The document provides an after action review of the Mile High DICE FY-2015 Cybersecurity Domain tabletop exercise, which was comprised of a training session and continuity tabletop exercise focused on cybersecurity. The exercise involved over 40 participating federal, state, local, and private organizations and was held on November 13, 2014 in Aurora, Colorado. The objectives of the exercise were to increase awareness of incorporating cybersecurity into continuity planning, discuss challenges and best practices, examine continuity of essential functions during a cybersecurity emergency, and identify solutions to gaps in organizational plans. The after action review analyzes the results and identifies strengths and areas for improvement.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
The session theme is "Threat Management, Next Generation Security Operations Center".
The session focuses how security information and event management can help enterprises to collects data from the heterogeneous landscape to have incident response plans and have automation in the entire security operations framework.
The session is handled by The session will be handled by Mr.Ravi Shankar Mallah, Architect / IBM security Specialist – Resilient & i2.
Ravi has over 13+ years of experience in the field of Cyber security. Over the course of his career he has been involved in building & running multiple enterprise level SOC while taking care of both perimeter and internal security of these setup. He also enjoys real life experience of various Security related technologies such as SIEM, SOAR, IPS, firewalls, Vulnerability management, Anti-APT solutions etc.
In his current role at IBM he is working as an Architect and enjoys the role of specialist for Incident Response Platform (IRP) and Threat Hunting
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
The broad list of topics include (but not limited to):
- What is Threat Intelligence?
- Type of Threat Intelligence?
- Intelligence Lifecycle
- Threat Intelligence - Classification & Vendor Landscape
- Threat Intelligence Standards (STIX, TAXII, etc.)
- Open Source Threat Intel Tools
- Incident Response
- Role of Threat Intel in Incident Response
- Bonus Agenda
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
The session theme is "Threat Management, Next Generation Security Operations Center".
The session focuses how security information and event management can help enterprises to collects data from the heterogeneous landscape to have incident response plans and have automation in the entire security operations framework.
The session is handled by The session will be handled by Mr.Ravi Shankar Mallah, Architect / IBM security Specialist – Resilient & i2.
Ravi has over 13+ years of experience in the field of Cyber security. Over the course of his career he has been involved in building & running multiple enterprise level SOC while taking care of both perimeter and internal security of these setup. He also enjoys real life experience of various Security related technologies such as SIEM, SOAR, IPS, firewalls, Vulnerability management, Anti-APT solutions etc.
In his current role at IBM he is working as an Architect and enjoys the role of specialist for Incident Response Platform (IRP) and Threat Hunting
An in-depth look at:
1. Disruptive Technology and its impact on organizations.
2. Need for a Security Operations Center (SOC) for the 21st century businesses
3. Designing and operating an effective SOC - what it takes to run a successful SOC starting from how we should prepare our minds in terms of approach to the actual implementation and operation.
4. Qualities any SOC Analyst should possess
5. Measuring the success of a SOC - We discuss critical factors to consider when determining the success of a SOC.
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
This post shows the complex NIST Cybersecurity Framework as a Mindmap.It captures the critical components of the NIST Cybersecurity framework which is becoming a defacto standard.
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho
Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
BSides Las Vegas 2016 Talk: Powershell-fu: Hunting on the Endpoint. Presented the PSHunt framework (which will be released on Github) and methodology for hunting on the endpoint using Powershell across an enterprise or on an individual system.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Building New Opportunity
Jerry Hembd, University of Wisconsin-Superior; Ron Hustedde, University of Kentucky; Sharon Gulick, University of Missouri Extension; Mary Simon Leuci, University of Missouri Extension
This interactive workshop will explore innovation approaches and strategies for regional development and, through a facilitated process, participants will be asked to share their experiences, challenges and approaches. Anticipated results include greater understanding of regional development, sharing of ideas, new learning and possibly creation of information networks.
1:30-3:00pm Monday July 27th
Security Management is very complex and does not limit itself to products and technologies. It is important to consider alternatives when setting up a Security Operation Center (SOC), from insight into the business plan requirements, ability and the skill set of people who will handle the SOC, the responsibilities for the team, budget and more.
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
This post shows the complex NIST Cybersecurity Framework as a Mindmap.It captures the critical components of the NIST Cybersecurity framework which is becoming a defacto standard.
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
From MITRE ATT&CKcon Power Hour December 2020
By Jacob Benjamin, Principal Industrial Consultant Dragos, INL, & University of Idaho
Design Basis Threat (DBT) is concept introduced by the Nuclear Regulatory Commission (NRC). It is a profile of the type, composition, and capabilities of an adversary. DBT is the key input nuclear power plants use for the design of systems against acts of radiological sabotage and theft of special nuclear material. The NRC expects its licensees, nuclear power plants, to demonstrate that they can defend against the DBT. Currently, cyber is included in DBTs simply as a prescribed list of IT centric security controls. Using MITRE’s ATT&CK framework, Cyber DBTs can be created that are specific to the facility, its material, or adversary activities.
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzChristopher Gerritz
BSides Las Vegas 2016 Talk: Powershell-fu: Hunting on the Endpoint. Presented the PSHunt framework (which will be released on Github) and methodology for hunting on the endpoint using Powershell across an enterprise or on an individual system.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
Building New Opportunity
Jerry Hembd, University of Wisconsin-Superior; Ron Hustedde, University of Kentucky; Sharon Gulick, University of Missouri Extension; Mary Simon Leuci, University of Missouri Extension
This interactive workshop will explore innovation approaches and strategies for regional development and, through a facilitated process, participants will be asked to share their experiences, challenges and approaches. Anticipated results include greater understanding of regional development, sharing of ideas, new learning and possibly creation of information networks.
1:30-3:00pm Monday July 27th
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
Derek Milroy, IS Security Architect at U.S. Cellular Corporation, defined “vulnerability management” and how it affects today’s organizations during his presentation at the 2014 Chief Information Security Officer (CISO) Leadership Forum in Chicago on Nov. 19. In his presentation, “Enterprise Vulnerability Management/Security Incident Response,” Milroy noted vulnerability management has different meanings to different organizations, but an organization that utilizes vulnerability management processes can effectively safeguard its data.
According to Milroy, an organization should develop its own vulnerability management baselines to monitor its security levels. By doing so, Milroy said an organization can launch and control vulnerability management systems successfully. In addition, Milroy pointed out that vulnerability management problems occasionally will arise, but a well-prepared organization will be equipped to handle such issues: “Problems are going to happen … You have to work with your people. This can translate to any tool that you’re putting in place. Make sure your people have plans for what happens when it goes wrong, because it’s going to [happen] every single time.”
Milroy also noted that having actionable vulnerability management data is important for organizations of all sizes. If an organization evaluates its vulnerability management processes regularly, Milroy said, it can collect data and use this information to improve its security: “The simplest rule of thumb for vulnerability management, click the report, hand the report to someone. Don’t ever do that. There is no such thing as a report from a tool that you can just click and hand to someone until you first tune it and pare it down.”
- See more at: http://www.argylejournal.com/chief-information-security-officer/enterprise-vulnerability-managementsecurity-incident-response-derek-milroy-is-security-architect-u-s-cellular-corporation/#sthash.Buh6CzLS.dpuf
Sap tech ed_Delivering Continuous SAP Solution Availability Robert Max
With the adoption of the enhanced functionality of Solution Manager 7.1, our SAP Infrastructure Team supported an initial go-live followed by rollouts and enhancements while delivering 99.96% SAP application availability. This presentation helps you identify investments in Solution Manager Functionality and ITIL processes that deliver continuous availability for your federated SAP infrastructure.
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Table of Contents
How to Write a SWOT Analysis Company Report. Why to use a SWOT Analysis. How to do it the right way. Common Mistakes.
TABLE OF CONTENT
Summary
Introduction to SWOT
Background to the SWOT Analysis
Why use it?
When to make use of it?
Objective of a SWOT Analysis
How to carry out a SWOT
Writing the SWOT analysis
Internal factors
Conclusion
References
Download the White Paper
To download the How to Write a SWOT Analysis Company Report White Paper - http://cfdmaster.com/wp-content/uploads/how_to_write_a_swot_analysis_white_paper.pdf
An example of a successful proof of conceptETLSolutions
In this presentation we explain how to create a successful proof of concept for software, using a real example from our work in the Oil & Gas industry.
Template for the improved Value Proposition Canvas. This version focuses on customer wants, needs and fears and on features, benefits and user experiences.
As seguintes pessoas contribuíram com a sua experiência e conhecimento para tornar este manual prático e útil: Mark Lampinen,
Kathleen Jennings, Cassaundra Branco, Alegria Lavin-Jones,
Barbara Foster, Randy Imai, Hathor madeiras, Michael Schommer,
Vincent Jeffries, Chris Thixton, Forrest Jardins e Charlena Hayes.
manual de Avaliação
Outline for Cyber Security Improvement PlanObjectiveThis assig.docxgerardkortney
Outline for Cyber Security Improvement Plan
Objective
This assignment requires the student to write an outline for your final paper which is a cyber-security improvement plan for PureLand WasteWater.
Instructions for assignment
1. Read the PureLand Cyber Security Case Study document to understand the premise of this assignment. In summary, you are a consultant hired by PureLand Wastewater to improve their CyberSecurity due to new CFATS regulations from the US Department of Homeland Security.
2. Read Developing ICS cyber security improvement plan.doc in the PureLand Case Study section within Blackboard and be sure the required elements from section 1 are included.
3. Write an outline that will be used to build your cyber-security improvement plan, and have these required parts in your outline:
a. Include an introduction
b. Document and communicate the current state for security of the PureLand WasteWater Industrial Control System and overall network
c. Provide an overview of the network design including major weaknesses in the design and layout of network components with suggested network layout improvements
d. Identify the threats and vulnerabilities facing the assets of an Industrial Control System including Advanced Persistent Threats and recommend potential security measures that could have prevented those incidents
e. Understand applicable regulations and include provisions for achieving compliance with CFATS regulations within the plan
f. Based on knowledge of recommended security best practices and standards, document and communicate the desired future state for security of the ICS.
g. Document at least 5 security improvements you would recommend for PureLand to implement in their Industrial Control System. (Hint: These 5 improvement areas should be areas that are weak as stated in the document titled, Site Summary Report PureLand WasteWater.docx)
h. Include a conclusion
Final Assignment
Due: Upload to the course Moodle in .pdf or .doc format by 5pm, March19
Format: double-spaced, 1 inch margins, 12 point font. The paper should be well- organized, free of excessive errors, and formal in tone. See length guidelines below.
All sources should be cited following the American Anthropological Association’s preferred citation and bibliographic style.
Prompt: The assignment is to use a single example of language in use (captured in your transcript) as the basis for a linguistic anthropological analysis using terms, concepts and theoretical tools from the course readings, films and lectures. The goal of your analysis should be to illuminate what is going on in your transcript from both a semiotic and pragmatic perspective; what is the social message and what is the social business, or what is being said and what is being done in this speech act/event.
Remember that this paper takes the place of a final exam: as such, while your analysis may demonstrate creativity and originality of thought, it should primarily demonstrate your und.
Capstone Project Report Guidelines
The Capstone Project represents a culminating experience in our Bachelor of Science in Information Science curriculum. It is an opportunity for students to showcase what they have learned from our program and to demonstrate that they are on their way for achieving our program’s key student learning outcomes. Specifically there are six areas that we would like students to address in their end of semester Capstone Project Reports.
1. Analyze a complex computing problem and to apply principles of computing and other relevant disciplines to identify solutions.
2. Design, implement, and evaluate a computing-based solution to meet a given set of computing requirements in the context of the program's discipline.
3. Communicate effectively in a variety of professional contexts.
4. Recognize professional responsibilities and make informed judgements in computing practice based on legal and ethical principles.
5. Functional effectively as a member or leader of a team engaged in activities appropriate to the program's discipline.
6. Support the planning, acquisition, delivery, and monitoring of information systems and their associated technologies within an organization’s environment.
Rubrics for each of these areas have been developed to help students assess what is expected for each of these areas. Students are encouraged to talk with their faculty and client mentors to think through what each of these areas mean to their projects. Questions are welcome!
The following are some guidelines to help you put together your Capstone Project Report. Since every project is different, feel free to amend as needed to best showcase the work you have done this year and to demonstrate your abilities to meet the learning goals of a computing program accredited by the Accreditation Board for Engineering and Technology (ABET).
1. Title Page (Note: It is okay to include logos or other clip art on the Title Page)
a. Project / Team Name
b. Sponsoring Organization / Contact Information
c. Team Member Names
d. Date
2. Table of Contents
3. Introduction / Organization Background
a. Describe the organization that your team is working for. What is their history? What is the mission (purpose) of this organization?
b. Explain the challenges facing the organization.
4. Description of Analysis Work Performed - Here are the areas that you should address in this section of the report (Capstone Project I), but feel free to include others as needed. See the Analysis Rubric for additional details.
a. Question 1: Describe the Problem or Challenge Facing the Client and their Stakeholders.
b. Question 2: Evaluate the Current State (Data, Process, People, and Technology in Use) surrounding the problem or issue.
c. Question 3: Assess Client’s Desired Future State (e.g., Data, Process, People, and Technical Improvements)
d. Question 4: Analyze the Options available for getting your Client to their desired future state and Recommend a
So.
Do you have an incident response plan to cover disasters, cyber-attacks, and other threats to your organization? How confident are you that it will work in a real-world situation? While simply having a plan will help you check the box on the audit, it doesn't guarantee effectiveness in a real situation. Assessing your incident response plans through fire drills, desk top exercises, functional scenarios, and full scale exercises will help your organization truly validate the effectiveness of the plan.
IR assessments are meant to:
- Evaluate plans, policies, and procedures
- Find weaknesses in the plan and gaps in resources
- Improve coordination and communication internally and externally
- Define and validate roles and responsibilities
- Train personnel in their roles and responsibilities
This webinar will provide practical steps for assessing your organization's plans and demonstrate ways to improve them through a methodical and proven approach. After all, whether they're big or small, internal or external, in most any organization incidents occur. Complete plans that have been tested, backed by trained resources and thorough communication, are the proven recipe to minimize the impact of incidents when they occur.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Security Intelligence and Operations Principal, HP Enterprise Security Products
To prepare for this Assignment· Review this week’s Learning Res.docxjuliennehar
To prepare for this Assignment:
· Review this week’s Learning Resources. Consider how to assess and treat clients requiring bipolar therapy.
The Assignment
Examine Case Study: An Asian American Woman With Bipolar Disorder. You will be asked to make three decisions concerning the medication to prescribe to this client. Be sure to consider factors that might impact the client’s pharmacokinetic and pharmacodynamic processes.
At each decision point stop to complete the following:
· Decision #1
· Which decision did you select?
· Why did you select this decision? Support your response with evidence and references to the Learning Resources.
· What were you hoping to achieve by making this decision? Support your response with evidence and references to the Learning Resources.
· Explain any difference between what you expected to achieve with Decision #1 and the results of the decision. Why were they different?
· Decision #2
· Why did you select this decision? Support your response with evidence and references to the Learning Resources.
· What were you hoping to achieve by making this decision? Support your response with evidence and references to the Learning Resources.
· Explain any difference between what you expected to achieve with Decision #2 and the results of the decision. Why were they different?
· Decision #3
· Why did you select this decision? Support your response with evidence and references to the Learning Resources.
· What were you hoping to achieve by making this decision? Support your response with evidence and references to the Learning Resources.
· Explain any difference between what you expected to achieve with Decision #3 and the results of the decision. Why were they different?
Also include how ethical considerations might impact your treatment plan and communication with clients.
1
Shridhik John
CSE 171B
S. Desa
Final Examination
PROBLEM 1: PLANNING
Activity Matrix:
A B C D E F G
A A
B X B
C X X C
D X X D
E X X E
F X X F
X G
*Waterfall Method
Key
A – Problem 2: SCM Design/Analysis Framework
B – Problem 3: Optimal Lot Size and Cycle Inventory for SPC
C – Problem 4: Safety Inventory for Polystyrene Resin at SPC
D – Problem 5: Sourcing for SPC
E – Problem 6: Transportation Design for SPC
F – Problem7: Execution of your plan
G – Extra Credit
2
GANTT Chart:
PERT Chart:
CPM:
A à B à C à D à E à F à G
PROBLEM 2: SCM DESIGN/ANALYSIS FRAMEWORK
Step One: Define the Problem
You have been hired as a consultant by Poly (formerly Plantronics), a medium-sized
company “headquartered” in Santa Cruz, which is the world leader in communication head-sets.
You have been asked to design their supply chain all the way from “high-level” concerns (e.g.,
competitive strategy, “alignment”), through analysis/procedures (e.g., inventory management
models) to the actual integrated software that will be used to manage the ...
Instructions Need task completed for Ds portion of the pr.docxnormanibarber20063
Instructions:
*** Need task completed for D's portion of the project:
3-pages for a SAR;
3-pages for an AAR
covering the topic "Assessing Suspicious Activity" ***
Team e-mail discussing Instructions about the Project:
Team,
I was talking with Team member #2 in class today and the outlines don't match up to the assignment. I propose we write in the order of the assignment and each do 3 pages for each paper. The SAR will be the assessment prior to implementation of our recommendations and the AAR is the assessment afterwards. The breakdown will look like this:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
If we each do 3 pages we will hit the 15 required. I can put it all together and edit if needed, and someone else or I can do the PowerPoint.
Thanks,
Team Lead
------------------------------------------------------------------------------------------------------------------------------
Team Lead,
Based on the reading of our assignments, I see that there are only 4-roles in the assignment (see bold below). My understanding is that you need me to write up 3 pages on "the cyber threats and vulnerabilities that are facing the US critical infrastructure" (separate from the SAR and AAR); 3-pages for the SAR, and 3-pages for the AAR. If this is the case, what role do you want me to write up for the SAR and AAR? Also, we are not to follow the SAR and AAR outlines?
Roles:
Assessing Suspicious Activity - D
Financial Sector – Team Lead
Law enforcement - Team member #3
Intelligence - Team member #4
Homeland security - Team member #5
Thanks,
D
-------------------------------------------------------------------------------------------------------------------------------------
D,
The two outlines are nearly identical for different projects. Team member #3, Team member #4, and I are on board with writing to the tasks vs the outline. If you agree, the task you will do is Task 2 for the Project 4. This task is called "Assessing Suspicious Activity" and we will need 3 pages on this for the SAR and 3 pages for the AAR.
Thanks,
Team Lead
-------------------------------------- SEE PROJECT DETAILS BELOW-----------------------------------------------
US critical infrastructure-power—water, oil and natural gas, military systems, financial systems—have become the target of cyber and physical attacks as more critical infrastructure systems are integrated with the Internet and other digital controls systems. The lesson learned in defending and mitigating cyberattacks is that no entity can prevent or resolve cyberattacks on its own. Collaboration and information sharing is key for success and survival.
This is a group exercise, representing collaboration across all sectors, to support and defend US critical infrastructure. In the working world, a team like this would include some agencies, some industrial partners, and some private se.
Concert Calendar Websites (2 pages)Look specifically for free co.docxmaxinesmith73660
Concert Calendar Websites (2 pages)
Look specifically for free concerts or discounted tickets for students!!
eZseatU
http://www.philorch.org/ezseatu/
MC3 Events calendar
http://calendar.mc3.edu/CalendarNOW.aspx?fromdate=2/1/2015&todate=2/28/2015&display=Month&more=1/1/0001
Temple University
http://calendar.activedatax.com/temple/CalendarNOW.aspx?fromdate=1/1/2013&todate=1/31/2013&display=Month&display=Month
Curtis Institute of Music
http://www.curtis.edu/performances/
Brandywine Ballet
http://www.brandywineballet.org/
Symphony in C
http://www.symphonyinc.org/
Orchestra Society of Philadelphia
http://orchestrasociety.org/schedule-current.php
Kimmel Center: Philadelphia Orchestra, Chamber Orchestra of Phila., Penna. Ballet, Phila. Opera Co.
http://www.kimmelcenter.org/
Piffaro: The Renaissance Band
http://www.piffaro.org/calendar/all-events/
Philly Fun Guide:
www.phillyfunguide.com
Drexel University:
http://www.drexel.edu/depts/perform/chorus/chamber_singers.htm
West Chester University
https://www.wcupa.edu/cvpa/eventsCalendar.aspx
Center City Opera
http://www.operatheater.org/wp4/
Black Pearl Chamber Orchestra
http://blackpearlco.org/web/home.aspx
Kennett Symphony
http://www.kennettsymphony.org/
Swarthmore College
http://www.swarthmore.edu/Humanities/music/concerts.html
Bryn Mawr College
http://www.brynmawr.edu/arts/bi-co.html
The Crossing Choir
http://www.crossingchoir.com/
Relache
http://www.relache.org/
Orchestra 2001
http://www.orchestra2001.org/
Camerata Philadelphia
http://www.camerataphiladelphia.org/Home_Page.html
Delaware Valley Opera
http://www.delawarevalleyopera.org/
Academy of Vocal Arts
http://avaopera.org/
Gilbert and Sullivan Society
http://www.gsschesco.org/
2
Case Study #2: Integrating Disaster Recovery / IT Service Continuity with Information Technology Governance Frameworks
Case Scenario:
You have been assigned to a large, cross-functional team which is investigating adopting a new governance framework for your company’s Information Technology governance program. Your first assignment as a member of this team is to research and write a 2 to 3 page white paper which discusses one of the Chief Information Security Officer (CISO) functional areas. The purpose of this white paper is to “fill in the gaps” for team members from other areas of the company who are not familiar with the functions and responsibilities of the Office of the Chief Information Security Officer.
Your assigned CISO functional area is:Disaster Recovery / IT Service Continuity (IT Service Continuity is a subset of Business Continuity). Your white paper must address the planning, implementation, and execution aspects of this CISO functional area. Your audience will be familiar with the general requirements for business continuity planning (BCP), business impact analysis (BIA), and continuity/recovery strategies for business operations (e.g. restore in place, alternate worksite, etc.). Your readers will NOT have in-depth knowledge of the .
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
Final Exam for IS-921.a Implementing Critical Infrastructure Sec.docxcharlottej5
Final Exam for: IS-921.a: Implementing Critical Infrastructure Security and Resilience
1. Which of the following threats should we prioritize the highest when managing risk?
A. Threats with the greatest consequences should they occur
B. Threats with the lowest probability of occurring
C. Threats that are confined to residential neighborhoods
D. Threats that are limited to publicly-owned infrastructure2. Which of the following is a benefit of critical infrastructure partnerships for owners and operators?
A. Partners automatically receive access to sensitive and classified threat information.
B. Partners are eligible for subsidies under the National Infrastructure Protection Act.
C. Partners receive timely and useful information about threats to critical infrastructure.
D. Information provided by partners can satisfy regulatory reporting requirements
.3. The following are examples of protective measures, EXCEPT FOR:A. Automating inventory functions.
B. Installing security systems.
C. Hardening facilities.
D. Building system redundancies
.4. Complete the Statement: Critical infrastructure security and resilience plans should explicitly address the following topics, EXCEPT FOR.A. Partnership building and information sharing.
B. Corrective actions.
C. Roles and responsibilities.
D. Risk management.
5. Complete the Statement: Continuous improvement activities provide the following benefits, EXCEPT FOR:A. They help to identify gaps in policies, plans, and procedures.
B. They better prepare personnel to protect against potential threats.
C. They enable participants to apply policies, plans, and procedures in a safe environment.
D. They help to identify best practices from other industries
.6. Complete the Statement: The most effective protective programs have the following characteristics, EXCEPT FOR:A. Coordinated.
B. Risk-informed.
C. Delegated .
D. Cost-effective.
7. What are the two factors used to evaluate reported information?A. The relevance of the information to terrorism or to other threats
B. The reliability of the information and whether it is actionable
C. The reliability of the source and the validity of the information
D. The currency of the information and the evaluation of the source
8. What step is needed after information is collected?A. Validate information
B. Establish information analysis centers
C. Form public-private partnerships
D. Determine information resources
9. What is government’s role when engaging owners and operators to form partnerships?A. Encouraging and providing incentives to owners and operators to take action to make critical infrastructure secure and resilient
B. Creating partnerships that rely on civic engagement for critical infrastructure protection
C. Developing relationships with government regulatory partners that include mechanisms for sharing mandatory data
D. Working with owners and operators to enforce compliance with widely-held protective measures and practices
10. Complete the Statement: Critical .
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Colorado Cyber TTX attack AAR After Action Report ESF 18
1. MILE HIGH DICE
CYBERSECURITY DOMAIN TABLETOP EXERCISE
Mile High DICE FY-2015
Denver Interagency Continuity Exercise (DICE),
A Cybersecurity Seminar and Tabletop Exercise
November 13, 2014
After Action Review
November 20, 2014
Cybersecurity Is Not An Information Technology Issue;
It’s A Leadership Issue!
3. UNCLASSIFIED
After Action Review Mile High DICE
Handling Instructions
1. The title of this document is the Mile High DICE FY-2015 Cybersecurity Domain Table Top
Exercise (TTX) After Action Review (AAR).
2. The information gathered in this AAR is UNCLASSIFIED. The control of information is
based more on public sensitivity regarding the nature of the exercise than on the actual
exercise content.
3. All exercise participants should use appropriate guidelines to ensure the proper control of
information within their areas of expertise and protect this material in accordance with
current agency-specific directives.
4. Public release of exercise materials to third parties is at the discretion of FEMA Region VIII
and the Colorado Federal Executive Board (CFEB).
5. For more information, please consult the following points of contact (POCs):
Exercise Sponsor
Gay Page
Executive Director
Colorado Federal Executive Board
PO Box 25567
Denver Federal Center
Bldg 810 Room 5014
Lakewood CO 80225
303 202 4588
gpage@colorado.feb.gov
www.colorado.feb.gov
Exercise Coordinator/Officer
Michael D. Brinkman
Regional Continuity Manager
303-235-4982
michael.brinkman@fema.dhs.gov
FEMA Region VIII
Denver Federal Center, Building 710
Denver, CO 80228
i
4. UNCLASSIFIED
After Action Review Mile High DICE
CONTENTS
Handling Instructions ..............................................................................................i
Executive Summary ................................................................................................1
Exercise Overview...................................................................................................3
Participating Organizations ....................................................................................4
Number of Participants...........................................................................................4
Exercise Design Summary ................................................................................................ 5
Analysis of Objectives ....................................................................................................... 7
Conclusion .......................................................................................................................... 9
Appendix A: Recommendations...................................................................................A-1
Appendix B: Participant Feedback Form ................................................................... B-1
Appendix C: Acronyms.................................................................................................C-1
Appendix D: Glossary of Terms...................................................................................D-1
ii
5. UNCLASSIFIED
After Action Review Mile High DICE
Executive Summary
The Mile High Denver Interagency Continuity Exercise (DICE) Cybersecurity Domain was
comprised of two components: a training session and a continuity tabletop exercise (TTX)
focused on Cybersecurity. The purpose of this event is to provide a forum for interagency
coordination and improvement of continuity plans – this year focus is cybersecurity, increasing
awareness of cyber risks that may impact the performance of essential functions.. The exercise
relied on the Homeland Security Exercise and Evaluation Program (HSEEP) building block
approach, where some agencies examined their COOP plan or annex, and other agencies, with
less robust plans, could learn from the presenters, and each other, how to build their expertise.
Mile High DICE Cybersecurity Domain established a learning environment for all players to
focus on improving understanding of a response concept, identifying opportunities or problems,
and achieving a change in attitude. At the TTX portion of the exercise, agency representatives
were seated at tables, based on their agency, with a facilitator to encourage discussion, while a
selected member of their group acted as a scribe to capture their lessons learned.
Mile High DICE Cybersecurity Domain focused on the following objectives:
1. Increase organizational awareness about the importance of incorporating Cybersecurity
into continuity planning
2. Discuss and examine the challenges, issues and best practices associated with
Cybersecurity
3. Discuss how Essential Functions will continue through a Cybersecurity emergency and
the planning required to perform those functions
4. Identify solutions or alternative actions to cyber challenges, gaps or vulnerabilities in
organizational continuity plans and procedures
The exercise was conducted on November 13, 2014 at the United States Department of Justice,
Bureau of Prisons’ National Corrections Academy, 11900 East Cornell Avenue, Aurora, CO
80014, between 8:00 AM and 4:00 PM.
Overall, Mile High DICE Cybersecurity Domain successfully provided a learning environment
that presented an opportunity for agencies to review their cybersecurity plans and procedures,
interact with other agencies, and reinforce the need for robust continuity planning, training, and
exercises.
This report will analyze the exercise results, identify strengths to be maintained and built upon,
identify potential areas for further improvement, and support development of corrective actions.
1
6. UNCLASSIFIED
After Action Review Mile High DICE
Major Strengths
The major strengths identified during this exercise are as follows:
• The exchange of ideas, networking opportunities and lessons learned.
• Use of recent and relevant Continuity and cybersecurity examples.
• The effective relationship between critical infrastructure and the private sector with
cybersecurity programs.
• Identifying common challenges with cybersecurity.
Primary Areas for Improvement
Opportunities for improvement were identified throughout the exercise. The primary areas for
improvement, including recommendations, are as follows:
Observation 1: Presenters were the best choice as effective tactical experts to discuss the
important issues of cybersecurity.
Issue: Cybersecurity is a unique topic that excited individuals, but the presenters at time
spoke in terms that were way above the audience’s knowledge base.
Recommendation: In knowing the audience, presenters should be advised to use non-
expert (or layman’s) terms. Speakers were briefed of the target audience composition.
• Emergency Preparedness Counsel members should make attempts to view a
speaker’s presentation prior to DICE to discern if it is a good fit for audience and
subject.
• Consider using a panel discussion to help convey technical information.
Observation 2: More time is needed for the tabletop exercise.
Issue: Mile High DICE FY-2015 is an opportunity to provide a summary of the major
changes in Continuity directives and policies. These updates can be reviewed and
addressed during exercises, assisting with Corrective Action Planning.
Recommendation: Allow more time for exercise play.
• Consider a 3 hour TTX for FY-2016.
• Limit outbriefs to ½ the tables. Mix it up, ask if anyone has something to add
• Allow time for Facilitator wrap up at tables
2
7. UNCLASSIFIED
After Action Review Mile High DICE
Exercise Overview
Exercise Name
Mile High (Denver Interagency Continuity Exercise) DICE, FY-2015, Cybersecurity
Domain
Type of Exercise
Training and lessons learned seminar, followed by a tabletop exercise (TTX)
Exercise Date
November 13, 2014
November 20, 2014 After Action Review
Duration
One Day
Location
United States Department of Justice
Bureau of Prisons National Corrections Academy
11900 East Cornell Avenue, Aurora, CO 80014
Sponsors
Colorado Federal Executive Board (CFEB)
Federal Emergency Management Agency (FEMA), Region VIII
Mission
Continuity of Operations/Essential Functions/Cybersecurity
Scenario Type
Cyber-attack on the organization’s network systems
3
8. UNCLASSIFIED
After Action Review Mile High DICE
Participating Organizations
Participating Agencies & Organizations
Anticus International Corp.
CACI International Inc.
Chertoff Group
City of Colorado Springs
City & County of Denver
Coalfire Systems, Inc.
Colorado Federal Executive Board
Colorado National Guard
Dept of Agriculture – Office of Chief Information Officer
Dept of Agriculture – Grain Inspection, Packers & Stockyards Administration
Dept of Commerce – National Institute of Standards and Technology
Dept of Commerce – National Oceanic and Atmospheric Administration
Dept of Commerce – National Telecommunications & Information Administration
Dept of Defense - Defense Contract Management Agency
Dept of Defense - Defense Coordinating Element
Dept of Defense - Defense Health Agency
Dept of Defense – North American Aerospace Defense Command & Northern Command
Dept of Homeland Security - Citizen & Immigration Services
Dept of Homeland Security - Federal Emergency Management Agency
Dept of Homeland Security - Federal Protective Service
Dept of Homeland Security - Transportation Security Administration
Dept of Interior - National Park Service
Dept of Interior - Office of Natural Resource Revenue
Dept of Interior - US Geological Survey
Dept of Justice - Bureau of Prisons
Dept of Transportation – Federal Highway Administration
Environmental Protection Agency - National Enforcement Investigations Center
General Services Administration
National Archives & Records Administration
National Transportation Safety Board
Poudre Fire Authority
Selective Service System
Social Security Administration
State of Colorado - CO Dept of Public Safety
State of Colorado - Dept of Labor & Employment
State of Colorado - Division of Emergency Management
University of Colorado - Colorado Springs
Number of Participants
37 Agencies & Organizations 158 Registrations
108 Participants on site 90 Participant Feedback Forms
4
9. UNCLASSIFIED
After Action Review Mile High DICE
Exercise Design Summary
Purpose
The purpose of this event is to provide a forum for interagency coordination and improvement of
continuity plans – this year’s focus is the Cybersecurity domain, increasing awareness of cyber
risks that may impact the performance of essential functions.
Exercise Purpose and Objectives - TTX
1. Increase organizational awareness about the importance of incorporating Cybersecurity
into continuity planning.
2. Discuss and examine the challenges, issues and best practices associated with
Cybersecurity.
3. Discuss how Essential Functions will continue through a Cybersecurity emergency and
the planning required to perform those functions.
4. Identify solutions or alternative actions to cyber challenges, gaps or vulnerabilities in
organizational continuity plans and procedures.
Exercise Scenario - TTX
Your organization’s IT staff has informed leadership that they have detected a highly
sophisticated cyber-attack on the organization’s network systems. In response to the attack and
with leadership approval, the IT team has disconnected all internet and email access to include
shared folders and wireless access. Incoming emails have also been blocked.
IT is assessing the current damage and providing leadership with regular reports. The team is
also working on protecting systems from future attacks. At this time, IT is uncertain if any
information was stolen and if sensitive or classified information has been compromised. But
there is a chance that several essential records stored on the primary server were corrupted. At
this point, leadership has been informed that it will take a few days to sort things out, secure
systems and get them back online.
5
10. UNCLASSIFIED
After Action Review Mile High DICE
Exercise Schedule – Training/TTX
Time Session Comments
8:00 am Registration Participants sign in
8:30 am Welcome Opening comments
• Jim Gray, Director, Bureau of Prisons – National Corrections
Academy
• Doug Gore, Deputy Regional Administrator, FEMA Region VIII
• Gay Page, Executive Director, Colorado Federal Executive Board
8:45 am Introductions Agency leads introduce members
9:00 am The Cyber
Universe and
You!
Mr. Mark Weatherford
Principal, Chertoff Group & former Deputy Undersecretary,
DHS Cybersecurity
10:15 am Networking Break
10:30 am Challenges &
Threats in the
Cloud
Mr. Rick Dakin
Chief Executive Officer, Co-Founder and Chief Security Strategist,
Coalfire - Independent Information Technology Audit and
Compliance Leadership
12:00 pm Lunch On your Own
1:00 pm Overview of
NIST
Cybersecurity
Framework
Ms. Donna Dodson
Associate Director and Chief Cybersecurity Advisor of the Information
Technology Laboratory (ITL) and the Chief Cybersecurity Advisor for
the National Institute of Standards and Technology (NIST)
1:45 pm Networking Break
2:00 pm Discussion Based
Exercise
Participants will be divided into groups (primarily by agency) and guided
through a discussion of issues related to Cybersecurity
4:00 pm Adjourn
6
11. UNCLASSIFIED
After Action Review Mile High DICE
Analysis of Objectives
This section of the report reviews the performance of the exercised objectives, activities, and
tasks. Observations are organized by objective, followed by a summary and corresponding
observations and recommendations.
OBJECTIVE 1: INCREASE ORGANIZATIONAL AWARENESS ABOUT THE
IMPORTANCE OF INCORPORATING CYBERSECURITY INTO CONTINUITY PLANNING
Observation: Successful
Analysis:
Participants in this training and exercise event were provided with a schedule designed
with multiple briefings and a discussion based exercise to encourage interaction at all
levels. Presentations were specifically designed to raise awareness of Cybersecurity,
challenges affiliated with cybersecurity, and the potential to improve individual plans.
Discussion:
Given that the basic premise of a cyber-attack, it is imperative that agencies place an
emphasis in their COOP planning efforts working with IT on security and compliance
assessments.
Recommendations:
1. Agencies should actively address any deficiencies and/or train and test the
effectiveness of their emergency plans under a variety of conditions.
2. Agencies should ensure that they have the right individuals on their Continuity
Working Group when developing and reviewing their COOP plans.
OBJECTIVE 2: DISCUSS AND EXAMINE THE CHALLENGES, ISSUES AND BEST
PRACTICES ASSOCIATED WITH CYBERSECURITY
Observation: Mixed, mostly successful
Analysis:
Executive Order (EO) 13636 requires the development of a Cybersecurity Framework
that develops voluntary critical infrastructure cybersecurity program and proposes
incentives as well as identifying gaps.
Discussion:
Mile High DICE Cybersecurity Domain was an opportunity to provide a summary of the
common challenges with cybersecurity as the threat increases. Overview of the EO
proved challenging during the FY-2015 DICE since agencies wanted to review best
practices and lessons learned from agencies that have dealt with this threat.
Recommendations:
1. Agencies should review Executive Order 13636 that provides a set of standards,
methodologies, procedures, and processes that align policy, business, and
technological approaches to address cyber risks.
7
12. UNCLASSIFIED
After Action Review Mile High DICE
OBJECTIVE 3: DISCUSS HOW ESSENTIAL FUNCTIONS WILL CONTINUE THROUGH A
CYBERSECURITY EMERGENCY AND THE PLANNING REQUIRED TO PERFORM THOSE
FUNCTIONS
Observation: Successful
Analysis:
Members have an increase organizational awareness about COOP and individual roles
and responsibilities.
Discussion:
There is room for improvement in training staff on ways around limited communication,
such as limited internet access and phone service.
Recommendations:
1. More training with the ERG staff and non-ERG members is needed. Agencies also
need to train backup ERG personnel on their roles and responsibilities during
Continuity operations. Create detailed checklists and decision matrices for notice and
no notice events.
OBJECTIVE 4: IDENTIFY SOLUTIONS OR ALTERNATIVE ACTIONS TO CYBER
CHALLENGES, GAPS OR VULNERABILITIES IN ORGANIZATIONAL CONTINUITY
PLANS AND PROCEDURES
Observation: Mixed, mostly successful
Analysis:
Not all agencies present had prepared adequately for cybersecurity.
Discussion:
Smaller organizations and larger organizations’ smaller field offices may not have the
same access and plans to support secondary continuity locations as larger organizations
or offices.
Recommendations:
1. Agencies must develop annexes to their COOP plans that include threats associated
with cybersecurity.
2. Agencies should review the Federal Risk and Authorization Management Program
(FedRAMP), a government-wide program that provides a standardized approach to
security assessment, authorization, and continuous monitoring for cloud products and
services.
8
13. UNCLASSIFIED
After Action Review Mile High DICE
Conclusion
Based on the participant feedback forms, Mile High DICE, FY-2015 Cybersecurity Domain
training and lessons learned session relative to Cybersecurity and Continuity planning tabletop
exercise (TTX) was a success. On a scale of 1 to 5, the overall rating for this year came in at 4.6.
Participants were able to evaluate their plans against the scenario, take lessons learned from each
other, and find areas to improve their continuity programs.
Observations or areas for improvement for the next event include:
• Increase the awareness of government, business and not-for profit organizations of the
requirement to incorporate continuity planning into everyday business.
• Discuss the planning required to perform those Mission Essential Functions (MEFs) that
must continue through an emergency.
• Recognize the critical functions of our organizations’ Information Technology
components in continuity planning.
9
14. UNCLASSIFIED
After Action Review Mile High DICE
Appendix A: Recommendations
Below is a consolidated list of the recommendations previously presented in the AAR, a result of exercise Mile High DICE Cybersecurity
Domain:
Table A.1 Recommendations
Objective Recommendations
Increase organizational
awareness about the
importance of
incorporating
Cybersecurity into
continuity planning.
1. Agencies should actively address any deficiencies and/or train and test the
effectiveness of their emergency plans under a variety of conditions.
2. Agencies should ensure that they have the right individuals on their Continuity
Working Group when developing and reviewing their COOP plans.
Discuss and examine the
challenges, issues and best
practices associated with
Cybersecurity.
1. Agencies should review Executive Order 13636 that provides a set of standards,
methodologies, procedures, and processes that align policy, business, and
technological approaches to address cyber risks.
Discuss how Essential
Functions will continue
through a Cybersecurity
emergency and the
planning required to
perform those functions.
1. More training with the ERG staff and non-ERG members is needed. Agencies also
need to train backup ERG personnel on their roles and responsibilities during
Continuity operations. Create detailed checklists and decision matrices for notice
and no notice events.
Identify solutions or
alternative actions to
cyber challenges, gaps or
vulnerabilities in
organizational continuity
plans and procedures.
1. Agencies must develop annexes to their COOP plans that include threats associated
with cybersecurity.
2. Agencies should review the Federal Risk and Authorization Management Program
(FedRAMP), a government-wide program that provides a standardized approach to
security assessment, authorization, and continuous monitoring for cloud products and
services.
A-1
15. UNCLASSIFIED
After Action Review Mile High DICE
Appendix B: Participant Feedback Form
Assessment Factor
Strongly
Disagree
Strongly
Agree
The Training and Exercise event was well structured and organized. 1 2 3 4 5
The design was conducive to group discussion. 1 2 3 4 5
The featured Speaker’s presentation was helpful in understanding
key concepts for Cybersecurity.
1 2 3 4 5
The tabletop discussion helped provide an examination of your plan
and procedures for Cybersecurity.
1 2 3 4 5
The Case Studies provided in the Participant Handbook helped
provide insight on the challenges with Cybersecurity.
1 2 3 4 5
This event was valuable for helping provide information for the
development of refinement of your Continuity Plan.
1 2 3 4 5
Note: The figures below are based on 90 feedback form submissions
1. The Training and Exercise event was well structured and organized?
90 responses
3 (3.3%) 1 (1.1%) 6 (6.7%) 34 (37.8%) 46 (51.1%)
Strongly
Disagree
Strongly
Agree
2. The design was conducive to group discussion?
90 responses
3 (3.3%) 1 (1.1%) 11 (12.2%) 25 (27.8%) 50 (55.6%)
Strongly
Disagree
Strongly
Agree
3. The featured Speaker’s presentation was helpful in understanding key concepts for
Cybersecurity?
81 responses
5 (6.3%) 2 (2.5%) 10 (12.3%) 28 (34.5%) 36 (44.4%)
Strongly
Disagree
Strongly
Agree
B-1
16. UNCLASSIFIED
After Action Review Mile High DICE
4. The tabletop discussion helped provide an examination of your plan and procedures for
Cybersecurity?
88 responses
3 (3.4%) 2 (2.3%) 9 (10.2%) 35 (39.8%) 39 (44.3%)
Strongly
Disagree
Strongly
Agree
5. The Case Studies provided in the Participant Handbook helped provide insight on the
challenges with Cybersecurity?
84 responses
3 (3.6%) 1 (1.2%) 16 (19%) 31 (36.9%) 33 (39.3%)
Strongly
Disagree
Strongly
Agree
6. This event was valuable for helping provide information for the development of
refinement of your Continuity Plan?
89 responses
3 (3.4%) 1 (1.1%) 11 (12.4%) 35 (39.3%) 39 (43.8%)
Strongly
Disagree
Strongly
Agree
B-2
17. UNCLASSIFIED
After Action Review Mile High DICE
46
7. Please provide any other comments or recommendations regarding this event that may
help in the development of future events.
Format:
• Excellent Speakers and Great participant handbook. The information will be used to
improve COOP plans and develop future cybersecurity exercises.
• There needs to be more time for exercises and less for speakers.
• Reduce the number of out briefs, at some point they lose value and the interest of people.
• COOP/Exercise were knowledgeable, some topics more relevant than others, but overall
worth hearing.
• Presentations were a bit high level, our requirements and responsibilities are somewhat
lower.
• This training was more relevant to policy makers. No working in the IT or computer
field wasn’t applicable to some individuals jobs.
• It would have been helpful to provide more focus on potential solutions, resources and
best practices. Felt that too much time was spent reviewing the complexity of cyber
security. More info about what to do about it would be great.
• Combining two agencies at one table made it difficult to address questions during the
exercise.
• If possible make interspace the guest speakers in with the group discussions. The guests
were great; it was just a lot to take in one right after another.
• Great event for collaboration, review and lesson learned.
DICE Stats
(Nov 2014)
Overall = 4.7
Highest = 4.9 ONRR
Lowest = 4.3 DCMA
Overall = 4.7
Highest = 4.9 Design (conducive for group discussion)
Lowest = 4.3 Speaker’s
B-3
18. UNCLASSIFIED
After Action Review Mile High DICE
• Provide these quarterly.
• Ken Hudson did a terrific job hosting, moderating and keeping DICE on point and on
time.
Speakers
• Some of the guest speakers were dry and technical.
• For individuals who are not technical, some of the speakers were hard to follow and
understand. Less technical people are in the audience and needed more explanation of
cyber procedures.
• Amazing expertise, great that we were given the opportunity to hear from top level
experts. (Several similar type comments)
• Need longer Q&A with speakers.
• Outstanding topic, less technical and more “lay person” information would be helpful
from a decision making standpoint.
• Knowing your audience, some of the speakers were definitely geared towards IT folks
rather than non-IT members making it hard to understand.
Materials
• It would be good if a network list was provided to the attendees.
• Hope that attendees can receive e-copies of the PowerPoint presentations; will they be
available on the CFEB website?
• Excellent Speakers and Great participant handbook. The information will be used to
improve COOP plans and develop future cybersecurity exercises.
Venue
• Great location, comfortable room, utilizing resources at all levels (i.e. screens and
microphones).
TTX / Facilitators
• Appreciate the facilitators diving in to keep conversation and thinking going during the
exercise.
• A few of the questions during the exercise dealt with physical destruction rather than
cybersecurity, making it somewhat confusing.
• Group discussion was excellent with the exercise.
• TTX exercises and discussions are always very helpful; more time for table discussions
would have been useful.
• More time on TTX and one less speaker. (Several similar comments)
• The group discussions and exercise scenario did not flow as well as expected.
Outcomes
• Response plans are strong, but need to work on how to avoid, mitigate, and minimize
effects of cyber disruptions.
• Great reminder of work that needs to be done no only with our agency, but partner
agencies too.
• Agencies would like to conduct similar exercise, who do we contact to explore this?
• Previously did not consider Fed RAMP as a tool to help improve cyber security policy.
B-4
19. UNCLASSIFIED
After Action Review Mile High DICE
Appendix C: Acronyms
Table C.1 Acronyms
Acronym Meaning
AAR After Action Report
CFEB Colorado Federal Executive Board
COOP Continuity of Operations
DICE Denver Interagency Continuity Exercise
ERG Emergency Relocation Group
FEMA Federal Emergency Management Agency
HSEEP Homeland Security Exercise and Evaluation Program
NCP National Continuity Programs
POC Point of Contact
TTX Table Top Exercise
C-1
21. UNCLASSIFIED
After Action Review Mile High DICE
Appendix D: Glossary of Terms
This glossary explains some generic terms used in exercise planning, and those used during the
development, conduct, and observation of the Mile High DICE FY-2015. Terms are listed
alphabetically.
After Action Report (AAR) - A comprehensive assessment of the exercise prepared by the
Evaluation team. It includes a summary of the exercise scope, scenario, participants, and play.
Most importantly, it contains an analysis of the achievement of each exercise objective. It may
also include an assessment of the exercise management process including the planning, control,
and observation of the exercise. This report is developed from the comments and observations
recorded by Evaluators during and after the exercise. It identifies deficiencies, problems, and
issues that require corrective action.
Controller - Controllers plan and manage exercise play, set up and operate the exercise incident
site, and possibly take the roles of individuals and agencies not actually participating in the
exercise (i.e., in the Simulation Cell [SimCell]). Controllers direct the pace of exercise play and
routinely include members from the exercise planning team, provide key data to players, and
may prompt or initiate certain player actions and injects to the players as described in the Master
Scenario Event List (MSEL) to ensure exercise continuity. The individual controllers issue
exercise materials to players as required, monitor the exercise timeline, and monitor the safety of
all exercise participants.
Continuity of Operations (COOP) - Continuity of Operations, as defined in the National
Security Presidential Directive-51/Homeland Security Presidential Directive-20 (NSPD-
51/HSPD-20) and the National Continuity Policy Implementation Plan (NCPIP), is an effort
within individual executive departments and agencies to ensure that Primary Mission Essential
Functions (PMEFs) continue to be performed during a wide range of emergencies, including
localized acts of nature, accidents and technological or attack-related emergencies.
Corrective Action Program (CAP) - The formal program that supports the identification and
resolution of requirements for corrective action and the formal, appropriate integration of
corrective action into interagency Continuity of Operations community. Managed by NCP with
assistance from the CAP Review Board, the CAP ensures the continuing evolution and
refinement of the Federal Executive Branch Continuity of Operations capability.
ENDEX - The end of the exercise. This term refers to the formal conclusion of the exercise. No
player activity occurs after this time.
Emergency Relocation Group - Personnel identified as essential to the accomplishment of
agency essential functions. These personnel are expected to relocate to an agency’s continuity
site upon activation of the agency COOP plan.
Controller/Evaluator Handbook - A document that establishes how the Evaluation effort will
be managed. It includes the overarching objectives and a copy of all Evaluation forms.
Data Collectors - Individuals who record their own as well as participants' observations during
the exercise. They note the actions taken by participants and maintain a chronology of those
D-1
22. UNCLASSIFIED
After Action Review Mile High DICE
actions. Their responsibility is to provide an assessment of how well the objectives were
accomplished. Data Collectors may also be Controllers and/or Evaluators.
Evaluator - Chosen for their expertise in the functional areas they will observe. Evaluators
measure and assess performance, capture unresolved issues, and analyze exercise results.
Evaluators passively assess and document participants’ performance against established
emergency plans and exercise evaluation criteria, in accordance with HSEEP standards.
Exercise Planning Team - The exercise director, the deputy exercise director, and the senior
controller. These are the senior personnel at the exercise location who oversee the actions of the
Evaluators, controllers, and interagency response cell members.
Exercise Objectives - The specific actions to be performed or the capabilities to be
demonstrated by exercise participants. Developed early in the planning effort, effective exercise
objectives will ensure that participants know what is to be accomplished, who will do it, under
what conditions and finally to what measurable standard. Objectives are the basis for the
assessment/observation effort.
Exercise Plan (EXPLAN) - The comprehensive plan for the exercise. The EXPLAN provides
all exercise participants with pertinent information: the lead-in scenario, participants, points of
contact, exercise objectives, assumptions, responsibilities, and administrative and security
information. It is developed from the approved Concept and Objectives Paper that contains the
approved exercise objectives.
Inject - Injects are MSEL entries that controllers must simulate—including directives,
instructions, and decisions. Exercise controllers provide injects to exercise players to drive
exercise play towards the achievement of objectives. Injects can be written, oral, televised,
and/or transmitted via any means (e.g., fax, phone, e-mail, voice, radio, or sign).
Master Scenario Events List, MSEL - The MSEL is a chronological timeline of expected
actions and scripted events to be injected into exercise play by controllers to generate or prompt
player activity. It ensures all necessary events happen so that all objectives can be met.
Players - Exercise participants who respond in a realistic manner to the scenario events. They
do so by using the plans, procedures, and equipment on which they have been trained. In other
words, they demonstrate their ability to carry out their mission. Also referred to as responders in
exercises.
Scenario - A sequential, narrative account of a hypothetical incident or accident. The scenario
provides the catalyst for the exercise and is intended to introduce situations that will inspire
responses and thus allow demonstration of the exercise objectives.
STARTEX - The start of the exercise. This term refers to the formal beginning of player
activity.
Trusted Agent - Trusted agents are the individuals on the exercise planning team who are
trusted not to reveal the scenarios details to players prior to the exercise being conducted.
D-2