Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!Dreamforce
You've chosen Salesforce (Force.com and Heroku) as your development platform for rapid app dev and innovation. But technology will only get you halfway there. Hear from the IT leaders at Eli Lilly on how they architected their teams, their orgs, and their process to deliver rapid innovation to their entire enterprise. Watch the video now: https://www.youtube.com/watch?v=puB_YyvcTRE
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxbudbarber38650
GLOBAL ASSET, INC. (GAI)
Global Asset, Inc. (GAI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GAI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GAI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GAI
was only recently profiled in Fortune Magazine.
The executive management team of GAI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GAI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GAI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to rely.
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...ReidCarlberg
Yes, the IoT is upon us. But what do we need to do to make it come to life? I've attended three big events recently. I share what I learned and I offer three //todos. First presented at M2M Evolution in Miami, January 30, 2014
How a Salesforce CI/CD Suite Positions You as a LeaderAutoRABIT
A Salesforce CI/CD suite is an important aspect of a fully optimized DevOps pipeline which supports your company as an emerging leader in your industry.
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!Dreamforce
You've chosen Salesforce (Force.com and Heroku) as your development platform for rapid app dev and innovation. But technology will only get you halfway there. Hear from the IT leaders at Eli Lilly on how they architected their teams, their orgs, and their process to deliver rapid innovation to their entire enterprise. Watch the video now: https://www.youtube.com/watch?v=puB_YyvcTRE
GLOBAL ASSET, INC. (GAI) Global Asset, Inc. (GAI) is a fin.docxbudbarber38650
GLOBAL ASSET, INC. (GAI)
Global Asset, Inc. (GAI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GAI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GAI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GAI
was only recently profiled in Fortune Magazine.
The executive management team of GAI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GAI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GAI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to rely.
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...ReidCarlberg
Yes, the IoT is upon us. But what do we need to do to make it come to life? I've attended three big events recently. I share what I learned and I offer three //todos. First presented at M2M Evolution in Miami, January 30, 2014
How a Salesforce CI/CD Suite Positions You as a LeaderAutoRABIT
A Salesforce CI/CD suite is an important aspect of a fully optimized DevOps pipeline which supports your company as an emerging leader in your industry.
What's new at Elastic: Update on major initiatives and releasesElasticsearch
The first technical talk of the event will highlight the latest releases at Elastic with specific insight into how those changes impact public sector projects. See the inside view of the most important capabilities and hear predictions on the developments that will be most applicable in our industry.
Information technology lays out its strategies for using technology and infrastructure to help the company reach its goals. Plans are consistent with available means. There are also a number of novel ideas presented that might be included into the strategy to further improve the outcome. The PMCASPL IT department will aid the company's growth by offering a wide range of IT services such as evaluating data from various units and drawing conclusions on how to proceed with business. IT-employee policy, AI/ML integration, blockchain in AQMS, website/app development (Android/iOS), social media account management (technical side), ERP/ERP enterprise resource planning, cyber security, server system, IT communication, networking setup and management, hardware support, software support, cloud service, and backup system are all within the purview of the IT department. As a result, the IT department will offer technical assistance and creative ideas that add value to the company, allowing it to better carry out its commercial operations.
Focus your efforts, achieve results and scale your technology with Intacct
You work for a fast-growing company. As a finance professional, you hoped for rapid adoption of your product—and the increased revenue that accompanies it—but your growth is beginning to outpace your finance team’s capabilities.
Enter cloud accounting.
Cloud-based accounting solutions offer numerous tools to businesses in your situation, providing multiple modules to handle everything from GL to multi-currency transactions. They offer the flexibility to customize the solution to work the way you do, and the capability to integrate with nearly any outside software package. These cloud solutions can be especially effective for fast-growing technology companies.
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxbudbarber38650
GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GFI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GFI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GFI
was only recently profiled in Fortune Magazine.
The executive management team of GFI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GFI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to .
Maximizing ROI with Legacy Application MigrationMindfire LLC
A legacy application is a framework or system that is primarily old-fashioned or obsolete. These are frameworks, systems, or equipment that keeps being utilized regardless of their outmoded build. Usually, they’re on-premises applications or frameworks that organizations have been using and have used for a very long time. They usually include applications that run on old languages like COBOL or old operating systems. They can include anything from CRM tools to custom and industry-explicit applications.
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
Businesses involved in mergers and acquisitions must exercise due diligence in ensuring that the technology environment of the future organization is robust and adequately protects their information assets and intellectual property.. Such an effort requires time and open sharing to understand the physical locations, computing environment, and any gaps to address. Lack of information sharing can lead to a problematic systems integration and hamper the building of a cohesive enterprise security posture for the merged organization.
Often the urgency of companies undergoing a merger and acquisition (M&A) impedes comprehensive due diligence, especially in cybersecurity. This creates greater challenges for the cybersecurity engineering architect, who typically leads the cybersecurity assessment effort and creates the roadmap for the new enterprise security solution for the future organization. However, the business interest and urgency in completing the merger can also represent an opportunity for CISOs to leverage additional resources and executive attention on strategic security matters.
In this project, you will create a report on system security issues during an M&A. The details of your report, which will also include an executive briefing and summary, can be found in the final step of the project.
There are nine steps to the project. The project as a whole should take two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Deliverable
Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind:
Are companies going through an M&A prone to more attacks or more focused attacks?
If so, what is the appropriate course of action?
Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
How would you identify the differences?
How would you learn about the relevant laws and regulations?
How would .
In the last past months we at RockeTier were working with several large organizations in three aspects: 1) boosting existing software performance (lean projects); 2) design new systems which are capable process billions of events per day based on commodity hardware and software and 3) establishing processes in large organization that support the life cycle of performance from event management, problem management to establishing a continues performance boosting to the organization systems from RFI to production. This presentation was presented to a large telecommunication industry company. This company is considering implementing a 360 degrees performance boosting project along its main product lines.
Bullzeye is a discount retailer offering a wide range of products,.docxCruzIbarra161
Bullzeye is a discount retailer offering a wide range of products, including: home goods, clothing, toys, and food. The company is a regional retailer with 10 brick-and-mortar stores as well as a popular online store. Due to the recent credit card data breaches of various prominent national retail companies (e.g., Target, Home Depot, Staples), the Bullzeye Board of Directors has taken particular interest in information security, especially as it pertains to the protection of credit cardholder data within the Bullzeye environment. The Board has asked executive management to evaluate and strengthen the enterprise’s information security infrastructure, where needed.
In order to respond to the Board regarding their preparedness for a cyber-security attack, the Chief Financial Officer (CFO) has engaged your IT consulting firm to identify the inherent risks and recommend control remediation strategies to prevent or to detect and appropriately respond to data breaches. Your firm has been requested to liaison with the Internal Audit Department during the engagement. Your first step is to gain an understanding of Bullzeye’s IT environment. The Chief Audit Executive (CAE) schedules a meeting with key Bullzeye leadership personnel, including the CFO, Chief Information Officer (CIO), and Chief Information Security Officer (CISO).
The following key information was obtained.
Background
IT Security Framework/Policy -
Bullzeye has an information security policy, which was developed by the CISO. The policy was developed in response to an internal audit conducted by an external firm hired by the CAE. The policy is not based on one specific IT control framework but considers elements contained within several frameworks. An information security committee has been recently formed to discuss new security risks and to develop mitigation strategies.
The meeting will be held monthly and include the CISO and other key IT Directors reporting to the CIO.
In addition, a training program was implemented last year in order to provide education on various information security topics (e.g., social engineering, malware, etc.). The program requires that all staff within the IT department complete an annual information security training webinar and corresponding quiz. The training program is complemented by a monthly e-mail sent to IT staff, which highlights relevant information security topics.
General IT Environment -
Most employees in the corporate office are assigned a standard desktop computer, although certain management personnel in the corporate and retail locations are issued a laptop if they can demonstrate their need to work remotely. The laptops are given a standard Microsoft Windows operating system image, which includes anti-malware/anti-virus software and patch update software among others. In addition, new laptops are now encrypted; however, desktops and existing laptops are not currently encrypted due to budget concerns. The user provisioning.
This document brings together a set of latest data points and publicly available information relevant for Platforms & Applications Industry. We are very excited to share this content and believe that readers will benefit from this periodic publication immensely.
Coding NotesImproving Diagnosis By Jacquie zegan, CCS, w.docxmary772
Coding Notes
Improving
Diagnosis
By Jacquie zegan, CCS, wC
Specificity in ICD-IO Coding
VALID ICD-IO-CM/PCS (ICD-IO) codes have been required for claims reporting since October 1, 2015. But ICD-IO diagnosis coding to the correct level of specificity—a more recent requirement—continues to be a problem for many in the healthcare industry. While diagnosis code specificity has always been the goal, providers were granted a reprieve in order to facilitate implementation of ICD-IO. For the first 12 months of ICD-IO use, the Centers for Medicare and Medicaid Services (CMS) promised that Medicare review contractors would not deny claims "based solely on the specificity of the ICD-IO diagnosis code as long as the physician/practitioner used a valid code from the right family."l Commonly referred to as the "grace period," this flexibility was intended to help providers implement the ICD-IO-CM code set and was never intended to continue on in perpetuity. In fact, this CMS-granted grace period expired on October 1, 2016.2
Unfortunately, nonspecific documentation and coding persists. This is an ongoing problem, even though the official guidelines for coding and reporting require coding to the highest degree of specificity. Third-party payers are making payment determinations based on the specificity of reported codes, and payment reform efforts are formulating policies based on coded data. The significance of overreporting unspecified diagnosis codes cannot be understated. In the short term, it will increase claim denials, and in the long term it may adversely impact emerging payment models.3•4 Calculating and monitoring unspecified diagnosis code rates is critical to successfully leverage specificity
44/Journal of AHIMA April 18
in the ICD-IO-CM code set.
An ICD-IO-CM code is considered unspecified if either of the terms "unspecified" or "NOS" are used in the code description. The unspecified diagnosis code rate is calculated by dividing the number of unspecified diagnosis codes by the total number of diagnosis codes assigned. Health information management (HIM) professionals should be tracking and trending unspecified diagnosis code rates across the continuum of care.5
Acceptable use of Unspecified Diagnosis Codes Unspecified diagnosis codes have acceptable, even necessary, uses. The unspecified code rate is not an error rate, but rather an indicator of the quality of clinical documentation and a qualitative measure of coder performance and coding results. Even CMS explicitly recognizes that unspecified codes are sometimes necessary. "When sufficient clinical information is not known or available about a particular health condition to assign a more specific code, it is acceptable to report the appropriate unspecified code."6 It's also important that coding professionals use good judgment to avoid unnecessary queries for clarification of unspecified diagnoses. The official coding guidelines provide explicit guidance for appropriate uses of unspec.
CNL-521 Topic 3 Vargas Case StudyBob and Elizabeth arrive.docxmary772
CNL-521 Topic 3: Vargas Case Study
Bob and Elizabeth arrive together for the third session. As planned, you remind the couple that the goal of today’s session is to gather information about their families of origin. Bob begins by telling you about his older sister, Katie, who is 36 and lives nearby with her three children. Katie’s husband, Steve, died suddenly last year at the age of 40 when the car he was driving hit a block wall. Elizabeth speculates that Steve was intoxicated at the time, but Bob vehemently denies this allegation. He warns Elizabeth to “never again” suggest alcohol was involved. You note Bob’s strong response and learn that his own biological father, whom his mother divorced when Bob was 3 and Katie was 5, had been an alcoholic. When asked about his father, Bob says, “His name is Tim, and I haven’t seen him since the divorce.” Bob shares that he only remembers frequently hiding under the bed with Katie to stay safe from his violent rages. He adds that 5 years after the divorce, his mother, Linda, married Noel who has been “the only dad I’ve ever known.” He insists that his sister married “a devout Christian who never touched alcohol” and attributed the 3:00 a.m. tragedy to fatigue. He adds that a few days before the accident, Katie had complained to him that her husband had been working many late nights and “just wasn’t himself.” Bob speaks fondly of his sister and confirms that they have always been “very close.”
From Elizabeth, who is 31 years old, you learn that she was adopted by her parents, Rita and Gary, who were in their late 40s at the time. They were first generation immigrants who had no family in the United States. Their biological daughter, Susan, had died 10 years earlier after Rita accidentally ran over the 5 year old while backing out of the driveway. Elizabeth surmises that her mother never fully recovered from this traumatic incident and remained distant and withdrawn throughout Elizabeth’s life. Elizabeth describes her father, Gary, as “a hard worker, smart, and always serious.” She shares that most of her family memories were of times spent with her dad in his study, surrounded by books. She states, “He could find the answer to all of my questions in one his many books.” Elizabeth describes herself as the “quiet, bookish type” and attributes her love for books to her father. Like her father in his study, Elizabeth remembers spending most of her adolescence alone in her room, reading, so she would not upset her mother. Looking back, Elizabeth tells you she recognizes her mother’s struggle with depression, “but as a kid, I thought it was me.”
You comment on the vastly different childhood experiences and normalize the potential for relationship challenges under these circumstances. Acknowledging the differences, Elizabeth remarks that Bob’s relationship with his family was one of the things that she was attracted to early in their relationship. Bob agrees with her and comments that Katie and Elizabeth.
More Related Content
Similar to Code Galore Caselet Using COBIT® 5 for Information Security.docx
What's new at Elastic: Update on major initiatives and releasesElasticsearch
The first technical talk of the event will highlight the latest releases at Elastic with specific insight into how those changes impact public sector projects. See the inside view of the most important capabilities and hear predictions on the developments that will be most applicable in our industry.
Information technology lays out its strategies for using technology and infrastructure to help the company reach its goals. Plans are consistent with available means. There are also a number of novel ideas presented that might be included into the strategy to further improve the outcome. The PMCASPL IT department will aid the company's growth by offering a wide range of IT services such as evaluating data from various units and drawing conclusions on how to proceed with business. IT-employee policy, AI/ML integration, blockchain in AQMS, website/app development (Android/iOS), social media account management (technical side), ERP/ERP enterprise resource planning, cyber security, server system, IT communication, networking setup and management, hardware support, software support, cloud service, and backup system are all within the purview of the IT department. As a result, the IT department will offer technical assistance and creative ideas that add value to the company, allowing it to better carry out its commercial operations.
Focus your efforts, achieve results and scale your technology with Intacct
You work for a fast-growing company. As a finance professional, you hoped for rapid adoption of your product—and the increased revenue that accompanies it—but your growth is beginning to outpace your finance team’s capabilities.
Enter cloud accounting.
Cloud-based accounting solutions offer numerous tools to businesses in your situation, providing multiple modules to handle everything from GL to multi-currency transactions. They offer the flexibility to customize the solution to work the way you do, and the capability to integrate with nearly any outside software package. These cloud solutions can be especially effective for fast-growing technology companies.
GLOBAL FINANCE, INC. (GFI) Global Finance, Inc. (GFI) is a.docxbudbarber38650
GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GFI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GFI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GFI
was only recently profiled in Fortune Magazine.
The executive management team of GFI:
CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GFI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
th
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to .
Maximizing ROI with Legacy Application MigrationMindfire LLC
A legacy application is a framework or system that is primarily old-fashioned or obsolete. These are frameworks, systems, or equipment that keeps being utilized regardless of their outmoded build. Usually, they’re on-premises applications or frameworks that organizations have been using and have used for a very long time. They usually include applications that run on old languages like COBOL or old operating systems. They can include anything from CRM tools to custom and industry-explicit applications.
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
Businesses involved in mergers and acquisitions must exercise due diligence in ensuring that the technology environment of the future organization is robust and adequately protects their information assets and intellectual property.. Such an effort requires time and open sharing to understand the physical locations, computing environment, and any gaps to address. Lack of information sharing can lead to a problematic systems integration and hamper the building of a cohesive enterprise security posture for the merged organization.
Often the urgency of companies undergoing a merger and acquisition (M&A) impedes comprehensive due diligence, especially in cybersecurity. This creates greater challenges for the cybersecurity engineering architect, who typically leads the cybersecurity assessment effort and creates the roadmap for the new enterprise security solution for the future organization. However, the business interest and urgency in completing the merger can also represent an opportunity for CISOs to leverage additional resources and executive attention on strategic security matters.
In this project, you will create a report on system security issues during an M&A. The details of your report, which will also include an executive briefing and summary, can be found in the final step of the project.
There are nine steps to the project. The project as a whole should take two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Deliverable
Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind:
Are companies going through an M&A prone to more attacks or more focused attacks?
If so, what is the appropriate course of action?
Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
How would you identify the differences?
How would you learn about the relevant laws and regulations?
How would .
In the last past months we at RockeTier were working with several large organizations in three aspects: 1) boosting existing software performance (lean projects); 2) design new systems which are capable process billions of events per day based on commodity hardware and software and 3) establishing processes in large organization that support the life cycle of performance from event management, problem management to establishing a continues performance boosting to the organization systems from RFI to production. This presentation was presented to a large telecommunication industry company. This company is considering implementing a 360 degrees performance boosting project along its main product lines.
Bullzeye is a discount retailer offering a wide range of products,.docxCruzIbarra161
Bullzeye is a discount retailer offering a wide range of products, including: home goods, clothing, toys, and food. The company is a regional retailer with 10 brick-and-mortar stores as well as a popular online store. Due to the recent credit card data breaches of various prominent national retail companies (e.g., Target, Home Depot, Staples), the Bullzeye Board of Directors has taken particular interest in information security, especially as it pertains to the protection of credit cardholder data within the Bullzeye environment. The Board has asked executive management to evaluate and strengthen the enterprise’s information security infrastructure, where needed.
In order to respond to the Board regarding their preparedness for a cyber-security attack, the Chief Financial Officer (CFO) has engaged your IT consulting firm to identify the inherent risks and recommend control remediation strategies to prevent or to detect and appropriately respond to data breaches. Your firm has been requested to liaison with the Internal Audit Department during the engagement. Your first step is to gain an understanding of Bullzeye’s IT environment. The Chief Audit Executive (CAE) schedules a meeting with key Bullzeye leadership personnel, including the CFO, Chief Information Officer (CIO), and Chief Information Security Officer (CISO).
The following key information was obtained.
Background
IT Security Framework/Policy -
Bullzeye has an information security policy, which was developed by the CISO. The policy was developed in response to an internal audit conducted by an external firm hired by the CAE. The policy is not based on one specific IT control framework but considers elements contained within several frameworks. An information security committee has been recently formed to discuss new security risks and to develop mitigation strategies.
The meeting will be held monthly and include the CISO and other key IT Directors reporting to the CIO.
In addition, a training program was implemented last year in order to provide education on various information security topics (e.g., social engineering, malware, etc.). The program requires that all staff within the IT department complete an annual information security training webinar and corresponding quiz. The training program is complemented by a monthly e-mail sent to IT staff, which highlights relevant information security topics.
General IT Environment -
Most employees in the corporate office are assigned a standard desktop computer, although certain management personnel in the corporate and retail locations are issued a laptop if they can demonstrate their need to work remotely. The laptops are given a standard Microsoft Windows operating system image, which includes anti-malware/anti-virus software and patch update software among others. In addition, new laptops are now encrypted; however, desktops and existing laptops are not currently encrypted due to budget concerns. The user provisioning.
This document brings together a set of latest data points and publicly available information relevant for Platforms & Applications Industry. We are very excited to share this content and believe that readers will benefit from this periodic publication immensely.
Similar to Code Galore Caselet Using COBIT® 5 for Information Security.docx (20)
Coding NotesImproving Diagnosis By Jacquie zegan, CCS, w.docxmary772
Coding Notes
Improving
Diagnosis
By Jacquie zegan, CCS, wC
Specificity in ICD-IO Coding
VALID ICD-IO-CM/PCS (ICD-IO) codes have been required for claims reporting since October 1, 2015. But ICD-IO diagnosis coding to the correct level of specificity—a more recent requirement—continues to be a problem for many in the healthcare industry. While diagnosis code specificity has always been the goal, providers were granted a reprieve in order to facilitate implementation of ICD-IO. For the first 12 months of ICD-IO use, the Centers for Medicare and Medicaid Services (CMS) promised that Medicare review contractors would not deny claims "based solely on the specificity of the ICD-IO diagnosis code as long as the physician/practitioner used a valid code from the right family."l Commonly referred to as the "grace period," this flexibility was intended to help providers implement the ICD-IO-CM code set and was never intended to continue on in perpetuity. In fact, this CMS-granted grace period expired on October 1, 2016.2
Unfortunately, nonspecific documentation and coding persists. This is an ongoing problem, even though the official guidelines for coding and reporting require coding to the highest degree of specificity. Third-party payers are making payment determinations based on the specificity of reported codes, and payment reform efforts are formulating policies based on coded data. The significance of overreporting unspecified diagnosis codes cannot be understated. In the short term, it will increase claim denials, and in the long term it may adversely impact emerging payment models.3•4 Calculating and monitoring unspecified diagnosis code rates is critical to successfully leverage specificity
44/Journal of AHIMA April 18
in the ICD-IO-CM code set.
An ICD-IO-CM code is considered unspecified if either of the terms "unspecified" or "NOS" are used in the code description. The unspecified diagnosis code rate is calculated by dividing the number of unspecified diagnosis codes by the total number of diagnosis codes assigned. Health information management (HIM) professionals should be tracking and trending unspecified diagnosis code rates across the continuum of care.5
Acceptable use of Unspecified Diagnosis Codes Unspecified diagnosis codes have acceptable, even necessary, uses. The unspecified code rate is not an error rate, but rather an indicator of the quality of clinical documentation and a qualitative measure of coder performance and coding results. Even CMS explicitly recognizes that unspecified codes are sometimes necessary. "When sufficient clinical information is not known or available about a particular health condition to assign a more specific code, it is acceptable to report the appropriate unspecified code."6 It's also important that coding professionals use good judgment to avoid unnecessary queries for clarification of unspecified diagnoses. The official coding guidelines provide explicit guidance for appropriate uses of unspec.
CNL-521 Topic 3 Vargas Case StudyBob and Elizabeth arrive.docxmary772
CNL-521 Topic 3: Vargas Case Study
Bob and Elizabeth arrive together for the third session. As planned, you remind the couple that the goal of today’s session is to gather information about their families of origin. Bob begins by telling you about his older sister, Katie, who is 36 and lives nearby with her three children. Katie’s husband, Steve, died suddenly last year at the age of 40 when the car he was driving hit a block wall. Elizabeth speculates that Steve was intoxicated at the time, but Bob vehemently denies this allegation. He warns Elizabeth to “never again” suggest alcohol was involved. You note Bob’s strong response and learn that his own biological father, whom his mother divorced when Bob was 3 and Katie was 5, had been an alcoholic. When asked about his father, Bob says, “His name is Tim, and I haven’t seen him since the divorce.” Bob shares that he only remembers frequently hiding under the bed with Katie to stay safe from his violent rages. He adds that 5 years after the divorce, his mother, Linda, married Noel who has been “the only dad I’ve ever known.” He insists that his sister married “a devout Christian who never touched alcohol” and attributed the 3:00 a.m. tragedy to fatigue. He adds that a few days before the accident, Katie had complained to him that her husband had been working many late nights and “just wasn’t himself.” Bob speaks fondly of his sister and confirms that they have always been “very close.”
From Elizabeth, who is 31 years old, you learn that she was adopted by her parents, Rita and Gary, who were in their late 40s at the time. They were first generation immigrants who had no family in the United States. Their biological daughter, Susan, had died 10 years earlier after Rita accidentally ran over the 5 year old while backing out of the driveway. Elizabeth surmises that her mother never fully recovered from this traumatic incident and remained distant and withdrawn throughout Elizabeth’s life. Elizabeth describes her father, Gary, as “a hard worker, smart, and always serious.” She shares that most of her family memories were of times spent with her dad in his study, surrounded by books. She states, “He could find the answer to all of my questions in one his many books.” Elizabeth describes herself as the “quiet, bookish type” and attributes her love for books to her father. Like her father in his study, Elizabeth remembers spending most of her adolescence alone in her room, reading, so she would not upset her mother. Looking back, Elizabeth tells you she recognizes her mother’s struggle with depression, “but as a kid, I thought it was me.”
You comment on the vastly different childhood experiences and normalize the potential for relationship challenges under these circumstances. Acknowledging the differences, Elizabeth remarks that Bob’s relationship with his family was one of the things that she was attracted to early in their relationship. Bob agrees with her and comments that Katie and Elizabeth.
Cognitive and Language Development Milestones Picture Book[WLO .docxmary772
Cognitive and Language Development Milestones Picture Book
[WLO: 1] [CLO: 1]
Prior to beginning work on this assignment,
Review Chapters 6, 7, and 9 of your text.
Review the cognition and language development milestones from the Centers for Disease Control and Prevention on the web page
Basic Information (Links to an external site.)
.
Identify one age-group that you will discuss:
Infancy: Birth to 12 months
Toddler: 1 to 3 years
Early childhood: 4 to 8 years
Review and download the
Cognitive and Language Development Milestones Picture Book Template.
The purpose of this assignment is to creatively demonstrate an understanding of developmental milestones as they pertain to cognition and language development.
Part 1:
Based on the required resources above, create a children’s picture book using
StoryJumper (Links to an external site.)
that tells a story about a child’s typical day. Your story must incorporate at least four cognitive and four language development milestones for the age-group you have selected. Your story can be about a fictional child or can be based on a real child. Watch the video,
StoryJumper Tutorial (Links to an external site.)
, for assistance in using StoryJumper.
To complete this assignment, you must
Create a children’s picture book using StoryJumper.
Identify at least four cognitive development milestones appropriate to the age-group selected.
Distinguish at least four language development milestones appropriate to the age-group selected.
Discuss a typical day appropriate to the age-group selected.
Part 2:
Open the
Cognitive and Language Development Milestones Picture Book Template
and complete the following items:
Provide the link to the StoryJumper picture book you created in Part 1.
Indicate which age-group your picture book will discuss.
List at least four cognitive development milestones that are included in your picture book.
List at least four language development milestones that are included in your picture book.
Submit your Word document to Waypoint.
The Cognitive and Language Development Milestones Picture Book:
Must be eight to 10 pages of text in length (not including title page, images, and references page) and formatted according to APA style as outlined in the Ashford Writing Center’s
APA Style (Links to an external site.)
Must include a separate title page with the following:
Title of picture book
Student’s name
Course name and number
Instructor’s name
Date submitted
Must document any information used from sources in APA style as outlined in the Ashford Writing Center’s
Citing Within Your Paper (Links to an external site.)
Must include a separate references page or slide that is formatted according to APA style as outlined in the Ashford Writing Center. See the
Formatting Your References List (Links to an external site.)
resource in the Ashford Writing Center for specifications.
CHAPTER 6 SUMMARY
Piaget’s Cognitive-Developmental Theory.
Codes of (un)dress and gender constructs from the Greek to t.docxmary772
Codes of (un)dress and gender constructs
from the Greek to the Roman world
he
By 6th c. BC: Greek male and female dress codes firmly established
Archaic kouros
and kore statues
demonstrate how
the body was
used in the
naturalization of
gender
constructs
The naked male
body in the
classical period:
the Doryphoros as
a heroic athlete-
warrior citizen
Male sexuality: conditions by the patriarchal ideology of
domination, it restricted sexual expression and freedom
in homosexual
relations
and heterosexual
relations
In the classical
period,
while the naked
male body was
idealized and
heroized,
the female naked
body was always
sexualized and
objectified.
Centauromachy (late 5th c.
Bassae): the Greek female is
defenseless and sexualized
(must be defended by Greek
men).
Gendered
nakedness in
mythological
scenes:
the Greek
male is
always
heroized
Amazonomachy (4th c.
Halikarnassos): the non-
Greek female is wild and
sexualized (must be
dominated by Greek men).
Aphrodite (Roman Venus): at first fully dressed
The gradual disrobing of Aphrodite in monumental statues, late 5th to
4th c. BC (Roman copies)
“Venus Genetrix”,
original late 5th c. BC
“Venus of Capua”,
original 4th c. BC
Aphrodite of Knidos,
original 4th c. BC
Late 5th c. onwards: minor goddesses were also represented sexualized in
statues, but only Aphrodite appeared entirely naked by the 4th c. BC.
Nike (Victory), late
5th c., Olympia.
Aphrodite of Knidos by
Praxiteles, 4th c. (Roman copy)
Aphrodite “Beautiful
Buttocks”, Roman
copy (Greek ca. 300).
Doryphoros and
Aphrodite of Knidos
(Knidia or Knidian
Aphrodite), Roman
copies.
What main
differences do you
observe?
Was her nakedness
really threatening to
patriarchy (Andrew
Stewart)?
Or, in what ways
was her nakedness
aligned with
patriarchal ideology?
Could she have been
empowering for
women?
The traditional visual
presence of a divine
statue at the far end of
a rectangular temple
was very different
(Olympian Zeus)
Aphrodite of Knidos was displayed in an unusual temple (round plan), so as to
be seen from all sides, like a beautiful object.
The original
Aphrodite of
Knidos is lost.
Numerous
Roman copies
of the Knidian
Aphrodite exist
(with variations
in details).
“Colonna
Venus” Vatican
Museums.
“Ludovisi
Venus”,
Palazzo
Altemps, Rome
(only the torso
is ancient, the
rest is 17th-c,
restoration.)
Capitoline Venus, Rome
Medici Venus, Florence
Variations on the
“Venus pudica” type,
Greek Hellenistic
originals, Roman
copies.
Are they more modest
or also more shamed?
Latin pudore: modesty,
chastity, shame.
Greek aidos: shame,
modesty
(aidion=vagina)
There is no male “pudicus”
type in Greco-Roman
sculpture.
These unequal gender
constructs are still around
today,
to the detriment of all of us!
There is no male
“pudicus” type in Greco-
Roman sculpture.
An effec.
Coding Assignment 3CSC 330 Advanced Data Structures, Spri.docxmary772
Coding Assignment 3
CSC 330: Advanced Data Structures, Spring 2019
Released Monday, April 15, 2019
Due on Canvas on Wednesday, May 1, at 11:59pm
Overview
In this assignment, you’ll implement another variant of a height-balancing tree known as a
splay tree. The assignment will also give you an opportunity to work with Java inheritance;
in particular, the base code that you’ll amend is structured so that your SplayTree class
extends from an abstract class called HeightBalancingTree, which gives a general template
for how a height-balancing tree should be defined.
As always, please carefully read the entire write-up before you begin coding your submission.
Splay Trees
As mentioned above, a splay tree is another example of a height-balancing tree — a binary
search tree that, upon either an insertion or deletion, modifies the tree through a sequence
of rotations in order to reduce the overall height of the tree.
However, splay trees differ from the other height-balancing trees we’ve seen (AVL trees,
red-black trees) in terms of the type of guarantees that they provide. In particular, recall
that both AVL trees and red-black trees maintain the property that after any insertion or
deletion, the height of the tree is O(log n), where n is the number of elements in the tree.
Splay trees unfortunately do not provide this (fairly strong) guarantee; namely, it is possible
for the height of a splay tree to become greater than O(log n) over a sequence of insertions
and deletions.
Instead, splay trees provide a slightly weaker (though still meaningful) guarantee known as
an amortized bound, which is essentially just a bound on the average time of a single opera-
tion over the course of several operations. In the context of splay trees, one can show that
over the course of, say, n insertions to build a tree with n elements, the average time of each
of these operations is O(log n) (but again, keeping in mind it is possible for any single one
of these operations to take much longer than this).
Showing this guarantee is beyond the scope of this course (although the details of the analy-
sis can be found in your textbook). Instead, in this assignment, we will just be in interested
1
r splay:
N
root
root
2
1
1
2
l splay:
N
1
2
rr splay:
N
N
N
ll splay:
rl splay:
1
2
N
lr splay:
Figure 1: Illustration of the six possible cases for on a given step of a splay operation.
in writing an implementation of a splay tree in Java that is structured using inheritance.
Splay Tree Insertions and Deletions
To insert or delete an element from the tree, splay trees use the same approach as the other
height-balancing trees we’ve discussed in class — first we insert/deletion an element using
standard BST procedures, and then perform a “height-fixing” procedure that rebalances the
tree. Thus, what distinguishes each of these height-balancing trees from one another is how
they define their height-fixing procedures.
To fix the tree after both inser.
CodeZipButtonDemo.javaCodeZipButtonDemo.java Demonstrate a p.docxmary772
CodeZip/ButtonDemo.javaCodeZip/ButtonDemo.java// Demonstrate a push button and handle action events.
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
publicclassButtonDemoimplementsActionListener{
JLabel jlab;
JTextField jtf;
ButtonDemo(){
// Create a new JFrame container.
JFrame jfrm =newJFrame("A Button Example");
// Specify FlowLayout for the layout manager.
jfrm.setLayout(newFlowLayout());
// Give the frame an initial size.
jfrm.setSize(220,90);
// Terminate the program when the user closes the application.
jfrm.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
// Make two buttons.
JButton jbtnUp =newJButton("Up");
JButton jbtnDown =newJButton("Down");
// Create a text field.
jtf =newJTextField(10);
// Add action listeners.
jbtnUp.addActionListener(this);
jbtnDown.addActionListener(this);
// Add the buttons to the content pane.
jfrm.add(jbtnUp);
jfrm.add(jbtnDown);
jfrm.add(jtf);
// Create a label.
jlab =newJLabel("Press a button.");
// Add the label to the frame.
jfrm.add(jlab);
// Display the frame.
jfrm.setVisible(true);
}
// Handle button events.
publicvoid actionPerformed(ActionEvent ae){
if(ae.getActionCommand().equals("Up")){
jlab.setText("You pressed Up.");
FileClock clock1=newFileClock(jtf);
Thread thread1=newThread(clock1);
thread1.start();
}
else
jlab.setText("You pressed down. ");
}
publicstaticvoid main(String args[]){
// Create the frame on the event dispatching thread.
SwingUtilities.invokeLater(newRunnable(){
publicvoid run(){
newButtonDemo();
}
});
}
}
CodeZip/CBDemo.javaCodeZip/CBDemo.java// Demonstrate check boxes.
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
publicclassCBDemoimplementsItemListener{
JLabel jlabSelected;
JLabel jlabChanged;
JCheckBox jcbAlpha;
JCheckBox jcbBeta;
JCheckBox jcbGamma;
CBDemo(){
// Create a new JFrame container.
JFrame jfrm =newJFrame("Demonstrate Check Boxes");
// Specify FlowLayout for the layout manager.
jfrm.setLayout(newFlowLayout());
// Give the frame an initial size.
jfrm.setSize(280,120);
// Terminate the program when the user closes the application.
jfrm.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
// Create empty labels.
jlabSelected =newJLabel("");
jlabChanged =newJLabel("");
// Make check boxes.
jcbAlpha =newJCheckBox("Alpha");
jcbBeta =newJCheckBox("Beta");
jcbGamma =newJCheckBox("Gamma");
// Events generated by the check boxes
// are handled in common by the itemStateChanged()
// method implemented by CBDemo.
jcbAlpha.addItemListener(this);
jcbBeta.addItemListener(this);
jcbGamma.addItemListener(this);
// Add checkboxes and labels to the content pane.
jfrm.add(jcbAlpha);
jfrm.add(jcbBeta);
jfrm.add(jcbGamma);
jfrm.add(jlabChanged);
jfrm.add(jlabSelected);
// Display the frame.
jfrm.setVisible(true);
}
// This is the handler for the check boxes..
CoevolutionOver the ages, many species have become irremediably .docxmary772
Coevolution
Over the ages, many species have become irremediably linked. Whether in the context of an arms race or cooperation to conquer new ecosystems, they have no choice but to evolve together . According to Paul Ehrlich and Peter Raven, who introduced the term in 1964, "Coevolution is the evolution of two or more entities caused by the action between these entities of reciprocal selective factors. Organizations must therefore influence each other (Thompson, 1989). Coevolution relates to this week’s theme by the how natural selection affects the ecosystem. The book compares coevolution to an ecological arm race (Bensel & Turk, 2014). One example is a case of bats as stated in the book and their use of echolocation to be able to find insects. One insect that tries to outsmart it is a tiger moth which blocks out and jam’s the bats signal with a high frequency clicks and the bat fly’s erratically to confuse the moth. This is important in adaptation and of evolution of any new biological species. There are two kinds of interactions that happen that can lead to competitive coevolution. One interactions is predation in which one organism kills another organism. The second one is parasitism in which one organism benefits by damaging but not killing another organism.
This term affects living things and the physical world because if we didn’t have the natural selection all our ecosystem who would be extinct including human beings. Many recent studies state that environmental changes have messed with the balance between interacting species and leading to their extinction. When we use the three models of coevolution such as competition, predation, mutualism in organizing and synthesizing ways to modify species interaction when there is climate change in favoring one species over another. Coevolution reduces the effects of climate change and leads to lowering chances in extinction. By getting an understanding of our nature of coevolution in how they interact with different species and our communities interact and respond to the changing climate.
We as human kind must take action and not let our natural system and ecosystem suffer because of our greed for economic growth (Cairns, 2007). We must also be careful of our matriac consumption and forget about ecological and sustainability ethics. (Cairns, 2007). Humans need to take action to better take care of our ecosystem and environment. Morowitz (1992) stated in this journal, “Sustained life is a property of an ecological system rather than a single organism or species.” There are no species that can exist without the ecological life support system even humans (Cairns, 2007). We need to put more effort in taking care of our environment by creating more organizations in getting our communities involved. In achieving sustainability they must guide through ecological and sustainability ethics. There are many challenges that will come but with achieving sustainable use of our planet our environment will .
Coding Component (50)Weve provided you with an implementation .docxmary772
Coding Component (50%)
We've provided you with an implementation of an unbalanced binary search tree. The tree implements an ordered dynamic set over a generic comparable type T. Supported operations include insertion, deletion, min, max, and testing whether a value is in the set (via the exists method). Because it's a set, duplicates are not allowed, and the insert operation will not insert a value if it is already present.
We have implemented the BST operations in a recursive style. For example, inserting a value into a tree recurses down the tree seeking the correct place to add a new leaf. Each recursive call returns the root of the subtree on which it was called, after making any modifications needed to the subtree to perform the insertion. Deletion is implemented similarly.
Your job is to add the functionality needed to keep the tree balanced using the AVL property. In particular, you will need to
· augment the tree to maintain the height of each of its subtrees, as discussed in Studio;
· compute the balance at the root of a subtree (which is the height of the root's left subtree minus that of its right subtree);
· implement the AVL rebalancing operation, along with the supporting rotation operations; and
· call the height maintenance and rebalancing operations at the appropriate times during insertion and deletion.
Code Outline
There are two main source code files you need to consider, both in the avl package:
· TreeNode.java implements a class TreeNode that represents a node of a binary search tree. It holds a value (the key of the node) along with child and parent pointers. It has a height data member that is currently not used for anything. You should not modify this file, but you need to understand its contents.
· AVLTree.java implements an ordered set as a binary search tree made out of TreeNode objects.
The AVLTree class provides an interface that includes element insertion and deletion, as well as an exists() method that tests whether a value is present in the set. It also offers min() and max() methods. These methods all work as given for (unbalanced) BSTs, using the algorithms we discussed in lecture.
To implement the AVL balancing method, you will need to fill in some missing code to maintain the height of each subtree and perform rebalancing. Look for the 'FIXME' tags in AVLTree.java to see which methods you must modify.
Height Maintenance
You'll need to set the height data member each time a new leaf is allocated in the tree. You can then maintain the height as part of insertion or deletion using the incremental updating strategy you worked out in Studio 10, Part C.
The update procedure updateHeight() takes in a node and updates its height using the heights of its two subtrees. It should run in constant time.
You'll need to call updateHeight() wherever it is needed – in insertion, deletion, and perhaps elsewhere.
Rebalancing
You must implement four methods as part of AVL rebalancing:
· getBalance() computes the balance fact.
Codes of Ethics Guides Not Prescriptions A set of rules and di.docxmary772
Codes of Ethics: Guides Not Prescriptions A set of rules and directives that would result in efficient and ethical professional practice would be something clearly welcomed by student and professional alike. However, as should be clear by now, such prescriptions or recipes for professional practice do not exist, nor does every client and every professional condition provide clear-cut avenues for progress. Professional practice is both complex and complicated. The issues presented are often confounded and conflicting. The process of making sense of the options available and engaging in the path that leads to effective, ethical practice cannot be preprogrammed but rather needs to be fluid, flexible, and responsive to the uniqueness of the client and the context of helping. The very dynamic and fluid nature of our work with clients prohibits the use of rigid, formulaic prescriptions or directions. Never is this so obvious as when first confronted with an ethical dilemma. Consider the subtle challenges to practice decisions presented in Case Illustration 7.1. The case reflects a decision regarding the release of information and the potential breach of confidentiality. The element confounding the decision, as you will see, is that the client was deceased and it was the executrix of the estate providing permission to release the information to a third party.
Case Illustration 7.1 Conditions for Maintaining Confidentiality While all clinicians have been schooled in the issue of confidentiality and the various conditions under which confidentiality must be breached (e.g., prevention of harm to self or another), the conditions of maintenance of confidentiality can be somewhat blurred when the material under consideration is that of a client who is now deceased. Consider the case of Dr. Martin Orne, MD, PhD. Dr. Orne was a psychotherapist who worked with Anne Sexton, a Pulitzer Prize winner. Following the death of Ms. Sexton, an author, Ms. Middlebrook, set out to write her biography. In doing her research, Ms. Middlebrook discovered that Dr. Orne had tape-recorded a number of sessions with Ms. Sexton in order to allow her to review the sessions, and he had not destroyed the tapes following her death. Ms. Middlebrook approached Linda Gray Sexton, the daughter of the client and the executrix of the estate, seeking permission to access these tapes of the confidential therapy sessions as an aid to her writing. The daughter granted permission for release of the therapeutic tapes. A number of questions could be raised around this case, including the ethics of tape-recording or the ethics of maintenance of the tapes following the death of the client. However, the most pressing issue involves the conditions under which confidentiality should be maintained. The challenge here is, should Dr. Orne release the tapes in response to the daughter’s granting of permission, or does his client have the right to confidentiality even beyond the grave? As noted, t.
Codecademy Monetizing a Movement 815-093 815-093 Codecademy.docxmary772
Codecademy: Monetizing a Movement? 815-093
815-093 Codecademy: Monetizing a Movement?
Codecademy: Monetizing a Movement? 815-093
9-815-093
RE V : OCT OB E R 1 4 , 2 0 1 5
JEFFREY J. BU SSGANG
LISA C. MA ZZANTI
Codecademy: Monetizing a Movement?
We’re a movement to make education more of a commodity. We’re not just a for-profit company. Our mission would get tainted if we charged consumers for content. We need to be authentic.
— Zach Sims, Cofounder and CEO
Zach Sims and Ryan Bubinski sat in the Codecademy headquarters, an exposed-brick fourth-floor office near Madison Square Park in New York City. In 2011, while in their early twenties, the two had founded Codecademy, an open-platform, online community to teach users to code. By 2014, they had a total of 24 million unique users and a library of over 100,000 lessons. The company had raised a total of $12.5 million in funding and was, on many fronts, an overwhelming success. However, there were still no revenues. The company’s website stated, “Codecademy is free and always will be.”1
The founders, along with the board, had decided that 2014 would be a year of experimentation with different monetization strategies. By June, the cofounders had preliminarily tested two monetization models. The first charged companies for training employees offline on coding skills, a service that the training departments of these companies paid an annual fee to receive. The second monetization model focused on a labor marketplace to match Codecademy users with jobs that corporations and recruiters were seeking to fill.
But 2014 had also been busy in other arenas for the 25-employee company. In April, the company launched a redesign of its website, because, as the Codecademy blog announced, “it quickly became apparent that if we wanted to grow and mature as a brand, we required a thorough redesign of our entire product.”2 The next month, the company announced that they were opening an office in London to work with the British education system and also had forged partnerships with foundations and government bodies in Estonia, Argentina, and France.
As Sims and Bubinski huddled in their glass-walled conference room, they tried to focus on the task at hand—to narrow down their ideas and eventually decide on a viable business model. The two reviewed early results from both experiments to prepare for the upcoming board meeting where they planned to present their findings and propose next steps. The employee-training experiments had yielded promising initial results but would require hiring a sales force, offline instructors, and some content customization to scale. The labor marketplace model promised less friction in scaling but represented a more crowded market opportunity.
Senior Lecturer Jeffrey J. Bussgang and Case Researcher Lisa C. Mazzanti (Case Research & Writing Group) prepared this case. It was reviewed and approved before publication by a company designate. Funding for the develo.
Code switching involves using 1 language or nonstandard versions of .docxmary772
Code switching involves using 1 language or nonstandard versions of a language instead of another language due to setting, conversational partner, topic, and other factors.
Respond to the following in a minimum of 175 words:
When was a time that you engaged in code switching?
Why did you engage in code switching?
What were the potential benefits and potential consequences of code switching in that scenario?
What was the result of your actions?
.
Code of Ethics for the Nutrition and Dietetics Pr.docxmary772
Code of Ethics
for the Nutrition and Dietetics Profession
Effective Date: June 1, 2018
Preamble:
When providing services the nutrition and dietetics practitioner adheres to the core values of customer focus,
integrity, innovation, social responsibility, and diversity. Science-based decisions, derived from the best available research
and evidence, are the underpinnings of ethical conduct and practice.
This Code applies to nutrition and dietetics practitioners who act in a wide variety of capacities, provides general
principles and specific ethical standards for situations frequently encountered in daily practice. The primary goal is the
protection of the individuals, groups, organizations, communities, or populations with whom the practitioner works and
interacts.
The nutrition and dietetics practitioner supports and promotes high standards of professional practice, accepting
the obligation to protect clients, the public and the profession; upholds the Academy of Nutrition and Dietetics (Academy)
and its credentialing agency the Commission on Dietetic Registration (CDR) Code of Ethics for the Nutrition and Dietetics
Profession; and shall report perceived violations of the Code through established processes.
The Academy/CDR Code of Ethics for the Nutrition and Dietetics Profession establishes the principles and ethical
standards that underlie the nutrition and dietetics practitioner’s roles and conduct. All individuals to whom the Code
applies are referred to as “nutrition and dietetics practitioners”. By accepting membership in the Academy and/or accepting
and maintaining CDR credentials, all nutrition and dietetics practitioners agree to abide by the Code.
Principles and Standards:
1. Competence and professional development in practice (Non-maleficence)
Nutrition and dietetics practitioners shall:
a. Practice using an evidence-based approach within areas of competence, continuously develop and enhance
expertise, and recognize limitations.
b. Demonstrate in depth scientific knowledge of food, human nutrition and behavior.
c. Assess the validity and applicability of scientific evidence without personal bias.
d. Interpret, apply, participate in and/or generate research to enhance practice, innovation, and discovery.
e. Make evidence-based practice decisions, taking into account the unique values and circumstances of the
patient/client and community, in combination with the practitioner’s expertise and judgment.
f. Recognize and exercise professional judgment within the limits of individual qualifications and collaborate
with others, seek counsel, and make referrals as appropriate.
g. Act in a caring and respectful manner, mindful of individual differences, cultural, and ethnic diversity.
h. Practice within the limits of their scope and collaborate with the inter-professional team.
2. Integrity in personal and organizational behaviors and practices (Autonomy)
N.
Code of Ethics for Engineers 4. Engineers shall act .docxmary772
Code of Ethics for Engineers
4. Engineers shall act for each employer or client as faithful agents or
trustees.
a. Engineers shall disclose all known or potential conflicts of interest
that could influence or appear to influence their judgment or the
quality of their services.
b. Engineers shall not accept compensation, financial or otherwise,
from more than one party for services on the same project, or for
services pertaining to the same project, unless the circumstances are
fully disclosed and agreed to by all interested parties.
c. Engineers shall not solicit or accept financial or other valuable
consideration, directly or indirectly, from outside agents in
connection with the work for which they are responsible.
d. Engineers in public service as members, advisors, or employees
of a governmental or quasi-governmental body or department shall
not participate in decisions with respect to services solicited or
provided by them or their organizations in private or public
engineering practice.
e. Engineers shall not solicit or accept a contract from a governmental
body on which a principal or officer of their organization serves as
a member.
5. Engineers shall avoid deceptive acts.
a. Engineers shall not falsify their qualifications or permit
misrepresentation of their or their associates’ qualifications. They
shall not misrepresent or exaggerate their responsibility in or for the
subject matter of prior assignments. Brochures or other
presentations incident to the solicitation of employment shall not
misrepresent pertinent facts concerning employers, employees,
associates, joint venturers, or past accomplishments.
b. Engineers shall not offer, give, solicit, or receive, either directly or
indirectly, any contribution to influence the award of a contract by
public authority, or which may be reasonably construed by the
public as having the effect or intent of influencing the awarding of a
contract. They shall not offer any gift or other valuable
consideration in order to secure work. They shall not pay a
commission, percentage, or brokerage fee in order to secure work,
except to a bona fide employee or bona fide established commercial
or marketing agencies retained by them.
III. Professional Obligations
1. Engineers shall be guided in all their relations by the highest standards
of honesty and integrity.
a. Engineers shall acknowledge their errors and shall not distort or
alter the facts.
b. Engineers shall advise their clients or employers when they believe
a project will not be successful.
c. Engineers shall not accept outside employment to the detriment of
their regular work or interest. Before accepting any outside
engineering employment, they will notify their employers.
d. Engineers shall not attempt to attract an engineer from another
employer by false or misleading pretenses.
e. Engineers shall not promote their own interest at the expense of the
dignity and integr.
Coder Name: Rebecca Oquendo
Coding Categories:
Episode
Aggressive Behavior
Neutral Behavior
Virtuous Behavior
Aggressive Gaming
Neutral Gaming
Virtuous Gaming
An older peer began using slurs or derogatory language
An older peer suggested that the team should cheat
The child witnessed an older peer intentionally leave out another player
An older player suggested that they play a different game
The child lost the game with older players on their team
The child witnessed an older player curse every time a mistake was made
Index:
· In this case aggressive behavior would constitute as mimicking older members undesired behaviors or becoming especially angry or agitated in game. A neutral behavior would be playing as they usually would not mimicking older player’s behaviors or trying to fit in to their more aggressive styles. A virtuous behavior would be steering the game away from aggression, voicing an opinion about the excessive aggression, or finding a way to express their gaming experience in a positive way. The same can be applied for the similar categories in “gaming”.
· Each category can be scaled from 1-7 in which way the child’s dialogue tended to be behavior and gaming wise with a 1 indicating little to no effort in that direction and a 7 indicating extreme effort in that category.
1. What are the different types of attributes? Provide examples of each attribute.
2. Describe the components of a decision tree. Give an example problem and provide an example of each component in your decision making tree
3. Conduct research over the Internet and find an article on data mining. The article has to be less than 5 years old. Summarize the article in your own words. Make sure that you use APA formatting for this assignment.
Questions from attached files
1. Obtain one of the data sets available at the UCI Machine Learning Repository and apply as many of the different visualization techniques described in the chapter as possible. The bibliographic notes and book Web site provide pointers to visualization software.
2. Identify at least two advantages and two disadvantages of using color to visually represent information.
3. What are the arrangement issues that arise with respect to three-dimensional plots?
4. Discuss the advantages and disadvantages of using sampling to reduce the number of data objects that need to be displayed. Would simple random sampling (without replacement) be a good approach to sampling? Why or why not?
5. Describe how you would create visualizations to display information that describes the following types of systems.
a) Computer networks. Be sure to include both the static aspects of the network, such as connectivity, and the dynamic aspects, such as traffic.
b) The distribution of specific plant and animal species around the world fora specific moment in time.
c) The use of computer resources, such as processor time, main me.
Codes of Ethical Conduct A Bottom-Up ApproachRonald Paul .docxmary772
Codes of Ethical Conduct: A Bottom-Up Approach
Ronald Paul Hill • Justine M. Rapp
Received: 18 January 2013 / Accepted: 12 December 2013 / Published online: 1 January 2014
� Springer Science+Business Media Dordrecht 2013
Abstract Developing and implementing a meaningful
code of conduct by managers or consultants may require a
change in orientation that modifies the way these precepts
are determined. The position advocated herein is for a
different approach to understanding and organizing the
guiding parameters of the firm that requires individual
reflection and empowerment of the entire organization to
advance their shared values. The processes involved are
discussed using four discrete stages that move from the
personal to the work team and to the unit to the full
company, followed by the board of directors’ evaluation.
The hoped-for end product is dynamic, employee-driven,
codes of conduct that recognize the systemic and far-
reaching impact of organizational activities across internal
and external stakeholders. Operational details for and some
issues associated with its implementation are also provided.
Keywords Code of conduct � Employee-driven
approaches � Bottom-up development
Corporation, Be Good! Frederick (2006)
That managers and employees are capable of both ethical
and unethical behaviors due to individual and internal
corporate culture factors cannot be denied (Ashforth and
Anand 2003; Treviño and Weaver 2003; Treviño et al.
2006). Over the last decade, as diverse organizational
stakeholders began exerting more pressure on firms to
eliminate unethical conduct, the field of management has
witnessed a proliferation of research on ethics and ethical
behavior in organizations (Elango et al. 2010; Gopala-
krishnan et al. 2008; O’Fallon and Butterfield 2005; Tre-
viño et al. 2006).
However, recent ethical failures, as well as continuous
ethical challenges that organizations face, have led scholars
to conclude that predicting ethical dilemmas is difficult a
priori: ‘‘It is only, when we look back on our conduct over
the long run that we may find ourselves guilty of moral
laxity’’ (Geva 2006, p. 138). What underlies this particular
situation is the inability of organizational elites to monitor
and implement initiatives within today’s complex business
entities (Martin and Eisenhardt 2010; Uhl-Bien et al.
2007). Accordingly, more dynamic approaches to business
ethics is needed, one that spans ‘‘both the individual and
organizational levels’’ of concern (Gopalakrishnan et al.
2008, p. 757).
As a consequence and in reaction to neoclassical eco-
nomics, managers and their employees are expected to go
beyond dictates imposed by the law and marketplace to
fulfill larger responsibilities (Stark 1993). This expectation
is accomplished through adoption of a stakeholder per-
spective that is infused with empathy for people, groups,
and communities that may be impacted by the actions of
business.
Code#RE00200012002020MN2DGHEType of Service.docxmary772
Code#RE00200012002020MN2DGHE
*****************
Type of Service
Presentation task- Attack Vector
Solution
s Step 14: Submit the Presentation
Project Title/Subject
Attack Vector
.
CODE OF ETHICSReview the following case study and address the qu.docxmary772
CODE OF ETHICS
Review the following case study and address the questions that follow:
General Hospital’s staff aggregated its infection rate data for comparison purposes with four other hospitals in the community. The staff members were aware that the data was flawed. They presented a false perception that General Hospital’s postoperative infection rates were lower than those of peer hospitals. The comparison data was published in the local newspaper. The Jones family, believing the data to be correct and concerned about the number of deaths related to hospital-acquired infections, relied on the data in selecting General Hospital as their preferred hospital.
Tasks:
Describe how organizational and professional codes of ethics were violated in this case.
Describe what role an organization’s ethics committee could play in addressing this or similar issues.
400 words APA format
.
cocaine, conspiracy theories and the cia in central america by Craig.docxmary772
cocaine, conspiracy theories and the cia in central america by Craig Delaval
Delaval is a freelance writer and filmmaker and was a production assistant for "Drug Wars." This article was edited by Lowell Bergman, series reporter for "Drug Wars."
Since its creation in 1947 under President Harry Truman, the CIA has been credited with a number of far-fetched operations. While some were proven - the infamous LSD mind-control experiments of the 1950s - others, like the assassination of John F. Kennedy and the crash of the Savings and Loans industry, have little or no merit.
In 1996 the agency was accused of being a crack dealer.
A series of expose articles in the San Jose Mercury-News by reporter Gary Webb told tales of a drug triangle during the 1980s that linked CIA officials in Central America, a San Francisco drug ring and a Los Angeles drug dealer. According to the stories, the CIA and its operatives used crack cocaine--sold via the Los Angeles African-American community--to raise millions to support the agency's clandestine operations in Central America.
The CIA's suspect past made the sensational articles an easy sell. Talk radio switchboards lit up, as did African-American leaders like U.S. Rep. Maxine Waters, D-Los Angeles, who pointed to Webb's articles as proof of a mastermind plot to destroy inner-city black America.
One of the people who was accused in the San Jose Mercury-News of being in the midst of the CIA cocaine conspiracy is one of the most respected, now retired, veteran D.E.A. agents, Robert "Bobby" Nieves.
"You have to understand Central America at that time was a haven for the conspiracy theorists. Christic Institute, people like Gary Webb, others down there, looking to dig up some story for political advantage," Nieves said. "No sexier story than to create the notion in people's minds that these people are drug traffickers."
But in the weeks following publication, Webb's peers doubted the merit of the articles. Fellow journalists at the Washington Post, New York Times and Webb's own editor accused him of blowing a few truths up into a massive conspiracy.
Amongst Webb's fundamental problems was his implication that the CIA lit the crack cocaine fuse. It was conspiracy theory: a neat presentation of reality that simply didn't jibe with real life. Webb later agreed in an interview that there is no hard evidence that the CIA as an institution or any of its agent-employees carried out or profited from drug trafficking.
Still, the fantastic story of the CIA injecting crack into ghettos had taken hold. In response to the public outcry following Webb's allegations--which were ultimately published in book form under the title Dark Alliance--the CIA conducted an internal investigation of its role in Central America related to the drug trade. Frederick Hitz, as the CIA Inspector General-- an independent watchdog approved by Congress--conducted the investigation. In October 1998, the CIA released a declassifie.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
2. Products
Sales
Financials
Background Information
Building a comprehensive business function automation
software that performs many functions (decision making in
approaching new initiatives, goal setting and tracking, financial
accounting, a payment system, and much more).
The software is largely the joint brainchild of the Chief
Technology Officer (CTO) and a highly visionary Marketing
Manager who left the company a year ago
5
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Background Information – What We Do
Financed 100% by investors who are extremely anxious to make
a profit.
Investors have invested more than US $35 million since
inception and have not received any returns.
The organization expected a small profit in the last two
quarters. However, the weak economy led to the cancellation of
several large orders. As a result, the organization was in the red
each quarter by approximately US $250,000.
6
Background Information – Financials
What we do
3. Org. Structure
Operational
Industry
Products
Sales
Financials
Code Galore is a privately held company with a budget of US
$15 million per year. Sales last year totaled US $13.5 million
(as mentioned earlier, the company came within US $250,000 of
being profitable each of the last two quarters).
The investors hold the preponderance of the company’s stock;
share options are given to employees in the form of stock
options that can be purchased for US $1 per share if the
company ever goes public.
Code Galore spends about five percent of its annual budget on
marketing. Its marketing efforts focus on portraying other
financial function automation applications as ‘point solutions’
in contrast to Code Galore’s product.
7
Background Information – Financials
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
8
Background Information – Org. Structure
Figure 1—Code Galore Organisational Chart
CEO
CSO
4. VP, Finance
VP, Business
CTO
VP, Human Resources
Security
Administrator
Sales Mgr
Accounting
Dir.
Sr. Financial
Analyst
Infrastructure
Mgr.
Sys. Dev. Mgr.
HR Manager
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
The board of directors:
5. Consists of seasoned professionals with many years of
experience in the software industry
Is scattered all over the world and seldom meets, except by
teleconference
Is uneasy with Code Galore being stretched so thin financially,
and a few members have tendered their resignations within the
last few months
9
Background Information – Org. Structure
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
The CEO:
Is the former chief financial officer (CFO) of Code Galore that
replaced the original CEO who resigned to pursue another
opportunity two years ago
Has a good deal of business knowledge, a moderate amount of
experience as a C-level officer, but no prior experience as a
CEO
As a former CFO, tends to focus more on cost cutting than on
creating a vision for developing more business and getting
better at what Code Galore does best
Background Information – Org. Structure
10
What we do
Org. Structure
Operational
Industry
Products
6. Sales
Financials
Engineers perform code installations. The time to get the
product completely installed and customized to the customer’s
environment can exceed one month with costs higher than US
$60,000 to the customer.
Labour and purchase costs are too high for small and medium-
sized businesses. So far, only large companies in the US and
Canada have bought the product.
C-level officers and board members know that they have
developed a highly functional, unique product for which there is
really no competition. They believe that, in time, more
companies will become interested in this product, but the
proverbial time bomb is ticking. Investors have stretched
themselves to invest US $35 million in the company, and are
unwilling to invest much more.
11
Background Information – Operational
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Business function automation software is a profitable area for
many software vendors because it automates tasks that
previously had to be performed manually or that software did
not adequately support.
The business function automation software arena has many
7. products developed by many vendors. However, Code Galore is
a unique niche player that does not really compete (at least on
an individual basis) with other business automation software
companies.
Background Information – Industry
12
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
The product is comprehensive—at least four other software
products would have to be purchased and implemented to cover
the range of functions that Code Galore’s product covers.
Additionally, the product integrates information and statistics
throughout all functions—each function is aware of what is
occurring in the other functions and can adjust what it does
accordingly, leading to better decision aiding.
Background Information – Products
13
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Sales have been slower than expected, mainly due to a
combination of the economic recession and the high price and
complexity of the product.
8. The price is not just due to the cost of software development; it
also is due to the configuration labour required to get the
product running suitably for its customers.
Background Information – Sales
14
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Acquisition
Code Galore is in many ways fighting for its life, and the fact
that, four months ago, the board of directors made the decision
to acquire a small software start-up company, Skyhaven
Software, has not helped the cash situation.
Skyhaven consists of approximately 15 people, mostly
programmers who work at the company’s small office in
Phoenix, Arizona, USA. Originally, the only connection
between your network and Skyhaven’s was an archaic public
switched telephone network (PSTN).
Setting up a WAN
Two months ago, your company’s IT director was tasked with
setting up a dedicated wide area network (WAN) connection to
allow the former Skyhaven staff to remotely access Code
Galore’s internal network and vice versa.
You requested that this implementation be delayed until the
security implications of having this new access route into your
network were better understood, but the CEO denied your
request on the grounds that it would delay a critical business
initiative, namely getting Skyhaven’s code integrated into Code
Galore’s.
9. 15
The Problems
Information Security
More recently, you have discovered that the connection does not
require a password for access and that, once a connection to the
internal network is established from outside the network, it is
possible to connect to every server within the network,
including the server that holds Code Galore’s source code and
software library and the server that houses employee payroll,
benefits and medical insurance information.
Fortunately, access control lists (ACLs) limit the ability of
anyone to access these sensitive files, but a recent vulnerability
scan showed that both servers have vulnerabilities that could
allow an attacker to gain unauthorised remote privileged access.
You have told the IT director that these vulnerabilities need to
be patched, but because of the concern that patching them may
cause them to crash or behave unreliably and because Code
Galore must soon become profitable or else, you have granted
the IT director a delay of one month in patching the servers.
16
The Problems – Overview
Bots
What now really worries you is that, earlier today, monitoring
by one of the security engineers who does some work for you
has shown that several hosts in Skyhaven’s network were found
to have bots installed in them.
10. Source Code
Furthermore, one of the Skyhaven programmers has told you
that Skyhaven source code (which is to be integrated into Code
Galore’s source code as soon as the Skyhaven programmers are
through with the release on which they are currently working) is
on just about every Skyhaven machine, regardless of whether it
is a workstation or server.
17
The Problems – Overview
Code Galore vs. Skyhaven Employee knowledge
Code Galore employees are, in general, above average in their
knowledge and awareness of information security, due in large
part to an effective security awareness programme that you set
up two months after you started working at Code Galore and
have managed ever since.
You offer monthly brown bag lunch events in a large conference
room, display posters reminding employees not to engage in
actions such as opening attachments that they are not expecting,
and send a short monthly newsletter informing employees of the
direction in which the company is going in terms of security and
how they can help.
Very few incidents due to bad user security practices occurred
until Skyhaven Software was acquired. Skyhaven’s employees
appear to have almost no knowledge of information security.
You also have discovered that the Skyhaven employee who
informally provides technical assistance does not make backups
and has done little in terms of security configuration and patch
management.
18
The Problems – Overview
11. 19
Your Role
Hired two years ago as the only Chief Security Officer (CSO)
this company has ever had.
Report directly to the Chief Executive Officer (CEO).
Attend the weekly senior management meeting in which goals
are set, progress reports are given and issues to be resolved are
discussed.
The Information Security Department consists of just you; two
members of the security engineering team from software are
available eight hours each week.
10 years of experience as an information security manager, five
of which as a CSO, but you have no previous experience in the
software arena.
Four years of experience as a junior IT auditor.
Undergraduate degree in managing information systems and
have earned many continuing professional education credits in
information security, management and audit areas.
Five years ago, you earned your CISM certification.
The focus here is not on a business unit, but rather on Code
Galore as a whole, particularly on security risk that could
cripple the business.
Due primarily to cost-cutting measures the CEO has put in
place, your annual budget has been substantially less than you
requested each year.
Frankly, you have been lucky that no serious incident has
occurred so far. You know that in many ways your company has
been tempting fate.
You do the best you can with what you have, but levels of
12. unmitigated risk in some critical areas are fairly high.
Your Role and the Business Units
20
Mr. Wingate’s focus on cost cutting is a major reason that you
have not been able to obtain more resources for security risk
mitigation measures.
He is calm and fairly personable, but only a fair communicator,
something that results in your having to devote extra effort in
trying to learn his expectations of your company’s information
security risk mitigation effort and keeping him advised of risk
vectors and major developments and successes of this effort.
21
Your Role and the CEO, Ernest Wingate
Code Galore’s IT director is Carmela Duarte. She has put a
system of change control into effect for all IT activities
involving hardware and software.
This system is almost perfect for Code Galore—it is neither
draconian nor too lax and very few employees have any
complaints against it.
You have an excellent working relationship with her, and
although she is under considerable pressure from her boss, the
CTO, and the rest of C-level management to take shortcuts, she
usually tries to do what is right from a security control
perspective.
20. ‣ The loss magnitude scale described in this section is adjusted
for a specific organizational size and risk
capacity. Labels used in the scale (e.g., “Severe”, “Low”, etc.)
may need to be adjusted when analyzing
organizations of different sizes
‣ This process is a simplified, introductory version that may not
be appropriate for some analyses
Basic FAIR analysis is comprised of ten steps in four stages:
Stage 1 – Identify scenario components
1. Identify the asset at risk
2. Identify the threat community under consideration
Stage 2 – Evaluate Loss Event Frequency (LEF)
3. Estimate the probable Threat Event Frequency (TEF)
4. Estimate the Threat Capability (TCap)
5. Estimate Control strength (CS)
6. Derive Vulnerability (Vuln)
7. Derive Loss Event Frequency (LEF)
Stage 3 – Evaluate Probable Loss Magnitude (PLM)
8. Estimate worst-case loss
9. Estimate probable loss
21. Stage 4 – Derive and articulate Risk
10. Derive and articulate Risk
Risk
Loss Event
Frequency
Probable Loss
Magnitude
Threat Event
Frequency
Vulnerability
Contact Action
Control
Strength
Threat
Capability
Primary Loss
Factors
Secondary
Loss Factors
Asset Loss
Factors
Threat Loss
Factors
22. Organizational
Loss Factors
External Loss
Factors
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Stage 1 – Identify Scenario Components
Step 1 – Identify the Asset(s) at risk
In order to estimate the control and value characteristics within
a risk analysis, the analyst must first identify the asset
(object) under evaluation. If a multilevel analysis is being
performed, the analyst will need to identify and evaluate the
primary asset (object) at risk and all meta-objects that exist
between the primary asset and the threat community. This
guide is intended for use in simple, single level risk analysis,
and does not describe the additional steps required for a
multilevel analysis.
Asset(s) at risk:
_____________________________________________________
_
Step 2 – Identify the Threat Community
23. In order to estimate Threat Event Frequency (TEF) and Threat
Capability (TCap), a specific threat community must first be
identified. At minimum, when evaluating the risk associated
with malicious acts, the analyst has to decide whether the
threat community is human or malware, and internal or external.
In most circumstances, it’s appropriate to define the
threat community more specifically – e.g., network engineers,
cleaning crew, etc., and characterize the expected nature
of the community. This document does not include guidance in
how to perform broad-spectrum (i.e., multi-threat
community) analyses.
Threat community:
_____________________________________________________
_
Characterization
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Stage 2 – Evaluate Loss Event Frequency
Step 3 – Threat Event Frequency (TEF)
The probable frequency, within a given timeframe, that a threat
agent will act against an asset
24. Contributing factors: Contact Frequency, Probability of Action
on
Very High (VH) > 100 times per year
High (H) Between 10 and 100 times per year
Moderate (M) Between 1 and 10 times per year
Low (L) Between .1 and 1 times per year
Very Low (VL) < .1 times per year (less than once every ten
years)
Rationale
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Step 4 – Threat Capability (Tcap)
The probable level of force that a threat agent is capable of
applying against an asset
Contributing factors: Skill, Resources
Rating
Very High (VH) Top 2% when compared against the overall
threat population
25. High (H) Top 16% when compared against the overall threat
population
Moderate (M) Average skill and resources (between bottom 16%
and top 16%)
Low (L) Bottom 16% when compared against the overall threat
population
Very Low (VL) Bottom 2% when compared against the overall
threat population
Rationale
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Step 5 – Control strength (CS)
The expected effectiveness of controls, over a given timeframe,
as measured against a baseline
level of force
Contributing factors: Strength, Assurance
Very High (VH) Protects against all but the top 2% of an avg.
threat population
High (H) Protects against all but the top 16% of an avg. threat
population
26. Moderate (M) Protects against the average threat agent
Low (L) Only protects against bottom 16% of an avg. threat
population
Very Low (VL) Only protects against bottom 2% of an avg.
threat population
Rationale
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Step 6 – Vulnerability (Vuln)
The probability that an asset will be unable to resist the actions
of a threat agent
Tcap (from step 4):
CS (from step 5):
Vulnerability
VH VH VH VH H M
H VH VH H M L
Tcap M VH H M L VL
L H M L VL VL
27. VL M L VL VL VL
VL L M H VH
Control Strength
Vuln (from matrix above):
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Step 7 – Loss Event Frequency (LEF)
The probable frequency, within a given timeframe, that a threat
agent will inflict harm upon an
asset
TEF (from step 3):
Vuln (from step 6):
Loss Event Frequency
VH M H VH VH VH
H L M H H H
TEF M VL L M M M
L VL VL L L L
28. VL VL VL VL VL VL
VL L M H VH
Vulnerability
LEF (from matrix above):
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Stage 3 – Evaluate Probable Loss Magnitude
Step 8 – Estimate worst-case loss
Estimate worst-case magnitude using the following three steps:
‣ Determine the threat action that would most likely result in a
worst-case outcome
‣ Estimate the magnitude for each loss form associated with that
threat action
‣ “Sum” the loss form magnitudes
Loss Forms
Threat Actions Productivity Response Replacement
Fine/Judgments Comp. Adv. Reputation
Access
Misuse
Disclosure
29. Modification
Deny Access
Magnitude Range Low End Range High End
Severe (SV) $10,000,000 --
High (H) $1,000,000 $9,999,999
Significant (Sg) $100,000 $999,999
Moderate (M) $10,000 $99,999
Low (L) $1,000 $9,999
Very Low (VL) $0 $999
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Step 9 – Estimate probable loss
Estimate probable loss magnitude using the following three
steps:
‣ Identify the most likely threat community action(s)
‣ Evaluate the probable loss magnitude for each loss form
‣ “Sum” the magnitudes
Loss Forms
30. Threat Actions Productivity Response Replacement
Fine/Judgments Comp. Adv. Reputation
Access
Misuse
Disclosure
Modification
Deny Access
Magnitude Range Low End Range High End
Severe (SV) $10,000,000 --
High (H) $1,000,000 $9,999,999
Significant (Sg) $100,000 $999,999
Moderate (M) $10,000 $99,999
Low (L) $1,000 $9,999
Very Low (VL) $0 $999
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC
Stage 4 – Derive and Articulate Risk
Step 10 – Derive and Articulate Risk
31. The probable frequency and probable magnitude of future loss
Well-articulated risk analyses provide decision-makers with at
least two key pieces of information:
‣ The estimated loss event frequency (LEF), and
‣ The estimated probable loss magnitude (PLM)
This information can be conveyed through text, charts, or both.
In most circumstances, it’s advisable to also provide the
estimated high-end loss potential so that the decision-maker is
aware of what the worst-case scenario might look like.
Depending upon the scenario, additional specific information
may be warranted if, for example:
‣ Significant due diligence exposure exists
‣ Significant reputation, legal, or regulatory considerations exist
Risk
Severe H H C C C
High M H H C C
PLM Significant M M H H C
Moderate L M M H H
Low L L M M M
Very Low L L M M M
VL L M H VH
32. LEF
LEF (from step 7):
PLM (from step 9):
WCLM (from step 8):
Key Risk Level
C Critical
H High
M Medium
L Low
FAIR™ Basic Risk Assessment Guide
All Content Copyright Risk Management Insight, LLC