cause current to flow through the body,
resulting in electrical shock and burns. Serious injury or even death may occur. As a source of energy, electricity is used without much thought about the hazards it can cause. Because electricity is a familiar part of our lives, it often is not treated with enough caution. As a result, an average of one worker is electrocuted on the job every day of every year!
В докладе рассматриваются реформы сектора безопасности Украины, дается оценка работы различных институтов, выявлены пробелы, которые исключают возможность создания эффективной, действенной, прозрачной и подотчетной системы безопасности в Украине.
Cyber-Terrorism Finding a Common Starting Point By JeOllieShoresna
Cyber-Terrorism: Finding a Common Starting Point
By
Jeffrey Thomas Biller
B.A., March 1998, University of Washington
M.H.R., June 2004, University of Oklahoma
J.D., May 2007, University of Kansas
A Thesis submitted to
The Faculty of
The George Washington University Law School
in partial satisfaction of the requirements
for the degree of Master of Laws
May 20, 2012
Thesis directed by
Gregory E. Maggs
Professor of Law, Co-director, National Security and U.S. Foreign Relations Law
Program
All rights reserved
INFORMATION TO ALL USERS
The quality of this reproduction is dependent on the quality of the copy submitted.
In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.
All rights reserved. This edition of the work is protected against
unauthorized copying under Title 17, United States Code.
ProQuest LLC.
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
UMI 1515265
Copyright 2012 by ProQuest LLC.
UMI Number: 1515265
ii
Acknowledgements
The author appreciates the generous support of the United States Air Force Jag Corps, for
the opportunity to study; Professor Gregory Maggs, for the excellent feedback and
guidance; and the author’s family, for the time and occasional solitude to complete this
paper.
iii
Disclaimer
Major Jeffrey T. Biller serves in the U.S. Air Force Judge Advocate General’s Corps.
This paper was submitted in partial satisfaction of the requirements for the degree of
Master of Laws in National Security and Foreign Relations at The George Washington
University Law School. The views expressed in this paper are solely those of the author
and do not reflect the official policy or position of the United States Air Force,
Department of Defense or U.S. Government.
iv
Abstract
Cyber-Terrorism: Finding a Common Starting Point
Attacks on computer systems for both criminal and political purposes are on the
rise in both the United States and around the world. Foreign terrorist organizations are
also developing information technology skills to advance their goals. Looking at the
convergence of these two phenomena, many prominent security experts in both
government and private industry have rung an alarm bell regarding the potential for acts
of cyber-terrorism. However, there is no precise definition of cyber-terrorism under
United States law or in practice among cyber-security academicians. The lack of a
common starting point is one of the reasons existing law fails to directly address cyber-
terrorism.
This paper furnishes a lexicon of cyber-related malicious activities and argues for a
common working definition of cyber-terrorism. This definition can be both incorporated
into current counter-terror legislation and used by government agencies to combat cyb ...
Cenet-- capability enabled networking: towards least-privileged networkingJithu Joseph
In today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender or not. The downside of this openness is that every host is vulnerable to an attack by any other host. We ob- serve that this unrestricted network access (network ambient authority) from compromised systems is also a main reason for data exfiltration attacks within corporate networks. We address this issue using the network version of capability based access control. We bring the idea of capabilities and capability-based access control to the domain of networking. CeNet provides policy driven, fine-grained network level access control enforced in the core of the network (and not at the end-hosts) thereby removing network ambient authority. Thus CeNet is able to limit the scope of spread of an attack from a compromised host to other hosts in the network. We built a capability-enabled SDN network where communication privileges of an endpoint are limited according to its function in the network. Network capabilities can be passed between hosts, thereby allowing a delegation-oriented security policy to be realized. We believe that this base functionality can pave the way for the realization of sophisticated security policies within an enterprise network. Further we built a policy manager that is able to realize Role-Based Access Control (RBAC) policy based network access control using capability operations. We also look at some of the results of formal analysis of capability propagation models in the context of networks.
BBA 3551, Information Systems Management 1 Course Lea.docxtarifarmarie
BBA 3551, Information Systems Management 1
Course Learning Outcomes for Unit II
Upon completion of this unit, students should be able to:
4. Explain how information systems can be used to gain and sustain competitive advantage.
4.1 Discuss how collaboration IS can provide competitive advantages for a specific organization.
4.2 Explain why collaboration IS are important from the organization’s perspective.
7. Summarize the requirements for successful collaboration in information systems management.
7.1 Discuss how collaboration tools can improve team communication.
7.2 Identify the tools that will help create a successful collaboration IS.
Course/Unit
Learning Outcomes
Learning Activity
4.1
Unit Lesson
Chapter 2
Chapter 3
Unit II PowerPoint Presentation
4.2
Unit Lesson
Chapter 2
Chapter 3
Unit II PowerPoint Presentation
7.1
Unit Lesson
Chapter 2
Unit II PowerPoint Presentation
7.2
Unit Lesson
Chapter 2
Unit II PowerPoint Presentation
Reading Assignment
Chapter 2: Collaboration Information Systems
Chapter 3: Strategy and Information Systems, Q3-1 – Q3-8
Unit Lesson
Chapter 2 investigates ways that information systems (IS) can support collaboration. It defines collaboration
and discusses collaborative activities and criteria for successful collaboration. It also discusses the kind of
work that collaborative teams do, requirements for collaborative IS, and important collaborative tools for
improving communicating content. The chapter ends with a discussion of collaboration in 2024.
Collaboration and Cooperation
Cooperation occurs when people work together toward a common goal. For example, in teamwork, each
team member is given a task to complete such as a project component. Collaboration occurs when people,
together or remotely, work together toward a common goal (Kroenke & Boyle, 2017). For example, a team
member in California and a team member in Texas might meet using Skype to discuss ideas for a project.
Figure 1 below illustrates collaboration in a team environment. In this illustration, the project manager is
responsible for collaborating with team members who are in different departments. For example, the project
manager may assign a project administrator who will document the various stages of project development,
UNIT II STUDY GUIDE
Collaboration Information Systems and
Strategy and Information Systems
BBA 3551, Information Systems Management 2
UNIT x STUDY GUIDE
Title
assign a person from software development to develop the software application, and assign a person from
operations to set up a testing environment. Each of these team members would work with the project
manager and with each other throughout the project; however, the project manager would be the main point
of contact.
Feedback and iteration are involved so that the
results of the collaborative effort are greater
than could be produced by any of the
individuals .
BEAUTY AND UGLINESS IN OLMEC MONUMENTAL SCULPTUREAuthor.docxtarifarmarie
BEAUTY AND UGLINESS IN OLMEC MONUMENTAL SCULPTURE
Author(s): Claude-François BAUDEZ
Source: Journal de la Société des américanistes, Vol. 98, No. 2 (2012), pp. 7-31
Published by: Société des Américanistes
Stable URL: http://www.jstor.org/stable/24606519
Accessed: 03-07-2018 17:32 UTC
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact [email protected]
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
http://about.jstor.org/terms
Société des Américanistes is collaborating with JSTOR to digitize, preserve and extend access
to Journal de la Société des américanistes
This content downloaded from 128.114.34.22 on Tue, 03 Jul 2018 17:32:47 UTC
All use subject to http://about.jstor.org/terms
BEAUTY AND UGLINESS
IN OLMEC MONUMENTAL SCULPTURE
Claude-François BAUDEZ *
Since our Western art tradition has put such a prize on naturalism, we tend to think that
other civilizations valued it as much as we did and do. I contend that Olmec monumental
art illustrates the opposite, and suggest that the Olmecs most appreciated the
anthropomorphic statues that incorporated feline features, and disliked the very
naturalistic style of the colossal heads. The latter represented the severed heads of
opponents who probably were losers in ritual battles. Therefore they could not claim the
divine patronage of the jaguar, and had to appear just as « plain », ugly people. [Key
words: olmec sculpture, colossal heads, naturalism, beauty, ugliness.]
Du beau et du laid dans la statuaire monumentale olmèque. Dans la mesure où l'art
occidental a toujours valorisé le naturalisme, nous avons tendance à penser que cette
appréciation a été universelle. Je soutiens ici que l'art monumental olmèque illustre le
contraire et suggère que les Olmèques appréciaient les statues anthropomorphes qui
intégraient des traits félins, mais n'aimaient pas le style très naturaliste des têtes
colossales. Celles-ci représentaient les têtes coupées de rivaux malheureux aux batailles
rituelles. Pour cela, elles ne pouvaient se réclamer du divin patronage du jaguar, et
devaient se contenter de représenter des gens quelconques, sans beauté. [Mots-clés:
statuaire olmèque, têtes colossales, naturalisme, beau, laid.]
De lo bello y de lo feo en las esculturas monumentales olmecas. Ya que el arte occidental
ha siempre valorado el naturalismo, tenemos tendencia a creer que esta apreciaciôn ha
sido universal. Aqui sostengo que el arte monumental olmeca refleja lo contrario.
Propongo que los olmecas apreciaban las estatuas antropomorfas que incorporaban
rasgos del jaguar y despreciaban el estilo muy naturalista de las cabezas colosales. Estas
ultimas rep.
August 4, 2011 TAX FLIGHT IS A MYTH Higher State .docxtarifarmarie
August 4, 2011
TAX FLIGHT IS A MYTH
Higher State Taxes Bring More Revenue, Not More Migration
By Robert Tannenwald, Jon Shure, and Nicholas Johnson1
Executive Summary
Attacks on sorely-needed increases in state tax revenues often include the unproven claim that tax
hikes will drive large numbers of households — particularly the most affluent — to other states.
The same claim also is used to justify new tax cuts. Compelling evidence shows that this claim is
false. The effects of tax increases on migration are, at most, small — so small that states that raise
income taxes on the most affluent households can be assured of a substantial net gain in revenue.
The basic facts, as this report explains, are as follows:
Migration is not common. Most people have strong ties to their current state, such as job,
home, family, friends, and community. On average, just 1.7 percent of U.S. residents moved
from one state to another per year between 2001 and 2010, and only about 30 percent of those
born in the United States change their state of residence over the course of their entire lifetime.
And when people do relocate, a large body of scholarly evidence shows that they do so
primarily for new jobs, cheaper housing, or a better climate. A person’s age, education, marital
status, and a host of other factors also affect decisions about moving.
The migration that’s occurring is much more likely to be driven by cheaper housing
than by lower taxes. A family might be able to cut its taxes by a few percentage points by
moving from one state to another, but housing costs are far more variable. The difference
between housing costs in two different states is often many times greater than the difference in
taxes. So what might look like migration in search of lower taxes is really often migration for
cheaper housing.
Consider Florida, often claimed as a state that attracts households because of its low taxes
(Florida has no income tax). In the latter half of the 2000s, the previously rapid influx of U.S.
migrants into Florida slowed and then reversed — Florida actually started losing population.
The state enacted no tax policy change that can explain this reversal. What did change was
1 Dylan Grundman, Anna Kawar, Eleni Orphinades, and Ashali Singham contributed to this report.
820 First Street NE, Suite 510
Washington, DC 20002
Tel: 202-408-1080
Fax: 202-408-1056
[email protected]
www.cbpp.org
2
housing prices. Previously, the state’s lower housing prices had enabled Northeastern
homeowners to increase their personal wealth by selling their pricey houses and purchasing a
comparable or better home in Florida at a lower price. But housing prices in Florida rose
sharply during the mid-2000s, narrowing opportunities for Northeasterners to “trade up” on
their expensive homes. And consider California: its loss of househ.
BHA 3202, Standards for Health Care Staff 1 Course Le.docxtarifarmarie
BHA 3202, Standards for Health Care Staff 1
Course Learning Outcomes for Unit II
Upon completion of this unit, students should be able to:
4. Discuss the impact personal skills have on the workplace.
4.1 Describe the various types of personal goals that can affect professional development.
Course/Unit
Learning Outcomes
Learning Activity
4
Unit Lesson
Chapter 11
Unit II Essay
4.1
Unit Lesson
Chapter 3
Unit II Essay
Reading Assignment
Chapter 3: Setting Goals and Time Management
Chapter 11: Professionalism in Action
Unit Lesson
José has decided to apply for the position of healthcare administrator at his clinic. Jane suggested that he
should think about where he wants his career to go from the short-term to the long-term before he interviews
for the position she will be vacating next month. She has stressed to him that professionalism, and all that the
term implies, is the key characteristic that the healthcare administration position requires. José will need to
reflect on his goals and the manner in which he presents himself to his colleagues at the clinic.
In Chapter 3 of your textbook, we look at how to set goals and utilize time management skills to enhance our
skills, knowledge, and abilities in the healthcare administration field. Let us look first at the different types of
goals we can set, starting with the types of goals to consider:
personal,
educational,
career, and
community.
Personal goals are the things that make life interesting. We may want to learn to ski or try skydiving one day.
Having personal goals enhances one's self-concepts and self-esteem. They can be as simple as going to a
new movie or planning for retirement.
Education and lifelong learning should be something all professionals keep in mind, and setting educational
goals is an important part of being a professional. Being in this program is clearly a part of an educational
goal that you have set for yourself. Being successful at meeting educational goals also tells others that you
are someone who can meet goals too.
UNIT II STUDY GUIDE
Goals and Professionalism
BHA 3202, Standards for Health Care Staff 2
Another type of goal the healthcare professional must address is the career goal. You have already
demonstrated that you have set a career goal by enrolling in this program and course. While these are clearly
educational goals, they actually are also career goals. As José is learning, advancing in his career at his
healthcare clinic is now a career goal of his and one that he needs to plan for carefully to ensure success.
José is wondering what exactly community goals are and if he has any and just does not know it. As Chapter
3 explains, we are all a part of a community, and we all contribute in some way to our communities. José is a
part of the healthcare clinic community because he and associates go out for dinner once a mo.
Assignment – 8600-341 (Leading and motivating a team effectiv.docxtarifarmarie
Assignment – 8600-341 (Leading and motivating a team effectively) - Part A
This document is for guidance only – to be used in the classroom workshop. Your actual assignment must be completed on the electronic template you will find on Online Services.
Part A (AC 1.1, 1.2, 1.3, 2.1, 2.2,2.3) (800 to 1,500 words)
The assessment requirements for this unit are as follows:
Learning Outcome One - Know how to communicate the organisations vision and strategy to the team
AC1.1 Explain the importance of the team having a common sense of purpose that supports the overall
vision and strategy of the organisation
AC1.2 Explain the role that communication plays in establishing a common sense of purpose
AC1.3 Assess the effectiveness of own communication skills on the basis of the above
Learning Outcome Two - Know how to motivate and develop the team
AC2.1 Describe the main motivational factors in a work context and how these may apply to different
situations, teams and individuals
AC2.2 Explain the importance of a leader being able to motivate teams and individuals and gain their
commitment to objectives
AC2.3 Explain the role that the leader plays in supporting and developing the team and its members and
give practical examples of when this will be necessary
NAME:
Khalid aljohari
COHORT:
COMPANY:
WORD COUNT
LEARNING OUTCOME 1 – Know how to communicate the organisations vision and strategy to the team
AC1.1 Explain the importance of the team having a common sense of purpose that supports the overall vision and strategy of the organisation (approx. 200 words)
Type here:
· Talk about motivation
· Think team charter
· About DIB vision
AC1.2 Explain the role that communication plays in establishing a common sense of purpose
(pprox.. 200 words)
Type here:
· Task understanding
· Leader creditability
· Help positive environment
· Working together
· Better performance
· accuracy
· Less waste
· Less mistake
AC1.3 Assess the effectiveness of own communication skills on the basis of the above (approx. 200 words)
Type here:
· Active listening
· How to get feedback
· Communicate creatively
· Write side effect
LEARNING OUTCOME 2 - Know how to motivate and develop the team
AC2.1 Describe the main motivational factors in a work context and how these may apply to different situations, teams and individuals (approx. 200 words)
Type here:
· Range about main factors
· MOZ Lose and Mayo
· Mayo achievements
· Talk about bonus and achievement
AC2.2 Explain the importance of a leader being able to motivate teams and individuals and gain their commitment to objectives (approx. 200 words)
Type here:
· Details explanation
· Why is import for leader and motivate team
· Individual commitment and objective
AC2.3 Explain the role that the leader plays in supporting and developing the team and its members and give practical examples of when this will be necessary (pprox.. 200 words)
Type here:
·.
BIOEN 4250 BIOMECHANICS I Laboratory 4 – Principle Stres.docxtarifarmarie
BIOEN 4250: BIOMECHANICS I
Laboratory 4 – Principle Stress and Strain
November 13– 16, 2018
TAs: Allen Lin ([email protected]), Kelly Smith ([email protected])
Lab Quiz: A 10-point lab quiz, accounting for 10% of the lap report grade, will be given at the beginning of
class. Be familiar with the entire protocol.
Objective: The objective of this experiment is to measure the strains along three different axes surrounding
a point on a cantilever beam, calculate the principal strains and stresses, and compare the result
with the stress calculated from the flexure formula for such a beam.
Background: The ability to measure strain is critical to materials testing as well as many other applications in
engineering. However, strain gages that adhere to a surface can alter the local strain environment
if the material (or tissue) of interest is less stiff than the gage itself. For this reason, contact strain
gages (or strain gages that attach directly to a surface) are not typically used for the testing of soft
tissues such as ligament, arteries, or skin. However, when the material is on the stiffer side, or
when the absolute value of the strain is less important than the detection of the mere presence of
strain itself, contact strain gages are very useful. An example of a stiffer biological material would
be bone. However, due to the porous nature of bone, one needs to be extremely careful that the
strain gage is properly adhered to the material’s surface. Other applications range from real world
stress analysis of a structure (e.g., a wing of an aircraft during flight) to strain gages incorporated
into medical equipment to ensure proper function (e.g., gages wrapped around the tubing in a
hospital infusion pump to detect blockages in the line – since the tube swells more than it should
when the fluid path is occluded).
One common engineering loading case that involves a planar stress field (i.e., the only non-zero
stresses are in the same plane), is that of beam bending. Beam bending will be covered in greater
detail during lecture. However, in order to ensure you know the basics of what is going on in this
lab, we will cover some fundamental topics. The simplest case of beam loading is that of a
cantilever beam that is completely anchored at one end and loaded at a point along its length
(Fig. 1). In Figure 1, 𝑃 is the applied load, ℎ is the thickness of the beam (with 𝑐 as the half-
thickness), 𝑥 is the distance from the fixed wall to the location where we want to measure stress
and strain (point 𝑎), and 𝐿 is the length of the beam. There are a couple key points to know about
this loading scenario:
1. As the beam bends downward, the material above the midline (the dashed line) is in
tension and the material below that line is in compression.
2. At the top and bottom free surfaces, there is only axial stress, and zero shear stress.
3. At the midline (dashed line, also referred to as neutral axis)
BHR 4680, Training and Development 1 Course Learning .docxtarifarmarie
BHR 4680, Training and Development 1
Course Learning Outcomes for Unit I
Upon completion of this unit, students should be able to:
1. Discuss the training implications of behavioral and cognitive learning in the training environment.
1.1 Discuss the influences and learning in the workplace that contribute to training and
development.
2. Compare the relationship between human resources and human resource development functions in a
large global organization to the functions of a small global organization.
2.1 Explain the use of training and development as a contributing factor to business success.
Course/Unit
Learning Outcomes
Learning Activity
1.1
Unit I Lesson
Chapter 1
Chapter 2
Unit I Assessment
2.1
Unit I Lesson
Chapter 1
Chapter 2
Unit I Assessment
Reading Assignment
Chapter 1: Introduction to Employee Training and Development, pp. 7-50
Chapter 2: Strategic Training, pp. 65-89, 104-105
Unit Lesson
Human Resource Management and Human Resource Development
Human resource management (HRM) consists of seven functions: strategy and planning, equal employment
opportunities (EEO), talent management, risk management and worker protection, recruitment and staffing,
rewards, and employee and labor relations (Mathis, Jackson, Valentine, & Meglich, 2017). HRM plays a vital
role in human resource development (HRD). In HRM, you have the human resource manager who is
responsible for all functions of human resources (HR), compared to an HRD manager who is solely
responsible for training and development and project management for HR. HRD is the use of training and
development, organizational development, and career development to improve overall effectiveness within
the organization (Noe, 2017). In creating the needed training and development plan for an organization, HRM
and HRD work collaboratively, or it can be an individual effort by each entity. According to Noe (2017),
organizations can allow training to be a part of HRM, but that can lead to less attention being provided and
less focus being applied than when allowing the training aspect to be handled by HRD. Regardless of the
choice, training and development requires a team effort from upper management, middle management,
frontline managers and workers, and others.
UNIT I STUDY GUIDE
Introduction to Training and Development
BHR 4680, Training and Development 2
UNIT x STUDY GUIDE
Title
What Is Learning?
Learning is when employees acquire “knowledge, skills, competencies, attitudes, or behaviors” (Noe, 2017,
p. 5). During the learning and training processes, you must consider your audience type(s) and the learning
style(s) of your audience members. Your audience types can consist of high-tech, low-tech, or lay audience
members or a combination of these types. With learning styles ranging from tactile learners to auditory
learners to visual learners, you, as the manager, must be able to deliver training .
Business Plan 2016 Owners Mick & Sheryl Dun.docxtarifarmarie
Business Plan 2016
Owners Mick & Sheryl Dundee
6 Gumnut Road, DANDENONG, VIC, 3025
(03) 9600 7000 [email protected]
Confidentiality Agreement
The undersigned reader acknowledges that the information provided by National Camper Trailers in this
business plan is confidential; therefore, reader agrees not to disclose it without the express written
permission of National Camper Trailers.
It is acknowledged by reader that information to be furnished in this business plan is in all respects
confidential in nature, other than information which is in the public domain through other means and that
any disclosure or use of same by reader may cause serious harm or damage to National Camper Trailers.
Upon request, this document is to be immediately returned to National Camper Trailers.
___________________
Signature
___________________
Name (typed or printed)
___________________
Date
This is a business plan. It does not imply an offering of securities.
Table of Contents
Page 1
Contents
1.0 Objectives ................................................................................................................................. 2
1.1 Mission .................................................................................................................................. 2
1.2 Keys to Success..................................................................................................................... 2
2.0 Company Summary .................................................................................................................. 2
2.1 Company Ownership ............................................................................................................ 3
2.2 Company History .................................................................................................................. 3
2.3 Performance over the past 10 years ...................................................................................... 4
3.0 Company Structure ................................................................................................................... 6
3.1 Factory and Manufacturing ................................................................................................... 6
3.2 Assembly and Fitout ............................................................................................................. 6
3.3 Finance and administration. .................................................................................................. 6
3.3 Human Resources and WHS ................................................................................................. 7
3.4 Sales and Marketing .............................................................................................................. 7
4.0 SWOR Analysis ....................................................................................................................
Assignment Guidelines NR224 Fundamentals - Skills
NR224 Safety Goals RUA.docx Revised 06/14/2016 BME 1
Required Uniform Assignment: National Patient Safety Goals
PURPOSE
This exercise is designed to increase the students' awareness of the National Patient Safety Goals developed
by The Joint Commission. Specifically, this assignment will introduce the Speak Up Initiatives, an award-
winning patient safety program designed to help patients promote their own safety by proactively taking
charge of their healthcare.
COURSE OUTCOMES
This assignment enables the student to meet the following course outcomes.
CO #2: Apply the concepts of health promotion and illness prevention in the laboratory setting. (PO #2)
CO #8: Explain the rationale for selected nursing interventions based upon current nursing literature. (PO
#8)
DUE DATE
Week 6
Campus: As directed by your faculty member
Online: As directed by your faculty member
POINTS
50 points
REQUIREMENTS
1. Select a Speak Up brochure developed by The Joint Commission. Follow this link to the proper
website: http://www.jointcommission.org/topics/speakup_brochures.aspx.
2. Write a short paper reviewing the brochure. Use the Grading Criteria (below) to structure your
critique, and include current nursing or healthcare research to support your critique.
a. The length of the paper is to be no greater than three pages, double spaced, excluding title
page and reference page. Extra pages will not be read and will not count toward your grade.
3. This assignment will be graded on quality of information presented, use of citations, and use of
Standard English grammar, sentence structure, and organization based on the required components.
4. Create the review using Microsoft Word 2007 (a part of Microsoft Office 2007), the required format for
all Chamberlain documents. You can tell that the document is saved as a MS Word 2007 document
because it will end in “.docx.”
5. Any questions about this paper may be discussed in the weekly Q & A Forum in your online course or
directly with your faculty member if you are taking NR224 on campus.
6. APA format is required with both a title page and reference page. Use the required components of the
review as Level 1 headers (upper- and lowercase, bold, centered).
a. Introduction
b. Summary of Brochure
c. Evaluation of Brochure
d. Conclusion
PREPARING THE PAPER
The following are the best practices in preparing this paper.
1) Read the brochure carefully and take notes. Highlighting important points has been helpful to many
students.
http://www.jointcommission.org/topics/speakup_brochures.aspx
Assignment Guidelines NR224 Fundamentals - Skills
NR224 Safety Goals RUA.docx Revised 06/14/2016 BME 2
2) Title page: Include title of your paper, your name, Chamberlain College of Nursing, NR224
Fundamentals—Skills, faculty name, and the date. Center all items between the .
Brand Extension Marketing Plan 8GB530 Brand Extension Marketi.docxtarifarmarie
Brand Extension Marketing Plan 8
GB530 Brand Extension Marketing Plan: Guide
Introduction
Use this document as your guide to success. All Brand Extension Marketing Plan documents should use 1” margins, 12 pt. font, and include a cover page and a reference page.
For the Brand Extension Marketing Plan Assignments in this class you will not use the usual APA rules which require in-text citations as 1) no marketing plan ever uses direct quoting within its contents, 2) we are making an exception due to the nature of a Marketing Plan Assignment and 3) you will not use double-spacing but instead you will use this document’s formatting.
It is important that you write your Brand Extension Marketing Plan in third person (there is no “I” in a marketing plan), using your own words, and/or paraphrasing instead of direct quoting. Once deposited into the Dropbox for grading, Brand Extension Marketing Plan Assignments are submitted to Turnitin® for a potential plagiarism review, so it continues to be important for you never to use anyone else’s words verbatim.
For each of the Brand Extension Marketing Plan Assignments, you should list, on the reference page, all of the references you used when preparing your plan. Again, you do not need to include the in-text parentheses noting references and timeframes as normally required in our APA Assignments, but you do need to use APA to format your references list. If you have any questions on this exception to using APA, let me know.
All the components of the Marketing Plan are assessed using the following:
Subject Mastery Rubric: Knowledge (Can define major ideas) or Comprehension (Can discuss major ideas) or Application (Can apply major concepts to new situations).
A MARKETING PLAN IS THE FOUNDATION FOR ALL MARKETING EFFORTSBeginning your Brand Extension Marketing Plan: The Product Proposal
The major project in this course is to complete a Brand Extension Marketing Plan for one new product on the behalf of an existing for-profit organization.
As you begin your project, you need to first assume you have the role of a marketing manager for one,new, currently not available from your selected Brand Company, product on the behalf of a real, for-profit organization. Consider this a “brand extension”: you are adding a product to an existing company’s product line.
Think about your selection – the proposal is for a New Product for a New Market of consumers! Extend the Brand Name into new product markets by offering a “new to the company” product.
Companies may do this by buying an existing product, or importing a new product and putting their brand name on it – or they develop their own product to compete in the new market.
Module 1 BEMP Proposal - What will your project be about?
Submit your response to the following questions as a Product Proposal:
1. What is the brand name of your for-profit business/organization?
1. What is the new product, not currently in existence, that will generate revenue for .
Building a Dynamic Organization The Stanley Lynch Investme.docxtarifarmarie
" Building a Dynamic Organization
The Stanley Lynch Investment Group is a large investment firm headquartered in New York. The firm has 12 major investment funds, each with analysts operating in a separate department. Along with knowledge of the financial markets and the businesses it analyzes, Stanley Lynch’s competitive advantage comes from its advanced and reliable computer systems. Thus an effective information technology (IT) divi-sion is a strategic necessity, and the company’s chief infor-mation officer (CIO) holds a key role at the firm.
When the company hired J. T. Kundra as a manager of technology, he learned that the IT division at Stanley Lynch consisted of 68 employees, most of whom specialized in serving the needs of a particular fund. The IT employees serving a fund operated as a distinct group, each of them led by a manager who supervised several employees. (Five employees reported to J. T.)
He also learned that each group set up its own computer system to store information about its projects. The problems with that arrangement quickly became evident. As J. T. tried to direct his group’s work, he would ask for documentation of one program or another. Sometimes, no one was sure where to find the documentation; often he would get three different responses from three different people with three versions of the documentation. And if he was interested in another group’s project or a software program used in another department, getting information was next to impos-sible. He lacked the authority to ask employees in another group to drop what they were doing to hunt down informa-tion he needed.
J. T. concluded that the entire IT division could serve the firm much better if all authorized people had easy access to the work that had already been done and the software that was available. The logical place to store that informa-tion was online. He wanted to get all IT projects set up in a cloud so that file sharing, and therefore knowledge sharing, would be more efficient and reliable. A challenge would be to get the other IT groups to buy in to the new system given that he had authority over so few of the IT workers.
J. T. started by working with his group to blueprint how the system would work. Then he met with two higher-level managers who report to the CIO. He showed them the plan and explained that fast access to information would improve the IT group’s quality and efficiency, thus increasing the pro-ductivity of the entire firm. He suggested that the managers require all IT employees to use the cloud system. He even persuaded them that their use of the system should be mea-sured for performance appraisals, which directly impacts annual bonuses.
The various IT groups quickly came to appreciate that the system would enhance performance. Adoption was swift, and before long, the IT employees came to think of it as one of their most important software systems.
DISCUSSION QUESTIONS
1. Give an example of differentiation in Stan.
BBA 4351, International Economics 1 Course Learning O.docxtarifarmarie
BBA 4351, International Economics 1
Course Learning Outcomes for Unit I
Upon completion of this unit, students should be able to:
1. Appraise how globalization contributes to greater economic interdependence.
1.1 Explain the importance of globalization in terms of the law of comparative advantage.
2. Discuss how comparative advantages lead to gains from international trade.
2.1 Explain the principle of absolute and comparative advantage.
Course/Unit
Learning Outcomes
Learning Activity
1.1
Unit I Lesson
Chapter 1
Unit I Essay
2.1
Unit I Lesson
Chapter 2
Unit I Essay
Reading Assignment
Chapter 1: The International Economy and Globalization
Chapter 2: Foundations of Modern Trade Theory: Comparative Advantage
Unit Lesson
Globalization
Today, every part of the world is connected, and no country can be completely secluded and stand by itself.
In other words, countries in a global economy must be interdependent. Throughout this course, you will learn
how a nation interacts with other countries in the global economy. More specifically, you will understand how
principles of economics can be applied to the global economy where countries are interdependent.
There are a number of advantages and disadvantages to globalization as listed in the chart below from the
textbook.
The Unit l Lesson provides some new perspectives on various stages of globalization. Baldwin (2016) briefly
summarizes four important phases of globalization that occurred during the past 200,000 years. The textbook
stresses the fact that the third phase of globalization began with the steam engine and other significant
improvements in transportation, increasing trade in goods and services among different parts of the world
(Carbaugh, 2017). The fourth phase of globalization, which is not mentioned in our textbook, involves the
transfer of rich-country technologies to workers in poor countries. This, in turn, has increased productivity and
expedited industrialization in those poor countries. Baldwin (2016) argues that a reorientation of strategy and
policy in both rich and poor countries is necessary. Rich countries need to develop better rules for governing
foreign investment and intellectual property rights as well as concentrate on the training and welfare of
workers rather than the preservation of particular jobs.
UNIT I STUDY GUIDE
International Economy and
Comparative Advantage
BBA 4351, International Economics 2
UNIT x STUDY GUIDE
Title
Think about what the next stage of globalization will be. It is not going to be industrialization for sure. What
might it be? Some experts believe the next phase of globalization will be Big Data—a large volume of
complex datasets that can be used in decision-making in various fields.
The United States as an Open Economy
The U.S. economy is a part of the global economy and, therefore, has been integrated into global markets in
past decades. Duri.
BSL 4060, Team Building and Leadership 1 Course Learn.docxtarifarmarie
BSL 4060, Team Building and Leadership 1
Course Learning Outcomes for Unit I
Upon completion of this unit, students should be able to:
1. Summarize the determinants of high-performance teams.
1.1 Discuss the four Cs of team performance.
1.2 Explain how each of the four Cs contributes to improved performance.
4. Explain the importance of teamwork in an organization.
4.1 Explain the two types of self-directed work teams and the three generic team types.
4.2 Discuss how an organization's context of culture, structure, and systems supports teamwork.
Reading Assignment
Chapter 1: The Search for the High-Performing Team
Chapter 2: Context: Laying the Foundation for Team Success
Please use the Business Source Complete database in the CSU Online Library to read the following article:
Warrick, D. D. (2014). What leaders can learn about teamwork and developing high performance teams
from organization development practitioners. OD Practitioner, 46(3), 68-75.
Unit Lesson
This unit begins with a brief history of team building. The first efforts to improve organizations came from T-
groups (training groups) and from the National Training Laboratories in Silver Spring, Maryland. Participants
in T-groups learned to communicate in a more open and honest manner, accept responsibility for their
behavior, and engage in relationships based on equality rather than on hierarchy or status. In 1968, Campbell
and Dunnette conducted a study of the impact of T-groups on organizational performance. They concluded
that while T-groups did help individuals become more comfortable with their ability to manage interpersonal
relationships, T-groups had virtually no impact on organization or team performance. The team-building
paradigm was created to shift from an unstructured T-group to a more focused and defined process for
training a group in collaborative work and problem solving.
UNIT I STUDY GUIDE
The Foundation for Team Success
BSL 4060, Team Building and Leadership 2
UNIT x STUDY GUIDE
Title
The four Cs of high-performing teams were developed as a platform to build effective teams. The first C is
context, or the organizational environment. According to Dyer, Dyer, and Dyer (2013), questions to consider
in relation to the first C include the following.
How important is effective teamwork to accomplishing this particular task?
What type of team (e.g., task team, decision team, self-directed team) do I need?
Do my organization's culture, structure, and processes support teamwork?
The second C is composition, or the skills, attitudes, and experience of the team members. According to
Dyer, et al. (2013), one should consider the following questions.
To what extent do individual members have the technical skills required to complete the task?
To what extent do they have the interpersonal and communication skills required to coordinate their
work with others?
To what .
BHA 3002, Health Care Management 1 Course Learning Ou.docxtarifarmarie
BHA 3002, Health Care Management 1
Course Learning Outcomes for Unit II
Upon completion of this unit, students should be able to:
6. Analyze the finance system in a healthcare organization.
6.1 Examine key differences between for-profit, not-for-profit, and public healthcare facilities.
6.2 Explain the process of creating and balancing a healthcare facility budget.
8. Evaluate ways to improve the quality and economy of patient care.
8.1 Describe the process of quality review and privileging for physicians.
8.2 Discuss the importance of quality initiatives, quality equipment and supplies, and quality
regulations.
8.3 Identify a management problem in a healthcare organization.
Course/Unit
Learning Outcomes
Learning Activity
6.1
Chapter 3 Reading
Unit Assessment
6.2
Chapter 3 Reading
Unit Assessment
8.1
Unit Lesson
Chapter 4 Reading
Unit Assessment
8.2
Unit Lesson
Chapter 4 Reading
Unit Assessment
8.3
Unit Lesson
Chapter 4 Reading
Unit II Project Topic
Reading Assignment
Chapter 3: Financing the Provision of Care
Chapter 4: Quality of Care
Unit Lesson
Evidence-Based Performance Measures
One of the hottest topics in healthcare administration today is evidence-based performance, and you certainly
need a solid understanding of this process in order to function effectively as a healthcare leader moving into
the future. American health care needs to improve. There is no doubt about that. Americans deserve more
bang for the buck that they spend on medical services. One of the most important initiatives to make that
happen is a move to more evidence-based practice.
What evidence-based performance is truly all about, first and foremost, is the patient (UT Health, 2015). In
particular, it is all about making sure that the patient receives care based upon the best and latest research
that is available for the patient’s own particular health problem or set of health problems. It is about giving the
right care, every time, for every patient. Other benefits of a solid evidence-based medicine program include
the ability to assure your own community that your hospital provides high quality care and that you are doing
your own quality review studies to make sure of this. Finally, evidence-based medicine makes sense because
UNIT II STUDY GUIDE
Financing and Quality for
Health Care
BHA 3002, Health Care Management 2
UNIT x STUDY GUIDE
Title
the Centers for Medicare Services (CMS) demands it of us. They will actually pay us more for our services if
we meet evidence-based performance criteria and goals, and they will financially penalize us if we do not
meet evidence-based goals. In short, there are many good reasons to implement evidence-based medicine in
your own medical facility.
Currently, there are several national focus areas for evidence-based medicine programs. These are heart
failure (HF), acute myocardial infarction (AMI), pneumonia (PN), and th.
BBA 3551, Information Systems Management Course Learn.docxtarifarmarie
BBA 3551, Information Systems Management
Course Learning Outcomes for Unit III
Upon completion of this unit, students should be able to:
8. Evaluate major types of hardware and software used by organizations.
8.1 Describe the features of a chosen NoSQL database.
8.2 Discuss how the use of a NoSQL database will affect competitive strategies in this era of IoT
(Internet of Things).
Course/Unit
Learning Outcomes
Learning Activity
8.1
Unit Lesson
Chapter 5
Unit III PowerPoint Presentation
8.2
Unit Lesson
Chapter 4
Chapter 5
Unit III PowerPoint Presentation
Reading Assignment
Chapter 4: Hardware, Software, and Mobile Systems, Q4-1 – Q4-7
Chapter 5: Database Processing, Q5-1 – Q5-7
Unit Lesson
In Unit II, we investigated ways that information systems (IS) can support collaboration, and we reviewed
Porter’s five forces model. In this unit, we will discuss the basic concepts of hardware and software. We will
also discuss open source software development and database management systems and compare the
differences between native and thin-client applications. Lastly, we will explore mobile systems and the
characteristics of quality mobile user experiences.
It is important that business professionals understand hardware components, types of hardware, and
computer data. We will start with bits and bytes. Computers use bits to represent basic units of data such as
ones and zeros. You should know the difference between bits, bytes, kilobytes, megabytes, gigabytes,
terabytes, petabytes, and exabytes (see Figure 1).
Term Definition Abbreviation
Byte A group of binary bits
Kilobyte 1,024 bytes K
Megabyte 1,024 K or 1, 048, 576 bytes MB
Gigabyte 1,024 MB or 1,073,741,824 bytes GB
Terabyte 1,024 GB or 1,099,511,627,776 bytes TB
Petabyte 1024 TB or 1, 125,899,906,842,624 bytes PB
Exabyte 1,024 PB or 1,152,921,504,606,846,976 bytes EB
Figure 1: Storage capacity terminology
(Kroenke & Boyle, 2017)
UNIT III STUDY GUIDE
Hardware, Software, and Mobile
Systems and Database Processing
BBA 3551, Information Systems Management 2
UNIT x STUDY GUIDE
Title
A byte generally contains eight bits. A switch can be open or closed. An open switch represents 0 or off, and
a closed switch represents 1 or on. Bits are basic units of data, such as ones and zeros, while data can be
represented by variables such as numbers, images, graphics, and characters to name a few (Kroenke &
Boyle, 2017).
The categories of computer software are clients and servers. Personal computers (PCs) use non-mobile
operating systems (OSs) such as Microsoft (MS) Windows and Apple Macintosh (Mac) OS X. Remember that
OSs are developed for specific hardware and are often referred to as native applications. In other words, MS
Windows was created specifically for hardware-based PC systems, so you cannot install MS Windows on an
Apple Mac as a base OS, nor can you install the Apple OS on a PC-based.
Afro-Asian Inquiry and the Problematics of Comparative Cr.docxtarifarmarie
Afro-Asian Inquiry and the Problematics of Comparative Critique
Author(s): Antonio T. Tiongson Jr.
Source: Critical Ethnic Studies, Vol. 1, No. 2 (Fall 2015), pp. 33-58
Published by: University of Minnesota Press
Stable URL: http://www.jstor.org/stable/10.5749/jcritethnstud.1.2.0033
Accessed: 07-08-2017 18:56 UTC
REFERENCES
Linked references are available on JSTOR for this article:
http://www.jstor.org/stable/10.5749/jcritethnstud.1.2.0033?seq=1&cid=pdf-
reference#references_tab_contents
You may need to log in to JSTOR to access the linked references.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact [email protected]
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
http://about.jstor.org/terms
University of Minnesota Press is collaborating with JSTOR to digitize, preserve and extend
access to Critical Ethnic Studies
This content downloaded from 128.122.149.154 on Mon, 07 Aug 2017 18:56:44 UTC
All use subject to http://about.jstor.org/terms
P 3 3 O
Afro-Asian Inquiry and the
Problematics of Comparative Critique
A N T O N I O T. T I O N G S O N J R .
This article represents a critical engagement with the “comparative turn” in ethnic studies; that is, an interrogation of the broader implications of
the ascendancy and valorization of comparative critique as a central cate-
gory of analysis and an index of contemporary ethnic studies scholarship
through a critical consideration of a select body of writing predicated on a
comparative approach. Spurred by the perceived inadequacies of a biracial
framing and theorizing of race and racialization (i.e., the so-called black/
white paradigm), thinking comparatively has become an imperative to the
project of ethnic studies, heralding a paradigmatic and analytic shift and
inaugurating what one cultural analyst describes as a new stage in the evo-
lution of ethnic studies, “one long postponed by a standoff between a mul-
tiracial model limited by a national horizon and a diasporic model that
lacked historical ground for conducting cross-racial analysis.”1
As a number of race and ethnic studies scholars posit, comparative anal-
ysis is increasingly viewed as indispensable to the project of ethnic studies.
In an edited volume titled Black and Brown in Los Angeles: Beyond Con-
flict and Coalition, for example, Josh Kun and Laura Pulido make the point
that comparative ethnic studies has emerged “as a substantive field within
the discipline of ethnic studies itself,” generating a fairly robust and rapidly
expanding archive of comparative scholarship.2 Echoing these remarks,
Marta E. Sanchez speaks of “the renaissance of comparative studies of race
and.
BBA 2201, Principles of Accounting I 1 Course Learnin.docxtarifarmarie
BBA 2201, Principles of Accounting I 1
Course Learning Outcomes for Unit VIII
Upon completion of this unit, students should be able to:
1. Examine the accounting cycle.
2. Identify business transactions.
3. Generate inventory systems and costing methods.
4. Appraise the classes and transactions of liabilities.
4.1 Describe the three main characteristics of liabilities.
4.2 Explain why it is important to classify liabilities into short and long term.
6. Analyze financial statements to inform decision makers.
8. Compare International Financial Reporting Standards (IFRS) to Generally Accepted Accounting
Principles (GAAP).
Course/Unit
Learning Outcomes
Learning Activity
1 Final Exam
2 Final Exam
3 Final Exam
4
Unit Lesson
Chapter 11
Chapter 14
4.1
Unit Lesson
Chapter 11
Chapter 14
Unit VIII Essay
4.2
Unit Lesson
Chapter 11
Chapter 14
Unit VIII Essay
6 Final Exam
7 Final Exam
8 Final Exam
Reading Assignment
Chapter 11: Current Liabilities and Payroll
Chapter 14: Long-Term Liabilities
UNIT VIII STUDY GUIDE
Liabilities
BBA 2201, Principles of Accounting I 2
UNIT x STUDY GUIDE
Title
Unit Lesson
Liabilities
In the accounting equation, assets = liabilities + equity, we can see that there are two claims to the assets of a
business—creditors and owners. The accounting equation can also be written as: assets – liabilities = equity.
In this equation, we can see that the liabilities of a business require the use of assets to satisfy the amount
owed.
A liability is an amount owed to lenders, suppliers, or government agencies and requires the use of assets or
future revenues to satisfy the debt. There are two categories of liabilities—current and long term. A current
liability is the amount owed that must be paid within one year or within the company’s operating cycle,
whichever is longer (Miller-Nobles, Mattison, & Matsumura, 2018).
The most common current liability is accounts payable. An account payable is an amount due a vendor or
supplies for products, supplies or services (Miller-Nobles et al., 2018). Retail businesses will also have sales
tax payable. Sales tax payable is the amount of sales tax collected by the retailer that must be remitted to the
tax agencies (Miller-Nobles et al., 2018). Because the accounts payable and sales tax payable are due within
one year (generally due within 30 days) they are a current liability.
Some businesses will receive cash payments in advance of providing a service, which is referred to as
unearned revenue (or deferred revenue). Many gyms and fitness centers will have deferred revenue. If you
have ever paid for a year’s membership at the beginning of the year to receive a discount, then you were
involved in a transaction with unearned revenue. The gym does not earn the revenue until they have provided
you with the monthly membership.
For example: If you were to purchase a one year.
ARH2000 Art & Culture USF College of the Arts 1 .docxtarifarmarie
ARH2000 Art & Culture
USF College of the Arts
1
Art & Identity Research Project
15 points / 15% of final grade
Submit via the link provided in Canvas.
OVERVIEW
For this final project you will research two (2) contemporary artists who deal with the theme of
identity. In addition, you will reflect upon and propose an imagined artwork that relates to your own
concept of identity. (Do not worry if you are not artistically inclined, you are NOT expected to create an
actual finished art piece; it is merely a proposal for something you imagine.). The final project will be
presented as a well-researched PowerPoint presentation. Scholarly research and a Works Cited
page/slide are important components of this project.
HOW TO PREPARE
1. Engage with the presentation: “Art & Identity”
2. Read/review the following from the textbook: Chapter 4.9 (The Body in Art) and 4.10 (Identity, Race, &
Gender in Art); pp. 189 (grey box); 357-359
ARTIST RESEARCH
1. Choose two (2) artists from the list on page three of these instructions. Research your
chosen artists in relation to their interest in a theme of “Identity”.
2. You must use at least three different types of sources in your research project: The artwork
itself will be one source – the most important primary source. Therefore, you must research and
find at least two (2) other types of sources (interview with the artists, scholarly articles, books,
museum website etc.) to use in your study. Most will need to exceed this minimum for a robust
presentation. See page 189 of your textbook for a list of possible primary and secondary sources.
Further resources on how to get started are found in the subheading “Resources” below. You can
find many sources in the library or in one of the library’s databases.
3. Your selection of artists should be intentional and surround a specific sub-topic of identity.
Your research should not focus on identity in only a broad and general way. Clearly identify the sub-
topic that relates to your artists. For example, you may find artists that are similarly interested in
any of the following sub-topics below:
the fluidity of identity
deconstructing cultural, social, or political difference
feminist critique
diversity or artists who create work that explores related cultures, groups, or societies
You may consider choosing artists that work in the same medium (for example, performance
art, painting, or installation) and how that material choice imparts meaning to their work.
4. After selecting your sub-topic and artists, you must decide on a title for your project.
ARH2000 Art & Culture
USF College of the Arts
2
5. Your research into the artists should include biographical information and an examination of the
artists’ approaches. In a PowerPoint presentation of your research, include the following:
a. Biographies of each artist:
i. Image of the artist (photo, sketch, etc.)
ii. Brief biography:.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
1. C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National
Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber
attack using security techniques
established to protect much smaller and less complex
environments. He proposes a brand
new type of national infrastructure protection methodology and
outlines a strategy presented
as a series of ten basic design and operations principles ranging
from deception to response.
The bulk of the text covers each of these principles in technical
detail. While several of these
principles would be daunting to implement and practice they
provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This
text is thought-provoking and
should be a ‘must read’ for anyone concerned with
cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,
Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
2. Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and
weaknesses of our critical infra-
structure balanced against practices that reduce the exposures.
This is an excellent guide
to the understanding of the cyber-scape that the security
professional navigates. The book
takes complex concepts of security and simplifi es it into
coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to
communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks
and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around
the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of
threats by botnets suggests that
this cyber security issue has become a serious problem, and we
are losing the war against
these attacks.
“While computer security technologies will be useful for
network systems, the reality
tells us that this conventional approach is not effective enough
for the complex, large-scale
national infrastructure.
3. “Not only does the author provide comprehensive
methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security
through obscurity,’ which
attempts to use secrecy to provide security.”
— Byeong Gi Lee ,
President, IEEE Communications Society, and
Commissioner of the Korea Communications Commission
(KCC)
C y b e r A t t a c k s
Protecting National
Infrastructure
Edward G. Amoroso
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Butterworth-Heinemann is an imprint of Elsevier
Acquiring Editor: Pam Chester
Development Editor: Gregory Chalson
Project Manager: Paul Gottehrer
Designer: Alisa Andreola
Butterworth-Heinemann is an imprint of Elsevier
5. property as a matter of products liability,
negligence or otherwise, or from any use or operation of any
methods, products, instructions, or
ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Amoroso, Edward G.
Cyber attacks : protecting national infrastructure / Edward
Amoroso.
p. cm.
Includes index.
ISBN 978-0-12-384917-5
1. Cyberterrorism—United States—Prevention. 2. Computer
security—United States. 3. National
security—United States. I. Title.
HV6773.2.A47 2011
363.325�90046780973—dc22 2010040626
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British
Library.
Printed in the United States of America
10 11 12 13 14 10 9 8 7 6 5 4 3 2 1
For information on all BH publications visit our website at
www.elsevierdirect.com/security
CONTENTS v
CONTENTS
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . ix
13. PREFACE
Man did not enter into society to become worse than he was
before,
nor to have fewer rights than he had before, but to have those
rights better secured.
Thomas Paine in Common Sense
Before you invest any of your time with this book, please take
a
moment and look over the following points. They outline my
basic philosophy of national infrastructure security. I think that
your reaction to these points will give you a pretty good idea of
what your reaction will be to the book.
1. Citizens of free nations cannot hope to express or enjoy
their freedoms if basic security protections are not provided.
Security does not suppress freedom—it makes freedom
possible.
2. In virtually every modern nation, computers and
networks
power critical infrastructure elements. As a result, cyber
attackers can use computers and networks to damage or ruin
the infrastructures that citizens rely on.
3. Security protections, such as those in security books,
were
designed for small-scale environments such as enterprise
computing environments. These protections do not extrapo-
late to the protection of massively complex infrastructure.
4. Effective national cyber protections will be driven
14. largely by
cooperation and coordination between commercial, indus-
trial, and government organizations. Thus, organizational
management issues will be as important to national defense
as technical issues.
5. Security is a process of risk reduction, not risk removal.
Therefore, concrete steps can and should be taken to
reduce, but not remove, the risk of cyber attack to national
infrastructure.
6. The current risk of catastrophic cyber attack to national
infra-
structure must be viewed as extremely high, by any realistic
measure. Taking little or no action to reduce this risk would be
a foolish national decision.
The chapters of this book are organized around ten basic
principles that will reduce the risk of cyber attack to national
infrastructure in a substantive manner. They are driven by
x PREFACE
experiences gained managing the security of one of the largest,
most complex infrastructures in the world, by years of learning
from various commercial and government organizations, and by
years of interaction with students and academic researchers in
the security fi eld. They are also driven by personal experiences
dealing with a wide range of successful and unsuccessful cyber
attacks, including ones directed at infrastructure of considerable
value. The implementation of the ten principles in this book will
require national resolve and changes to the way computing and
networking elements are designed, built, and operated in the
context of national infrastructure. My hope is that the sugges-
15. tions offered in these pages will make this process easier.
ACKNOWLEDGMENT xi
ACKNOWLEDGMENT
The cyber security experts in the AT&T Chief Security Offi
ce, my
colleagues across AT&T Labs and the AT&T Chief Technology
Offi ce, my colleagues across the entire AT&T business, and my
graduate and undergraduate students in the Computer Science
Department at the Stevens Institute of Technology, have had
a profound impact on my thinking and on the contents of this
book. In addition, many prominent enterprise customers of
AT&T with whom I’ve had the pleasure of serving, especially
those in the United States Federal Government, have been great
infl uencers in the preparation of this material.
I’d also like to extend a great thanks to my wife Lee, daugh-
ter Stephanie (17), son Matthew (15), and daughter Alicia (9)
for
their collective patience with my busy schedule.
Edward G. Amoroso
Florham Park, NJ
September 2010
This page intentionally left blank
1
17. National infrastructure, especially in the United States, has
always been vulnerable to malicious physical attacks such as
equipment tampering, cable cuts, facility bombing, and asset
theft. The events of September 11, 2001, for example, are the
most prominent and recent instance of a massive physical attack
directed at national infrastructure. During the past couple of
decades, however, vast portions of national infrastructure have
become reliant on software, computers, and networks. This reli-
ance typically includes remote access, often over the Internet, to
1
1 E.W. Dijkstra, Selected Writings on Computing: A
Personal Perspective , Springer-Verlag,
New York, 1982, pp. 212–213.
2 T. Friedman, The World Is Flat: A Brief History of the
Twenty-First Century , Farrar,
Straus, and Giroux, New York, 2007. (Friedman provides a
useful economic backdrop to
the global aspect of the cyber attack trends suggested in this
chapter.)
2 Chapter 1 INTRODUCTION
the systems that control national services. Adversaries thus
can
initiate cyber attacks on infrastructure using worms, viruses,
leaks, and the like. These attacks indirectly target national
infra-
structure through their associated automated controls systems
(see Figure 1.1 ).
A seemingly obvious approach to dealing with this national
cyber threat would involve the use of well-known computer
18. security techniques. After all, computer security has matured
substantially in the past couple of decades, and considerable
expertise now exists on how to protect software, computers, and
networks. In such a national scheme, safeguards such as fi re-
walls, intrusion detection systems, antivirus software,
passwords,
scanners, audit trails, and encryption would be directly embed-
ded into infrastructure, just as they are currently in small-scale
environments. These national security systems would be con-
nected to a centralized threat management system, and inci-
dent response would follow a familiar sort of enterprise process.
Furthermore, to ensure security policy compliance, one would
expect the usual programs of end-user awareness, security train-
ing, and third-party audit to be directed toward the people
build-
ing and operating national infrastructure. Virtually every
national
infrastructure protection initiative proposed to date has
followed
this seemingly straightforward path. 3
While well-known computer security techniques will certainly
be useful for national infrastructure, most practical experience
to date suggests that this conventional approach will not be suf-
fi cient. A primary reason is the size, scale, and scope inherent
in
complex national infrastructure. For example, where an enter-
prise might involve manageably sized assets, national
infrastruc-
ture will require unusually powerful computing support with
the ability to handle enormous volumes of data. Such volumes
Indirect
Cyber
Attacks
20. Chapter 1 INTRODUCTION 3
will easily exceed the storage and processing capacity of
typical
enterprise security tools such as a commercial threat manage-
ment system. Unfortunately, this incompatibility confl icts with
current initiatives in government and industry to reduce costs
through the use of common commercial off-the-shelf products.
In addition, whereas enterprise systems can rely on manual
intervention by a local expert during a security disaster, large-
scale national infrastructure generally requires a carefully
orches-
trated response by teams of security experts using
predetermined
processes. These teams of experts will often work in different
groups, organizations, or even countries. In the worst cases,
they will cooperate only if forced by government, often sharing
just the minimum amount of information to avoid legal conse-
quences. An additional problem is that the complexity
associated
with national infrastructure leads to the bizarre situation where
response teams often have partial or incorrect understand-
ing about how the underlying systems work. For these reasons,
seemingly convenient attempts to apply existing small-scale
security processes to large-scale infrastructure attacks will ulti-
mately fail (see Figure 1.2 ).
As a result, a brand-new type of national infrastructure protec-
tion methodology is required—one that combines the best ele-
ments of existing computer and network security techniques
with
the unique and diffi cult challenges associated with complex,
large-
scale national services. This book offers just such a protection
21. methodology for national infrastructure. It is based on a quarter
century of practical experience designing, building, and
operating
Small-Scale
Small Volume
Possibly Manual
Local Expert
High
Focused
High Volume
Large-Scale
Process-Based
Distributed Expertise
Partial or Incorrect
Broad
Collection
Emergency
Expertise
Knowledge
22. Analysis
Large-Scale
Attributes
Complicate
Cyber Security
Figure 1.2 Differences between small- and large-scale cyber
security.
National infrastructure
databases far exceed the
size of even the largest
commercial databases.
4 Chapter 1 INTRODUCTION
cyber security systems for government, commercial, and con-
sumer infrastructure. It is represented as a series of protection
principles that can be applied to new or existing systems.
Because
of the unique needs of national infrastructure, especially its
mas-
sive size, scale, and scope, some aspects of the methodology
will
be unfamiliar to the computer security community. In fact,
certain
elements of the approach, such as our favorable view of
“security
through obscurity,” might appear in direct confl ict with
conven-
tional views of how computers and networks should be
protected.
23. National Cyber Threats, Vulnerabilities,
and Attacks
Conventional computer security is based on the oft-repeated
tax-
onomy of security threats which includes confi dentiality,
integrity,
availability, and theft. In the broadest sense, all four diverse
threat
types will have applicability in national infrastructure. For
example,
protections are required equally to deal with sensitive
information
leaks (confi dentiality ), worms affecting the operation of some
criti-
cal application (integrity), botnets knocking out an important
system
(availability), or citizens having their identities compromised
(theft).
Certainly, the availability threat to national services must be
viewed
as particularly important, given the nature of the threat and its
rela-
tion to national assets. One should thus expect particular
attention to
availability threats to national infrastructure. Nevertheless, it
makes
sense to acknowledge that all four types of security threats in
the
conventional taxonomy of computer security must be addressed
in
any national infrastructure protection methodology.
Vulnerabilities are more diffi cult to associate with any taxon-
omy. Obviously, national infrastructure must address well-
known
problems such as improperly confi gured equipment, poorly
24. designed local area networks, unpatched system software,
exploit-
able bugs in application code, and locally disgruntled employ-
ees. The problem is that the most fundamental vulnerability in
national infrastructure involves the staggering complexity
inher-
ent in the underlying systems. This complexity is so pervasive
that many times security incidents uncover aspects of computing
functionality that were previously unknown to anyone,
including
sometimes the system designers. Furthermore, in certain cases,
the optimal security solution involves simplifying and cleaning
up
poorly conceived infrastructure. This is bad news, because most
large organizations are inept at simplifying much of anything.
The best one can do for a comprehensive view of the vulner-
abilities associated with national infrastructure is to address
their
Any of the most common
security concerns—
confi dentiality, integrity,
availability, and theft—
threaten our national
infrastructure.
Chapter 1 INTRODUCTION 5
relative exploitation points. This can be done with an abstract
national infrastructure cyber security model that includes three
types of malicious adversaries: external adversary (hackers on
the Internet), internal adversary (trusted insiders), and
supplier
25. adversary (vendors and partners). Using this model, three
exploi-
tation points emerge for national infrastructure: remote access
(Internet and telework), system administration and normal
usage
(management and use of software, computers, and networks),
and supply chain (procurement and outsourcing) (see Figure
1.3 ).
These three exploitation points and three types of adversaries
can be associated with a variety of possible motivations for
initi-
ating either a full or test attack on national infrastructure.
Remote
Access
System
Administration and
Normal Usage
External
Adversary
Three Exploitation Points
National Infrastructure
Three Adversaries
Supply
Chain
26. Internal
Adversary
Software
Computers
Networks
Supplier
Adversary
Figure 1.3 Adversaries and exploitation points in national
infrastructure.
Five Possible Motivations for an
Infrastructure Attack
● Country-sponsored warfare —National infrastructure
attacks sponsored and funded by enemy countries must be
considered the most signifi cant potential motivation, because
the intensity of adversary capability and willingness to
attack is potentially unlimited.
● Terrorist attack —The terrorist motivation is also signifi
cant, especially because groups driven by terror can easily
obtain suffi cient capability and funding to perform signifi cant
attacks on infrastructure.
● Commercially motivated attack —When one company
chooses to utilize cyber attacks to gain a commercial
advantage, it becomes a national infrastructure incident if the
target company is a purveyor of some national asset.
27. ● Financially driven criminal attack —Identify theft is the
most common example of a fi nancially driven attack by
criminal groups, but other cases exist, such as companies being
extorted to avoid a cyber incident.
● Hacking —One must not forget that many types of
attacks are still driven by the motivation of hackers, who are
often
just mischievous youths trying to learn or to build a reputation
within the hacking community. This is much less a
sinister motivation, and national leaders should try to identify
better ways to tap this boundless capability and energy.
6 Chapter 1 INTRODUCTION
Each of the three exploitation points might be utilized in a
cyber attack on national infrastructure. For example, a supplier
might use a poorly designed supply chain to insert Trojan horse
code into a software component that controls some national
asset, or a hacker on the Internet might take advantage of some
unprotected Internet access point to break into a vulnerable ser-
vice. Similarly, an insider might use trusted access for either
sys-
tem administration or normal system usage to create an attack.
The potential also exists for an external adversary to gain valu-
able insider access through patient, measured means, such as
gaining employment in an infrastructure-supporting organiza-
tion and then becoming trusted through a long process of work
performance. In each case, the possibility exists that a limited
type of engagement might be performed as part of a planned test
or exercise. This seems especially likely if the attack is country
or
terrorist sponsored, because it is consistent with past practice.
28. At each exploitation point, the vulnerability being used might
be a well-known problem previously reported in an authoritative
public advisory, or it could be a proprietary issue kept hidden
by
a local organization. It is entirely appropriate for a recognized
authority to make a detailed public vulnerability advisory if the
benefi ts of notifying the good guys outweigh the risks of alert-
ing the bad guys. This cost–benefi t result usually occurs when
many organizations can directly benefi t from the information
and can thus take immediate action. When the reported vulner-
ability is unique and isolated, however, then reporting the
details
might be irresponsible, especially if the notifi cation process
does
not enable a more timely fi x. This is a key issue, because many
government authorities continue to consider new rules for man-
datory reporting. If the information being demanded is not prop-
erly protected, then the reporting process might result in more
harm than good.
Botnet Threat
Perhaps the most insidious type of attack that exists today is
the
botnet . 4 In short, a botnet involves remote control of a
collec-
tion of compromised end-user machines, usually broadband-
connected PCs. The controlled end-user machines, which are
referred to as bots , are programmed to attack some target that
is
designated by the botnet controller. The attack is tough to stop
4 Much of the material on botnets in this chapter is derived
from work done by Brian
Rexroad, David Gross, and several others from AT&T.
When to issue a
29. vulnerability risk advisory
and when to keep the
risk confi dential must be
determined on a case-
by-case basis, depending
on the threat.
Chapter 1 INTRODUCTION 7
because end-user machines are typically administered in an
inef-
fective manner. Furthermore, once the attack begins, it occurs
from sources potentially scattered across geographic, political,
and service provider boundaries. Perhaps worse, bots are pro-
grammed to take commands from multiple controller systems,
so
any attempts to destroy a given controller result in the bots sim-
ply homing to another one.
The Five Entities That Comprise a Botnet Attack
● Botnet operator —This is the individual, group, or
country that creates the botnet, including its setup and
operation.
When the botnet is used for fi nancial gain, it is the operator
who will benefi t. Law enforcement and cyber security
initiatives have found it very diffi cult to identify the operators.
The press, in particular, has done a poor job reporting
on the presumed identity of botnet operators, often suggesting
sponsorship by some country when little supporting
evidence exists.
● Botnet controller —This is the set of servers that
command and control the operation of a botnet. Usually these
30. servers have been maliciously compromised for this purpose.
Many times, the real owner of a server that has
been compromised will not even realize what has occurred. The
type of activity directed by a controller includes
all recruitment, setup, communication, and attack activity.
Typical botnets include a handful of controllers, usually
distributed across the globe in a non-obvious manner.
● Collection of bots —These are the end-user, broadband-
connected PCs infected with botnet malware. They are
usually owned and operated by normal citizens, who become
unwitting and unknowing dupes in a botnet attack.
When a botnet includes a concentration of PCs in a given
region, observers often incorrectly attribute the attack
to that region. The use of smart mobile devices in a botnet will
grow as upstream capacity and device processing
power increase.
● Botnet software drop —Most botnets include servers
designed to store software that might be useful for the botnets
during their lifecycle. Military personnel might refer to this as
an arsenal . Like controllers, botnet software drop
points are usually servers compromised for this purpose, often
unknown to the normal server operator.
● Botnet target —This is the location that is targeted in the
attack. Usually, it is a website, but it can really be any
device, system, or network that is visible to the bots. In most
cases, botnets target prominent and often controversial
websites, simply because they are visible via the Internet and
generally have a great deal at stake in terms of their
availability. This increases gain and leverage for the attacker.
Logically, however, botnets can target anything visible.
The way a botnet works is that the controller is set up to com-
municate with the bots via some designated protocol, most often
31. Internet Relay Chat (IRC). This is done via malware inserted
into
the end-user PCs that comprise the bots. A great challenge in
this
regard is that home PCs and laptops are so poorly administered.
Amazingly, over time, the day-to-day system and security
admin-
istration task for home computers has gravitated to the end user.
8 Chapter 1 INTRODUCTION
This obligation results in both a poor user experience and gen-
eral dissatisfaction with the security task. For example, when a
typical computer buyer brings a new machine home, it has prob-
ably been preloaded with security software by the retailer. From
this point onward, however, that home buyer is then tasked with
all responsibility for protecting the machine. This includes
keep-
ing fi rewall, intrusion detection, antivirus, and antispam
software
up to date, as well as ensuring that all software patches are cur-
rent. When these tasks are not well attended, the result is a
more
vulnerable machine that is easily turned into a bot. (Sadly, even
if a machine is properly managed, expert bot software designers
might fi nd a way to install the malware anyway.)
Once a group of PCs has been compromised into bots, attacks
can thus be launched by the controller via a command to the
bots, which would then do as they are instructed. This might
not occur instantaneously with the infection; in fact, experi-
ence suggests that many botnets lay dormant for a great deal of
time. Nevertheless, all sorts of attacks are possible in a bot-
net arrangement, including the now-familiar distributed denial
32. of service attack (DDOS). In such a case, the bots create more
inbound traffi c than the target gateway can handle. For
example,
if some theoretical gateway allows for 1 Gbps of inbound traffi
c,
and the botnet creates an inbound stream larger than 1 Gbps,
then a logjam results at the inbound gateway, and a denial of
service condition occurs (see Figure 1.4 ).
Any serious present study of cyber security must acknowl-
edge the unique threat posed by botnets. Virtually any Internet-
connected system is vulnerable to major outages from a
botnet-originated DDOS attack. The physics of the situation are
especially depressing; that is, a botnet that might steal 500
Kbps
Broadband
Carriers
Capacity Excess
Creates Jam
Bots
Target A’s
Designated
Carrier
1 Gbps
Ingress
Target A
33. 1 Gbps DDOS Traffic
Aimed at Target A
Figure 1.4 Sample DDOS attack from a botnet.
Home PC users may never
know they are being used
for a botnet scheme.
A DDOS attack is like a
cyber traffi c jam.
Chapter 1 INTRODUCTION 9
of upstream capacity from each bot (which would generally
allow
for concurrent normal computing and networking) would only
need three bots to collapse a target T1 connection. Following
this
logic, only 16,000 bots would be required theoretically to fi ll
up
a 10-Gbps connection. Because most of the thousands of bot-
nets that have been observed on the Internet are at least this
size,
the threat is obvious; however, many recent and prominent bot-
nets such as Storm and Confi cker are much larger, comprising
as
many as several million bots, so the threat to national
infrastruc-
ture is severe and immediate.
National Cyber Security Methodology
34. Components
Our proposed methodology for protecting national infrastruc-
ture is presented as a series of ten basic design and operation
principles. The implication is that, by using these principles as
a guide for either improving existing infrastructure components
or building new ones, the security result will be desirable,
includ-
ing a reduced risk from botnets. The methodology addresses all
four types of security threats to national infrastructure; it also
deals with all three types of adversaries to national
infrastructure,
as well as the three exploitation points detailed in the
infrastruc-
ture model. The list of principles in the methodology serves as a
guide to the remainder of this chapter, as well as an outline for
the remaining chapters of the book:
● Chapter 2: Deception —The openly advertised use of
deception
creates uncertainty for adversaries because they will not know
if a discovered problem is real or a trap. The more common hid-
den use of deception allows for real-time behavioral analysis if
an intruder is caught in a trap. Programs of national infrastruc-
ture protection must include the appropriate use of deception,
especially to reduce the malicious partner and supplier risk.
● Chapter 3: Separation —Network separation is currently
accomplished using fi rewalls, but programs of national infra-
structure protection will require three specifi c changes.
Specifi cally, national infrastructure must include network-
based fi rewalls on high-capacity backbones to throttle DDOS
attacks, internal fi rewalls to segregate infrastructure and
reduce the risk of sabotage, and better tailoring of fi rewall fea-
tures for specifi c applications such as SCADA protocols. 5
5 R. Kurtz, Securing SCADA Systems , Wiley, New York,
35. 2006. (Kurtz provides an excellent
overview of SCADA systems and the current state of the
practice in securing them.)
10 Chapter 1 INTRODUCTION
● Chapter 4: Diversity —Maintaining diversity in the
products,
services, and technologies supporting national infrastruc-
ture reduces the chances that one common weakness can be
exploited to produce a cascading attack. A massive program
of coordinated procurement and supplier management is
required to achieve a desired level of national diversity across
all assets. This will be tough, because it confl icts with most
cost-motivated information technology procurement initia-
tives designed to minimize diversity in infrastructure.
● Chapter 5: Commonality —The consistent use of security
best
practices in the administration of national infrastructure
ensures that no infrastructure component is either poorly
managed or left completely unguarded. National programs
of standards selection and audit validation, especially with
an emphasis on uniform programs of simplifi cation, are thus
required. This can certainly include citizen end users, but one
should never rely on high levels of security compliance in the
broad population.
● Chapter 6: Depth —The use of defense in depth in
national
infrastructure ensures that no critical asset is reliant on a
single security layer; thus, if any layer should fail, an addi-
tional layer is always present to mitigate an attack. Analysis is
required at the national level to ensure that all critical assets
36. are protected by at least two layers, preferably more.
● Chapter 7: Discretion —The use of personal discretion in
the
sharing of information about national assets is a practical
technique that many computer security experts fi nd diffi cult
to accept because it confl icts with popular views on “security
through obscurity.” Nevertheless, large-scale infrastructure
protection cannot be done properly unless a national culture
of discretion and secrecy is nurtured. It goes without saying
that such discretion should never be put in place to obscure
illegal or unethical practices.
● Chapter 8: Collection —The collection of audit log
informa-
tion is a necessary component of an infrastructure security
scheme, but it introduces privacy, size, and scale issues not
seen in smaller computer and network settings. National
infrastructure protection will require a data collection
approach that is acceptable to the citizenry and provides the
requisite level of detail for security analysis.
● Chapter 9: Correlation —Correlation is the most
fundamen-
tal of all analysis techniques for cyber security, but modern
attack methods such as botnets greatly complicate its use for
attack-related indicators. National-level correlation must be
performed using all available sources and the best available
Chapter 1 INTRODUCTION 11
technology and algorithms. Correlating information around a
botnet attack is one of the more challenging present tasks in
cyber security.
37. ● Chapter 10: Awareness —Maintaining situational
awareness is
more important in large-scale infrastructure protection than
in traditional computer and network security because it helps
to coordinate the real-time aspect of multiple infrastructure
components. A program of national situational awareness
must be in place to ensure proper management decision-
making for national assets.
● Chapter 11: Response —Incident response for national
infra-
structure protection is especially diffi cult because it gener-
ally involves complex dependencies and interactions between
disparate government and commercial groups. It is best
accomplished at the national level when it focuses on early
indications, rather than on incidents that have already begun
to damage national assets.
The balance of this chapter will introduce each principle, with
discussion on its current use in computer and network security,
as
well as its expected benefi ts for national infrastructure
protection.
Deception
The principle of deception involves the deliberate introduc-
tion of misleading functionality or misinformation into national
infrastructure for the purpose of tricking an adversary. The idea
is that an adversary would be presented with a view of national
infrastructure functionality that might include services or inter-
face components that are present for the sole purpose of fakery.
Computer scientists refer to this functionality as a honey pot ,
but the use of deception for national infrastructure could go
far beyond this conventional view. Specifi cally, deception can
be used to protect against certain types of cyber attacks that
38. no other security method will handle. Law enforcement agen-
cies have been using deception effectively for many years, often
catching cyber stalkers and criminals by spoofi ng the reported
identity of an end point. Even in the presence of such obvi-
ous success, however, the cyber security community has yet to
embrace deception as a mainstream protection measure.
Deception in computing typically involves a layer of clev-
erly designed trap functionality strategically embedded into the
internal and external interfaces for services. Stated more
simply,
deception involves fake functionality embedded into real inter-
faces. An example might be a deliberately planted trap link on
Deception is an oft-used
tool by law enforcement
agencies to catch cyber
stalkers and predators.
12 Chapter 1 INTRODUCTION
a website that would lead potential intruders into an environ-
ment designed to highlight adversary behavior. When the decep-
tion is open and not secret, it might introduce uncertainty for
adversaries in the exploitation of real vulnerabilities, because
the
adversary might suspect that the discovered entry point is a
trap.
When it is hidden and stealth, which is the more common situa-
tion, it serves as the basis for real-time forensic analysis of
adver-
sary behavior. In either case, the result is a public interface that
includes real services, deliberate honey pot traps, and the inevi-
table exploitable vulnerabilities that unfortunately will be pres-
39. ent in all nontrivial interfaces (see Figure 1.5 ).
Only relatively minor tests of honey pot technology have
been reported to date, usually in the context of a research effort.
Almost no reports are available on the day-to-day use of decep-
tion as a structural component of a real enterprise security
program. In fact, the vast majority of security programs for
com-
panies, government agencies, and national infrastructure would
include no such functionality. Academic computer scientists
have shown little interest in this type of security, as evidenced
by
the relatively thin body of literature on the subject. This lack of
interest might stem from the discomfort associated with using
computing to mislead. Another explanation might be the relative
ineffectiveness of deception against the botnet threat, which is
clearly the most important security issue on the Internet today.
Regardless of the cause, this tendency to avoid the use of
decep-
tion is unfortunate, because many cyber attacks, such as subtle
break-ins by trusted insiders and Trojan horses being
maliciously
inserted by suppliers into delivered software, cannot be easily
remedied by any other means.
The most direct benefi t of deception is that it enables foren-
sic analysis of intruder activity. By using a honey pot, unique
insights into attack methods can be gained by watching what
is occurring in real time. Such deception obviously works best
in a hidden, stealth mode, unknown to the intruder, because if
Interface to
Valid Services
Trap Interface
40. to Honey Pot
Should Resemble
Valid Services
Vulnerabilities
Possible
Uncertainty
Real
Assets
Honey
Pot
???
Figure 1.5 Components of an interface with deception.
Deception is less effective
against botnets than other
types of attack methods.
Chapter 1 INTRODUCTION 13
the intruder realizes that some vulnerable exploitation point is
a fake, then no exploitation will occur. Honey pot pioneers Cliff
Stoll, Bill Cheswick, and Lance Spitzner have provided a major-
ity of the reported experience in real-time forensics using honey
41. pots. They have all suggested that the most diffi cult task
involves
creating believability in the trap. It is worth noting that
connect-
ing a honey pot to real assets is a terrible idea.
An additional potential benefi t of deception is that it can
introduce the clever idea that some discovered vulnerability
might instead be a deliberately placed trap. Obviously, such an
approach is only effective if the use of deception is not hidden;
that is, the adversary must know that deception is an approved
and accepted technique used for protection. It should therefore
be obvious that the major advantage here is that an accidental
vulnerability, one that might previously have been an open door
for an intruder, will suddenly look like a possible trap. A
further
profound notion, perhaps for open discussion, is whether just
the implied statement that deception might be present (perhaps
without real justifi cation) would actually reduce risk.
Suppliers,
for example, might be less willing to take the risk of Trojan
horse insertion if the procuring organization advertises an open
research and development program of detailed software test and
inspection against this type of attack.
Separation
The principle of separation involves enforcement of access
policy
restrictions on the users and resources in a computing environ-
ment. Access policy restrictions result in separation domains,
which are arguably the most common security architectural
concept in use today. This is good news, because the creation of
access-policy-based separation domains will be essential in the
protection of national infrastructure. Most companies today will
typically use fi rewalls to create perimeters around their
presumed
42. enterprise, and access decisions are embedded in the associated
rules sets. This use of enterprise fi rewalls for separation is
com-
plemented by several other common access techniques:
● Authentication and identity management —These
methods are
used to validate and manage the identities on which separa-
tion decisions are made. They are essential in every enterprise
but cannot be relied upon solely for infrastructure security.
Malicious insiders, for example, will be authorized under such
systems. In addition, external attacks such as DDOS are unaf-
fected by authentication and identity management.
Do not connect honey pots
to real assets!
14 Chapter 1 INTRODUCTION
● Logical access controls —The access controls inherent
in oper-
ating systems and applications provide some degree of sepa-
ration, but they are also weak in the presence of compromised
insiders. Furthermore, underlying vulnerabilities in appli-
cations and operating systems can often be used to subvert
these methods.
● LAN controls —Access control lists on local area
network
(LAN) components can provide separation based on infor-
mation such as Internet Protocol (IP) or media access control
(MAC) address. In this regard, they are very much like fi
rewalls
but typically do not extend their scope beyond an isolated
43. segment.
● Firewalls —For large-scale infrastructure, fi rewalls are
particu-
larly useful, because they separate one network from another.
Today, every Internet-based connection is almost certainly
protected by some sort of fi rewall functionality. This approach
worked especially well in the early years of the Internet,
when the number of Internet connections to the enterprise
was small. Firewalls do remain useful, however, even with
the massive connectivity of most groups to the Internet. As a
result, national infrastructure should continue to include the
use of fi rewalls to protect known perimeter gateways to the
Internet.
Given the massive scale and complexity associated with
national infrastructure, three specifi c separation enhancements
are required, and all are extensions of the fi rewall concept.
Required Separation Enhancements for National
Infrastructure Protection
1. The use of network-based fi rewalls is absolutely
required for many national infrastructure applications,
especially
ones vulnerable to DDOS attacks from the Internet. This use of
network-based mediation can take advantage of
high-capacity network backbones if the service provider is
involved in running the fi rewalls.
2. The use of fi rewalls to segregate and isolate internal
infrastructure components from one another is a mandatory
technique for simplifying the implementation of access control
policies in an organization. When insiders have
malicious intent, any exploit they might attempt should be
explicitly contained by internal fi rewalls.
44. 3. The use of commercial off-the-shelf fi rewalls, especially
for SCADA usage, will require tailoring of the fi rewall to the
unique protocol needs of the application. It is not acceptable for
national infrastructure protection to retrofi t the use
of a generic, commercial, off-the-shelf tool that is not optimized
for its specifi c use (see Figure 1.6 ).
Chapter 1 INTRODUCTION 15
With the advent of cloud computing, many enterprise and
government agency security managers have come to acknowl-
edge the benefi ts of network-based fi rewall processing. The
approach scales well and helps to deal with the uncontrolled
complexity one typically fi nds in national infrastructure. That
said, the reality is that most national assets are still secured by
placing a fi rewall at each of the hundreds or thousands of pre-
sumed choke points. This approach does not scale and leads
to a false sense of security. It should also be recognized that the
fi rewall is not the only device subjected to such scale
problems.
Intrusion detection systems, antivirus fi ltering, threat manage-
ment, and denial of service fi ltering also require a network-
based
approach to function properly in national infrastructure.
An additional problem that exists in current national infrastruc-
ture is the relative lack of architectural separation used in an
internal,
trusted network. Most security engineers know that large
systems are
best protected by dividing them into smaller systems. Firewalls
or
packet fi ltering routers can be used to segregate an enterprise
45. net-
work into manageable domains. Unfortunately, the current state
of
the practice in infrastructure protection rarely includes a
disciplined
approach to separating internal assets. This is unfortunate,
because
it allows an intruder in one domain to have access to a more
expan-
sive view of the organizational infrastructure. The threat
increases
when the fi rewall has not been optimized for applications such
as
SCADA that require specialized protocol support.
Required New Separation
Mechanisms
(Less Familiar)
Existing Separation
Mechanisms
(Less Familiar)
Internet Service Provider
Commercial and
Government
Infrastructure
Commercial
47. domains creates an
environment that is easier
to protect.
16 Chapter 1 INTRODUCTION
Diversity
The principle of diversity involves the selection and use of
tech-
nology and systems that are intentionally different in substan-
tive ways. These differences can include technology source,
programming language, computing platform, physical location,
and product vendor. For national infrastructure, realizing such
diversity requires a coordinated program of procurement to
ensure a proper mix of technologies and vendors. The purpose
of
introducing these differences is to deliberately create a measure
of non-interoperability so that an attack cannot easily cascade
from one component to another through exploitation of some
common vulnerability. Certainly, it would be possible, even in a
diverse environment, for an exploit to cascade, but the
likelihood
is reduced as the diversity profi le increases.
This concept is somewhat controversial, because so much
of computer science theory and information technology prac-
tice in the past couple of decades has been focused on maxi-
mizing interoperability of technologies. This might help explain
the relative lack of attentiveness that diversity considerations
receive in these fi elds. By way of analogy, however, cyber
attacks
on national infrastructure are mitigated by diversity technol-
ogy just as disease propagation is reduced by a diverse biologi-
cal ecosystem. That is, a problem that originates in one area of
48. infrastructure with the intention of automatic propagation will
only succeed in the presence of some degree of interoperability.
If
the technologies are suffi ciently diverse, then the attack propa-
gation will be reduced or even stopped. As such, national asset
managers are obliged to consider means for introducing diver-
sity in a cost-effective manner to realize its security benefi ts
(see
Figure 1.7 ).
Attack
Target
Component
3
Attack
Target
Component
2
Non-Diverse
(Attack Propagates)
Diverse
(Attack Propagation Stops)
Attack
Adversary
Target
49. Component
1
Figure 1.7 Introducing diversity to national infrastructure.
Chapter 1 INTRODUCTION 17
Diversity is especially tough to implement in national infra-
structure for several reasons. First, it must be acknowledged
that
a single, major software vendor tends to currently dominate the
personal computer (PC) operating system business landscape
in most government and enterprise settings. This is not likely to
change, so national infrastructure security initiatives must sim-
ply accept an ecosystem lacking in diversity in the PC
landscape.
The profi le for operating system software on computer servers
is
slightly better from a diversity perspective, but the choices
remain
limited to a very small number of available sources. Mobile
oper-
ating systems currently offer considerable diversity, but one
can-
not help but expect to see a trend toward greater consolidation.
Second, diversity confl icts with the often-found organiza-
tional goal of simplifying supplier and vendor relationships;
that
is, when a common technology is used throughout an organiza-
tion, day-to-day maintenance, administration, and training costs
are minimized. Furthermore, by purchasing in bulk, better terms
50. are often available from a vendor. In contrast, the use of
diversity
could result in a reduction in the level of service provided in an
organization. For example, suppose that an Internet service pro-
vider offers particularly secure and reliable network services to
an organization. Perhaps the reliability is even measured to
some
impressive quantitative availability metric. If the organization
is committed to diversity, then one might be forced to actually
introduce a second provider with lower levels of reliability.
In spite of these drawbacks, diversity carries benefi ts that are
indisputable for large-scale infrastructure. One of the great
chal-
lenges in national infrastructure protection will thus involve fi
nd-
ing ways to diversify technology products and services without
increasing costs and losing business leverage with vendors.
Consistency
The principle of consistency involves uniform attention to
secu-
rity best practices across national infrastructure components.
Determining which best practices are relevant for which
national
asset requires a combination of local knowledge about the asset,
as well as broader knowledge of security vulnerabilities in
generic
infrastructure protection. Thus, the most mature approach to
consistency will combine compliance with relevant standards
such as the Sarbanes–Oxley controls in the United States, with
locally derived security policies that are tailored to the
organiza-
tional mission. This implies that every organization charged
with
the design or operation of national infrastructure must have a
51. Enforcing diversity of
products and services
might seem counterintuitive
if you have a reliable
provider.
18 Chapter 1 INTRODUCTION
local security policy. Amazingly, some large groups do not
have
such a policy today.
The types of best practices that are likely to be relevant for
national infrastructure include well-defi ned software lifecycle
methodologies, timely processes for patching software and sys-
tems, segregation of duty controls in system administration,
threat management of all collected security information, secu-
rity awareness training for all system administrators,
operational
confi gurations for infrastructure management, and use of soft-
ware security tools to ensure proper integrity management. Most
security experts agree on which best practices to include in a
generic set of security requirements, as evidenced by the inclu-
sion of a common core set of practices in every security
standard.
Attentiveness to consistency is thus one of the less
controversial
of our recommended principles.
The greatest challenge in implementing best practice consis-
tency across infrastructure involves auditing. The typical audit
process is performed by an independent third-party entity doing
an analysis of target infrastructure to determine consistency
52. with
a desired standard. The result of the audit is usually a numeric
score, which is then reported widely and used for management
decisions. In the United States, agencies of the federal govern-
ment are audited against a cyber security standard known as
FISMA (Federal Information Security Management Act). While
auditing does lead to improved best practice coverage, there
are often problems. For example, many audits are done poorly,
which results in confusion and improper management deci-
sions. In addition, with all the emphasis on numeric ratings,
many agencies focus more on their score than on good security
practice.
Today, organizations charged with protecting national infra-
structure are subjected to several types of security audits.
Streamlining these standards would certainly be a good idea,
but
some additional items for consideration include improving the
types of common training provided to security administrators,
as well as including past practice in infrastructure protection in
common audit standards. The most obvious practical consid-
eration for national infrastructure, however, would be national-
level agreement on which standard or standards would be used
to determine competence to protect national assets. While this is
a straightforward concept, it could be tough to obtain wide con-
currence among all national participants. A related issue
involves
commonality in national infrastructure operational confi gu-
rations; this reduces the chances that a rogue confi guration
A good audit score is
important but should not
replace good security
practices.
A national standard of
53. competence for protecting
our assets is needed.
Chapter 1 INTRODUCTION 19
installed for malicious purposes, perhaps by compromised
insiders.
Depth
The principle of depth involves the use of multiple security
layers
of protection for national infrastructure assets. These layers
pro-
tect assets from both internal and external attacks via the
familiar
“defense in depth” approach; that is, multiple layers reduce the
risk of attack by increasing the chances that at least one layer
will
be effective. This should appear to be a somewhat sketchy situ-
ation, however, from the perspective of traditional engineering.
Civil engineers, for example, would never be comfortable
design-
ing a structure with multiple fl awed supports in the hopes that
one of them will hold the load. Unfortunately, cyber security
experts have no choice but to rely on this fl awed notion,
perhaps
highlighting the relative immaturity of security as an
engineering
discipline.
One hint as to why depth is such an important requirement
is that national infrastructure components are currently con-
trolled by software, and everyone knows that the current state
of software engineering is abysmal. Compared to other types of
54. engineering, software stands out as the only one that accepts the
creation of knowingly fl awed products as acceptable. The
result is
that all nontrivial software has exploitable vulnerabilities, so
the
idea that one should create multiple layers of security defense is
unavoidable. It is worth mentioning that the degree of diversity
in these layers will also have a direct impact on their
effectiveness
(see Figure 1.8 ).
To maximize the usefulness of defense layers in national infra-
structure, it is recommended that a combination of functional
Software engineering
standards do not contain
the same level of quality
as civil and other
engineering standards.
Attack Gets
Through Here...
...Hopefully
Stopped Here
Multiple Layers of Protection
Adversary Target Asset
Asset Protected
Via Depth Approach
55. Figure 1.8 National infrastructure security through defense
in depth.
20 Chapter 1 INTRODUCTION
and procedural controls be included. For example, a common
fi rst layer of defense is to install an access control mechanism
for the admission of devices to the local area network. This
could
involve router controls in a small network or fi rewall access
rules
in an enterprise. In either case, this fi rst line of defense is
clearly
functional. As such, a good choice for a second layer of defense
might involve something procedural, such as the deployment
of scanning to determine if inappropriate devices have gotten
through the fi rst layer. Such diversity will increase the chances
that the cause of failure in one layer is unlikely to cause a
similar
failure in another layer.
A great complication in national infrastructure protection is
that many layers of defense assume the existence of a defi ned
net-
work perimeter. For example, the presence of many fl aws in
enter-
prise security found by auditors is mitigated by the recognition
that intruders would have to penetrate the enterprise perimeter
to
exploit these weaknesses. Unfortunately, for most national
assets,
fi nding a perimeter is no longer possible. The assets of a
country,
for example, are almost impossible to defi ne within some geo-
56. graphic or political boundary, much less a network one.
Security
managers must therefore be creative in identifying controls that
will be meaningful for complex assets whose properties are not
always evident. The risk of getting this wrong is that in
providing
multiple layers of defense, one might misapply the protections
and leave some portion of the asset base with no layers in place.
Discretion
The principle of discretion involves individuals and groups
making good decisions to obscure sensitive information about
national infrastructure. This is done by combining formal man-
datory information protection programs with informal discre-
tionary behavior. Formal mandatory programs have been in
place for many years in the U.S. federal government, where
docu-
ments are associated with classifi cations, and policy enforce-
ment is based on clearances granted to individuals. In the most
intense environments, such as top-secret compartments in
the intelligence community, violations of access policies could
be interpreted as espionage, with all of the associated criminal
implications. For this reason, prominent breaches of highly
clas-
sifi ed government information are not common.
In commercial settings, formal information protection pro-
grams are gaining wider acceptance because of the increased
need to protect personally identifi able information (PII) such as
Naturally, top-secret
information within the
intelligence community is
at great risk for attack or
infi ltration.
57. Chapter 1 INTRODUCTION 21
credit card numbers. Employees of companies around the
world
are starting to understand the importance of obscuring certain
aspects of corporate activity, and this is healthy for national
infra-
structure protection. In fact, programs of discretion for national
infrastructure protection will require a combination of corpo-
rate and government security policy enforcement, perhaps with
custom-designed information markings for national assets. The
resultant discretionary policy serves as a layer of protection to
prevent national infrastructure-related information from reach-
ing individuals who have no need to know such information.
A barrier in our recommended application of discretion is the
maligned notion of “security through obscurity.” Security
experts,
especially cryptographers, have long complained that obscurity
is an unacceptable protection approach. They correctly
reference
the problems of trying to secure a system by hiding its underly-
ing detail. Inevitably, an adversary discovers the hidden design
secrets and the security protection is lost. For this reason, con-
ventional computer security correctly dictates an open approach
to software, design, and algorithms. An advantage of this open
approach is the social review that comes with widespread adver-
tisement; for example, the likelihood is low of software ever
being
correct without a signifi cant amount of intense review by
experts.
So, the general computer security argument against “security
through obscurity” is largely valid in most cases.
58. Nevertheless, any manager charged with the protection of
nontrivial, large-scale infrastructure will tell you that discretion
and, yes, obscurity are indispensable components in a protec-
tion program. Obscuring details around technology used, soft-
ware deployed, systems purchased, and confi gurations managed
will help to avoid or at least slow down certain types of attacks.
Hackers often claim that by discovering this type of informa-
tion about a company and then advertising the weaknesses they
are actually doing the local security team a favor. They suggest
that such advertisement is required to motivate a security team
toward a solution, but this is actually nonsense. Programs
around
proper discretion and obscurity for infrastructure information
are indispensable and must be coordinated at the national level.
Collection
The principle of collection involves automated gathering of
sys-
tem-related information about national infrastructure to enable
security analysis. Such collection is usually done in real time
and
involves probes or hooks in applications, system software, net-
work elements, or hardware devices that gather information of
“Security through
obscurity” may actually
leave assets more
vulnerable to attack than
an open approach would.
22 Chapter 1 INTRODUCTION
interest. The use of audit trails in small-scale computer
security is
59. an example of a long-standing collection practice that
introduces
very little controversy among experts as to its utility. Security
devices such as fi rewalls produce log fi les, and systems
purported
to have some degree of security usefulness will also generate an
audit trail output. The practice is so common that a new type
of product, called a security information management system
(SIMS), has been developed to process all this data.
The primary operational challenge in setting up the right type
of collection process for computers and networks has been two-
fold: First, decisions must be made about what types of
informa-
tion are to be collected. If this decision is made correctly, then
the information collected should correspond to exactly the type
of data required for security analysis, and nothing else. Second,
decisions must be made about how much information is actu-
ally collected. This might involve the use of existing system
func-
tions, such as enabling the automatic generation of statistics on
a router; or it could involve the introduction of some new type
of
function that deliberately gathers the desired information. Once
these considerations are handled, appropriate mechanisms for
collecting data from national infrastructure can be embedded
into the security architecture (see Figure 1.9 ).
The technical and operational challenges associated with the
collection of logs and audit trails are heightened in the protec-
tion of national assets. Because national infrastructure is so
com-
plex, determining what information should be collected turns
out to be a diffi cult exercise. In particular, the potential arises
with large-scale collection to intrude on the privacy of individu-
als and groups within a nation. As such, any initiative to protect
60. Typical Infrastructure
Collection Points
Type and Volume
Issues
Device Status Monitors
Distributed Across
Government and Industry
Interpretation
and Action
Operating System Logs
Network Monitors
Application Hooks
Transport
Issues
Privacy
Issues
Data
Collection
61. Repositories
Figure 1.9 Collecting national infrastructure-related
security information.
Chapter 1 INTRODUCTION 23
infrastructure through the collection of data must include at
least
some measure of privacy policy determination. Similarly, the
vol-
umes of data collected from large infrastructure can exceed
prac-
tical limits. Telecommunications collection systems designed to
protect the integrity of a service provider backbone, for
example,
can easily generate many terabytes of data in hours of
processing.
In both cases, technical and operational expertise must be
applied to ensure that the appropriate data is collected in the
proper amounts. The good news is that virtually all security
protection algorithms require no deep, probing information of
the type that might generate privacy or volumetric issues. The
challenge arises instead when collection is done without proper
advance analysis which often results in the collection of more
data than is needed. This can easily lead to privacy problems in
some national collection repositories, so planning is particularly
necessary. In any event, a national strategy of data collection is
required, with the usual sorts of legal and policy guidance on
who collects what and under which circumstances. As we sug-
gested above, this exercise must be guided by the requirements
for security analysis—and nothing else.
62. Correlation
The principle of correlation involves a specifi c type of
analysis
that can be performed on factors related to national
infrastructure
protection. The goal of correlation is to identify whether
security-
related indicators might emerge from the analysis. For example,
if
some national computing asset begins operating in a sluggish
man-
ner, then other factors would be examined for a possible
correlative
relationship. One could imagine the local and wide area
networks
being analyzed for traffi c that might be of an attack nature. In
addi-
tion, similar computing assets might be examined to determine
if
they are experiencing a similar functional problem. Also, all
soft-
ware and services embedded in the national asset might be ana-
lyzed for known vulnerabilities. In each case, the purpose of the
correlation is to combine and compare factors to help explain a
given security issue. This type of comparison-oriented analysis
is
indispensable for national infrastructure because of its
complexity.
Interestingly, almost every major national infrastructure pro-
tection initiative attempted to date has included a fusion cen-
ter for real-time correlation of data. A fusion center is a
physical
security operations center with means for collecting and ana-
lyzing multiple sources of ingress data. It is not uncommon for
63. such a center to include massive display screens with colorful,
What and how much data
to collect is an operational
challenge.
Only collect as much data
as is necessary for security
purposes.
Monitoring and analyzing
networks and data
collection may reveal
a hidden or emerging
security threat.
24 Chapter 1 INTRODUCTION
visualized representations, nor is it uncommon to fi nd such
cen-
ters in the military with teams of enlisted people performing the
manual chores. This is an important point, because, while such
automated fusion is certainly promising, best practice in cor-
relation for national infrastructure protection must include the
requirement that human judgment be included in the analysis.
Thus, regardless of whether resources are centralized into one
physical location, the reality is that human beings will need to
be
included in the processing (see Figure 1.10 ).
In practice, fusion centers and the associated processes and
correlation algorithms have been tough to implement, even in
small-scale environments. Botnets, for example, involve the use
of source systems that are selected almost arbitrarily. As such,
64. the use of correlation to determine where and why the attack is
occurring has been useless. In fact, correlating geographic
infor-
mation with the sources of botnet activity has even led to many
false conclusions about who is attacking whom. Countless hours
have been spent by security teams poring through botnet infor-
mation trying to determine the source, and the best one can
Correlation Process
Output
Recommended
Actions
Multiple
Ingress Data
Feeds
Comparison and
Analysis of
Relevant Factors
Derive
Real-Time
Conclusions
Figure 1.10 National infrastructure high-level correlation
approach.
65. Three Steps to Improve Current Correlation
Capabilities
1. The actual computer science around correlation
algorithms needs to be better investigated. Little attention has
been
placed in academic computer science and applied mathematics
departments to multifactor correlation of real-time
security data. This could be changed with appropriate funding
and grant emphasis from the government.
2. The ability to identify reliable data feeds needs to be
greatly improved. Too much attention has been placed on ad
hoc collection of volunteered feeds, and this complicates the
ability for analysis to perform meaningful correlation.
3. The design and operation of a national-level fusion center
must be given serious consideration. Some means must be
identifi ed for putting aside political and funding problems in
order to accomplish this important objective.
Chapter 1 INTRODUCTION 25
hope for might be information about controllers or software
drops. In the end, current correlation approaches fall short.
What is needed to improve present correlation capabilities for
national infrastructure protection involves multiple steps.
Awareness
The principle of awareness involves an organization under-
standing the differences, in real time and at all times, between
observed and normal status in national infrastructure. This
66. status
can include risks, vulnerabilities, and behavior in the target
infra-
structure. Behavior refers here to the mix of user activity,
system
processing, network traffi c, and computing volumes in the soft-
ware, computers, and systems that comprise infrastructure. The
implication is that the organization can somehow characterize a
given situation as being either normal or abnormal.
Furthermore,
the organization must have the ability to detect and measure
differences between these two behavioral states. Correlation
analysis is usually inherent in such determinations, but the real
challenge is less the algorithms and more the processes that
must
be in place to ensure situational awareness every hour of every
day. For example, if a new vulnerability arises that has impact
on
the local infrastructure, then this knowledge must be obtained
and factored into management decisions immediately.
Managers of national infrastructure generally do not have to be
convinced that situational awareness is important. The big issue
instead is how to achieve this goal. In practice, real-time aware-
ness requires attentiveness and vigilance rarely found in normal
computer security. Data must fi rst be collected and enabled to
fl ow into a fusion center at all times so correlation can take
place.
The results of the correlation must be used to establish a profi
led
baseline of behavior so differences can be measured. This
sounds
easier than it is, because so many odd situations have the ability
to
mimic normal behavior (when it is really a problem) or a
problem
67. (when it really is nothing). Nevertheless, national infrastructure
protection demands that managers of assets create a locally rele-
vant means for being able to comment accurately on the state of
security at all times. This allows for proper management
decisions
about security (see Figure 1.11 ).
Interestingly, situational awareness has not been considered a
major component of the computer security equation to date. The
concept plays no substantive role in small-scale security, such
as in a home network, because when the computing base to be
protected is simple enough, characterizing real-time situational
status is just not necessary. Similarly, when a security manager
puts in place security controls for a small enterprise, situational
Awareness builds on
collection and correlation,
but is not limited to those
areas alone.
26 Chapter 1 INTRODUCTION
awareness is not the highest priority. Generally, the closest
one
might expect to some degree of real-time awareness for a small
system might be an occasional review of system log fi les. So,
the
transition from small-scale to large-scale infrastructure protec-
tion does require a new attentiveness to situational awareness
that is not well developed. It is also worth noting that the
general
notion of “user awareness” of security is also not the principle
specifi ed here. While it is helpful for end users to have knowl-
edge of security, any professionally designed program of
68. national
infrastructure security must presume that a high percentage
of end users will always make the wrong sorts of security deci-
sions if allowed. The implication is that national infrastructure
protection must never rely on the decision-making of end users
through programs of awareness.
A further advance that is necessary for situational awareness
involves enhancements in approaches to security metrics report-
ing. Where the non-cyber national intelligence community has
done a great job developing means for delivering daily
intelligence
briefs to senior government offi cials, the cyber security
commu-
nity has rarely considered this approach. The reality is that, for
sit-
uation awareness to become a structural component of national
infrastructure protection, valid metrics must be developed to
accurately portray status, and these must be codifi ed into a
suit-
able type of regular intelligence report that senior offi cials can
use to determine security status. It would not be unreasonable to
expect this cyber security intelligence to fl ow from a central
point
such as a fusion center, but in general this is not a requirement.
Response
The principle of response involves assurance that processes
are
in place to react to any security-related indicator that becomes
Large-scale infrastructure
protection requires a
higher level of awareness
than most groups currently
employ.
69. Targeted at
Managers
Collection
Raw Data
Combined Automation and Manual Process
Fusion
Intelligence
Situational
Awareness
Figure 1.11 Real-time situation awareness process fl ow.
Chapter 1 INTRODUCTION 27
available. These indicators should fl ow into the response pro-
cess primarily from the situational awareness layer. National
infrastructure response should emphasize indicators rather
than incidents. In most current computer security applications,
the response team waits for serious problems to occur, usually
including complaints from users, applications running poorly,
and networks operating in a sluggish manner. Once this occurs,
the response team springs into action, even though by this time
the security game has already been lost. For essential national
infrastructure services, the idea of waiting for the service to
degrade before responding does not make logical sense.
70. An additional response-related change for national infra-
structure protection is that the maligned concept of “false posi-
tive” must be reconsidered. In current small-scale environments,
a major goal of the computer security team is to minimize the
number of response cases that are initiated only to fi nd that
nothing was wrong after all. This is an easy goal to reach by
sim-
ply waiting for disasters to be confi rmed beyond a shadow of a
doubt before response is initiated. For national infrastructure,
however, this is obviously unacceptable. Instead, response must
follow indicators, and the concept of minimizing false positives
must not be part of the approach. The only quantitative metric
that must be minimized in national-level response is risk (see
Figure 1.12 ).
A challenge that must be considered in establishing response
functions for national asset protection is that relevant indica-
tors often arise long before any harmful effects are seen. This
suggests that infrastructure protecting must have accurate situ-
ational awareness that considers much more than just visible
impacts such as users having trouble, networks being down, or
services being unavailable. Instead, often subtle indicators must
• Higher False-Positive Rate
• Lower Security Risk
• Recommended for National Infrastructure
Response Process
(pre-attack)
indicator indicator indicator
• Lower False-Positive Rate
71. • Higher Security Risk
• Use for National Infrastructure Only If Required
effect effect effect
Response Process
(post-attack)
attack threshold time
Figure 1.12 National infrastructure security response
approach.
28 Chapter 1 INTRODUCTION
be analyzed carefully, which is where the challenges arise with
false positives. When response teams agree to consider such
indi-
cators, it becomes more likely that such indicators are benign. A
great secret to proper incident response for national infrastruc-
ture is that higher false positive rates might actually be a good
sign.
It is worth noting that the principles of collection, correlation,
awareness, and response are all consistent with the implemen-
tation of a national fusion center. Clearly, response activities
are
often dependent on a real-time, ubiquitous operations center to
coordinate activities, contact key individuals, collect data as it
becomes available, and document progress in the response
activ-
72. ities. As such, it should not be unexpected that national-level
response for cyber security should include some sort of central-
ized national center. The creation of such a facility should be
the
centerpiece of any national infrastructure protection program
and should involve the active participation of all organizations
with responsibility for national services.
Implementing the Principles Nationally
To effectively apply this full set of security principles in
practice
for national infrastructure protection, several practical imple-
mentation considerations emerge:
● Commissions and groups —Numerous commissions and
groups have been created over the years with the purpose of
national infrastructure protection. Most have had some minor
positive impact on infrastructure security, but none has had
suffi cient impact to reduce present national risk to accept-
able levels. An observation here is that many of these commis-
sions and groups have become the end rather than the means
toward a cyber security solution. When this occurs, their likeli-
hood of success diminishes considerably. Future commissions
and groups should take this into consideration.
● Information sharing —Too much attention is placed on
infor-
mation sharing between government and industry, perhaps
because information sharing would seem on the surface to
carry much benefi t to both parties. The advice here is that a
comprehensive information sharing program is not easy to
implement simply because organizations prefer to maintain
a low profi le when fi ghting a vulnerability or attack. In addi-
tion, the presumption that some organization—government
or commercial—might have some nugget of information
that could solve a cyber attack or reduce risk is not generally
73. A higher rate of false
positives must be tolerated
for national infrastructure
protection.
Chapter 1 INTRODUCTION 29
consistent with practice. Thus, the motivation for a commer-
cial entity to share vulnerability or incident-related informa-
tion with the government is low; very little value generally
comes from such sharing.
● International cooperation —National initiatives focused
on
creating government cyber security legislation must acknowl-
edge that the Internet is global, as are the shared services such
as the domain name system (DNS) that all national and global
assets are so dependent upon. Thus, any program of national
infrastructure protection must include provisions for interna-
tional cooperation, and such cooperation implies agreements
between participants that will be followed as long as everyone
perceives benefi t.
● Technical and operational costs —To implement the
princi-
ples described above, considerable technical and operational
costs will need to be covered across government and commer-
cial environments. While it is tempting to presume that the
purveyors of national infrastructure can simply absorb these
costs into normal business budgets, this has not been the case
in the past. Instead, the emphasis should be on rewards and
incentives for organizations that make the decision to imple-
ment these principles. This point is critical because it suggests
75. The use of deception in computing involves
deliberately mislead-
ing an adversary by creating a system component that looks real
but is in fact a trap. The system component, sometimes referred
to
as a honey pot , is usually functionality embedded in a
computing
or networking system, but it can also be a physical asset
designed
to trick an intruder. In both cases, a common interface is
presented
to an adversary who might access real functionality connected
to
real assets, but who might also unknowingly access deceptive
functionality connected to bogus assets. In a well-designed
decep-
tive system, the distinction between real and trap functionality
should not be apparent to the intruder (see Figure 2.1 ).
The purpose of deception, ultimately, is to enhance security,
so in the context of national infrastructure it can be used for
large-scale protection of assets. The reason why deception
works
is that it helps accomplish any or all of the following four
security
objectives:
● Attention —The attention of an adversary can be
diverted from
real assets toward bogus ones.
● Energy —The valuable time and energy of an adversary
can be
wasted on bogus targets.
2
76. 1 The Honeynet Project, Know Your Enemy: Revealing the
Security Tools, Tactics, and
Motives of the Blackhat Community , Addison–Wesley
Professional, New York, 2002.
(I highly recommend this amazing and original book.) See also
B. Cheswick and
S. Bellovin, Firewalls and Internet Security: Repelling the Wily
Hacker , 1st ed., Addison–
Wesley Professional, New York, 1994; C. Stoll, The Cuckoo’s
Egg: Tracking a Spy Through
the Maze of Computer Espionage , Pocket Books, New York,
2005.
32 Chapter 2 DECEPTION
● Uncertainty —Uncertainty can be created around the
veracity
of a discovered vulnerability.
● Analysis —A basis can be provided for real-time security
analy-
sis of adversary behavior.
The fact that deception diverts the attention of adversaries,
while also wasting their time and energy, should be familiar to
anyone who has ever used a honey pot on a network. As long as
the trap is set properly and the honey pot is suffi ciently
realistic,
adversaries might direct their time, attention, and energy toward
something that is useless from an attack perspective. They
might
even plant time bombs in trap functionality that they believe
will be of subsequent use in targeting real assets. Obviously, in
77. a
honey pot, this is not the case. This type of deception is a pow-
erful deterrent, because it defuses a cyber attack in a way that
could fool an adversary for an extended period of time.
The possibility that deception might create uncertainty
around the veracity of a discovered vulnerability has been
poorly explored to date. The idea here is that when an intruder
inevitably stumbles onto an exploitable hole it would be nice if
that intruder were led to believe that the hole might be a trap.
Thus, under the right circumstances, the intruder might actu-
ally choose to avoid exploitation of a vulnerability for fear that
it
has been intentionally planted. While this might seem diffi cult
to implement in many settings, the concept is powerful because
it allows security managers to defuse existing vulnerabilities
without even knowing about them . This is a signifi cant
enough
concept that it deserves repeating: The use of deception in com-
puting allows system security managers to reduce the risk of
vul-
nerabilities that they might not even know are present .
The fact that real-time analysis can be performed on a honey
pot is reasonably well known in the computing community
today.
Connected to
Real Assets
Connected to
Bogus Assets
Computing
79. Chapter 2 DECEPTION 33
Perhaps this is because it is a widely accepted best practice that
security administrators should try to observe the behavior of
intruders that have been detected. Most intrusion detection sys-
tems, for example, include threat management back-end systems
that are designed to support such an objective. In the best case,
the
forensic analysis gathered during deception is suffi ciently
detailed
to allow for identifi cation of the adversary and possibly even
pros-
ecution. In the most typical case, however, accurate traceability
to
the original human source of a problem is rarely accomplished.
Luckily, the success of deceptive traps is assisted by the fact
that intruders will almost always view designers and opera-
tors of national assets as being sloppy in their actions, defi cient
in their training, and incompetent in their knowledge. This
extremely negative opinion of the individuals running national
infrastructure is a core belief in virtually every hacking com-
munity in the world (and is arguably justifi ed in some environ-
ments). Ironically, this low expectation is an important element
that helps make stealth deception much more feasible, because
honey pots do not always have to mimic a perfectly managed
environment. Instead, adversaries can generally be led to fi nd a
system environment that is poorly administered, and they will
not bat an eyelash. This helps the deception designer.
The less well-understood case of openly advertised deception
relies on the adversary believing that designers and operators of
national assets are competent enough to plant a believable trap
into
a national asset. This view represents a hurdle, because the
hacking