During week 6 we develop the theory and application of capital budget analysis. The theory was robust, the calculations mathematically and logically defined, and many of the real-world problems, likely to be encountered, were addressed. As capital budgeting essentially re-invents the company through major long-term expenditures it is arguably one of the most critical functions that financial management performs. However, based on my personal experiences, extensive empirical data, and antidotal data - many firms routinely experience significant failures in their selection of capital projects.
The assignment for this topic consists if two parts:
1) For your first topic in this conference I would like for you to briefly review either your personal experiences and/or the financial literature to identify and present a description of one actual capital project/product failure and the reasons attributed to the failure. For those of you who do not have personal experiences the following are some illustrated examples of failed projects/products over the last 50 years you may want to look up and consider: -New Coke,- The Iridium Satellite Communication,- the Edsel automobile, Beta (vs. VHS), the Concord SST, and various Dot Coms. Feel free to research others.
In your response please provide financial information regarding the project (what is available): initial outlay, projected cash flows, final dollar losses.
Remember this is a one to two paragraph exercise - do not go overboard - a few hours research and summation is all that’s required. I am interested only in your short, concise description of the project and the major reasons you believe it failed.
2) Synthesize your one-paragraph position on what 3-5 specific factors you believe most likely to contribute to capital project analysis failure.
CDC
IT Security Staff BCP Policy
[
CSIA 413,
Professor Last Name:
Policy Document
IT
Business Continuity Plan Policy
Document Control
Organization
Center for Disease and Control (CDC)
Title
CDC IT Security Staff BCP Policy
Author
Owner
IT Security Staff Manager
Subject
Business Continuity Plan Policy
Review date
Revision History
Revision Date
Reviser
Previous Version
Description of Revision
No Revisions
Document Approvals
This document requires the following approvals:
Sponsor Approval
Name
Date
Approved
Document Distribution
This document will be distributed to:
Name
Job Title
Email Address
All CDC Security Staff
Information Security Specialist
Contributors
Development of this policy was assisted through information provided by the following organization:
· CDC and Department of Defense, Health and Homeland Security
Table of Contents
Policy Statement4
1Purpose4
2Objective4
3Scope5
4Compliance5
5Terms and Definitions7
6Risk Identification and Assessment7
7Policy8
Policy Statement
The Center for Disease and Control mission is to protect America from health, safety and security threats, both foreign and in the ...
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docxjoyjonna282
(
CDC
IT Security Staff BCP Policy
) (
[
CSIA 413,
) (
Professor Last Name:
) (
Policy Document
)
(
IT
Business Continuity Plan Policy
)
Document Control
Organization
Center for Disease and Control (CDC)
Title
CDC IT Security Staff BCP Policy
Author
Owner
IT Security Staff Manager
Subject
Business Continuity Plan Policy
Review date
Revision History
Revision Date
Reviser
Previous Version
Description of Revision
No Revisions
Document Approvals
This document requires the following approvals:
Sponsor Approval
Name
Date
Approved
Document Distribution
This document will be distributed to:
Name
Job Title
Email Address
All CDC Security Staff
Information Security Specialist
Contributors
Development of this policy was assisted through information provided by the following organization:
· CDC and Department of Defense, Health and Homeland Security
Table of Contents
Policy Statement4
1Purpose4
2Objective4
3Scope5
4Compliance5
5Terms and Definitions7
6Risk Identification and Assessment7
7Policy8
Policy Statement
The Center for Disease and Control mission is to protect America from health, safety and security threats, both foreign and in the U.S whether the diseases starts at home or abroad, are chronic or acute, curable or preventable, human error or deliberate attack, it fights disease and supports communities and citizens to do the same. It is this sensitive mandate that makes CDC infrastructure critical. CDC is both a source and repository of information.
It is thus critical to secure the information and control access to it, not to mention what information departs the organisation. CDC has to contend with IT regulations and laws that control how sensitive information is used. Given the sources of some of this information, CDC has to contend with the threat of this information being compromised since not all its operations are in one place. Thus CDC conducts critical science and provides health information that protects the nation against expensive and dangerous health threats and responds when these arise.
Unfortunately in life, things do not always follow the ideal and predictable path. Actions may conspire to affect the smooth running of CDC and at the worst case, the relocation to a new site and the continuation of the work that was being done. With the increased security threat, CDC finds itself not able to avoid having to plan for instances where its operations may be disrupted. The plan in intended to achieve efficient and effective operational continuity in order to have all data recovered and restored thus firewalling critical operations. This plan is referred to as the business continuity plan.Purpose
Given the identified risks referred to above, the document is developed for the sole purpose of offering a roadmap to be followed by CDC to recover and restore its operations. The business continuity plan is to be activated should the center be hit by a natural disaster, emergency or delibera ...
An example of ICS\'s Technology at work. Contact me for further examples in the Pharma Sector, in Global Health Management, and in support of reducing infant mortality in developing countries.
Topic Describe each of the elements of a Business Continuity Plan .docxjuliennehar
Topic Describe each of the elements of a Business Continuity Plan (BCP).
Read and respond to below two student’s discussions. (150 words for each response) reflecting on your own experience, challenging assumptions, pointing out something new you learned, offering suggestions
#1. Posted by Sai Srinivas
Most companies till now doesn't have any backout or disaster plan in their list. It's tough to grow higher and even a cyberattack can damage their information, money, stock price, customers and reputation. All this need to be demolished by having few key elements as part of their business plan called Business Continuity Planning (BCP). We will discuss more about the elements in BCP.
Firstly, create a planning team - depends on the size of the team that includes all the required employees. Next one is perform a analysis on the business products - its key that the we always need to analyze if we need to alter any improvements and also, to calculate the impact for loss, interruption or discretion. Migitate risks and effective testing - testing always helps to find any security flaws and we can migitate the cyber risks.
Crisis communications and employee safety - these are very important because if a company hit by any cyber threat, communication should be fast and everyone must be updated and must be on the same page. At this moment, employee safety also comes into the picture as companies need to train them properly during these disasters operations.
Establishment of the business continuity strategies and access to the business resources - Companies must create certain strategies based on the business impact analysis results, their goals, objectives, maintenance of supplier relationships and with policies and standards. Finally, IT operations at off-site locations, companies which are beware of these ransomware attacks, having storing their data as a backup in the offsite centers. This makes a better plan rather than thinking about the lost data and how to recover it - which cannot be done during the current times.
#2. Posted by Naresh
Business continuity planning (BCP) is the process involved in creating a system of prevention and recovery from potential threats to a business organization. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster due to natural causes or human-made mistakes. The important elements of Business continuity process involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters like fire, flood, or weather-related events, Power outages and cyber-attacks. Once the risks identified, BCP strategic steps must involve how those risks will affect operations, implementing safeguards and procedures to mitigate the risks and reviewing the process to make sure that it is up to date.
There are seven key elements for Business c ...
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docxjoyjonna282
(
CDC
IT Security Staff BCP Policy
) (
[
CSIA 413,
) (
Professor Last Name:
) (
Policy Document
)
(
IT
Business Continuity Plan Policy
)
Document Control
Organization
Center for Disease and Control (CDC)
Title
CDC IT Security Staff BCP Policy
Author
Owner
IT Security Staff Manager
Subject
Business Continuity Plan Policy
Review date
Revision History
Revision Date
Reviser
Previous Version
Description of Revision
No Revisions
Document Approvals
This document requires the following approvals:
Sponsor Approval
Name
Date
Approved
Document Distribution
This document will be distributed to:
Name
Job Title
Email Address
All CDC Security Staff
Information Security Specialist
Contributors
Development of this policy was assisted through information provided by the following organization:
· CDC and Department of Defense, Health and Homeland Security
Table of Contents
Policy Statement4
1Purpose4
2Objective4
3Scope5
4Compliance5
5Terms and Definitions7
6Risk Identification and Assessment7
7Policy8
Policy Statement
The Center for Disease and Control mission is to protect America from health, safety and security threats, both foreign and in the U.S whether the diseases starts at home or abroad, are chronic or acute, curable or preventable, human error or deliberate attack, it fights disease and supports communities and citizens to do the same. It is this sensitive mandate that makes CDC infrastructure critical. CDC is both a source and repository of information.
It is thus critical to secure the information and control access to it, not to mention what information departs the organisation. CDC has to contend with IT regulations and laws that control how sensitive information is used. Given the sources of some of this information, CDC has to contend with the threat of this information being compromised since not all its operations are in one place. Thus CDC conducts critical science and provides health information that protects the nation against expensive and dangerous health threats and responds when these arise.
Unfortunately in life, things do not always follow the ideal and predictable path. Actions may conspire to affect the smooth running of CDC and at the worst case, the relocation to a new site and the continuation of the work that was being done. With the increased security threat, CDC finds itself not able to avoid having to plan for instances where its operations may be disrupted. The plan in intended to achieve efficient and effective operational continuity in order to have all data recovered and restored thus firewalling critical operations. This plan is referred to as the business continuity plan.Purpose
Given the identified risks referred to above, the document is developed for the sole purpose of offering a roadmap to be followed by CDC to recover and restore its operations. The business continuity plan is to be activated should the center be hit by a natural disaster, emergency or delibera ...
An example of ICS\'s Technology at work. Contact me for further examples in the Pharma Sector, in Global Health Management, and in support of reducing infant mortality in developing countries.
Topic Describe each of the elements of a Business Continuity Plan .docxjuliennehar
Topic Describe each of the elements of a Business Continuity Plan (BCP).
Read and respond to below two student’s discussions. (150 words for each response) reflecting on your own experience, challenging assumptions, pointing out something new you learned, offering suggestions
#1. Posted by Sai Srinivas
Most companies till now doesn't have any backout or disaster plan in their list. It's tough to grow higher and even a cyberattack can damage their information, money, stock price, customers and reputation. All this need to be demolished by having few key elements as part of their business plan called Business Continuity Planning (BCP). We will discuss more about the elements in BCP.
Firstly, create a planning team - depends on the size of the team that includes all the required employees. Next one is perform a analysis on the business products - its key that the we always need to analyze if we need to alter any improvements and also, to calculate the impact for loss, interruption or discretion. Migitate risks and effective testing - testing always helps to find any security flaws and we can migitate the cyber risks.
Crisis communications and employee safety - these are very important because if a company hit by any cyber threat, communication should be fast and everyone must be updated and must be on the same page. At this moment, employee safety also comes into the picture as companies need to train them properly during these disasters operations.
Establishment of the business continuity strategies and access to the business resources - Companies must create certain strategies based on the business impact analysis results, their goals, objectives, maintenance of supplier relationships and with policies and standards. Finally, IT operations at off-site locations, companies which are beware of these ransomware attacks, having storing their data as a backup in the offsite centers. This makes a better plan rather than thinking about the lost data and how to recover it - which cannot be done during the current times.
#2. Posted by Naresh
Business continuity planning (BCP) is the process involved in creating a system of prevention and recovery from potential threats to a business organization. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster due to natural causes or human-made mistakes. The important elements of Business continuity process involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters like fire, flood, or weather-related events, Power outages and cyber-attacks. Once the risks identified, BCP strategic steps must involve how those risks will affect operations, implementing safeguards and procedures to mitigate the risks and reviewing the process to make sure that it is up to date.
There are seven key elements for Business c ...
The Disaster Recovery Plan Sumanth Lagadapati[email protecte.docxtodd241
The Disaster Recovery Plan
Sumanth Lagadapati
[email protected]
Introduction
Many companies don’t have a disaster recovery plan often there is a desire for a DRP.
The level of effort and\or cost required to create DRP can cause this project to have a low priority relative to other more immediate projects.
A DRP is viewed as "nice to have" or "just insurance that will not be used ", and not as a critical business component.
That is, until there is a failure that causes a significant outage or loss of data (often at a significant cost to the business).
It is my opinion that every company could benefit from both a disaster recovery plan and a business continuity plan (BCP)
Investing in a DRP and BCP is just as an important for most business in my opinion.
Where do you start?
The first step is to create a DR team and this includes an:
Executive sponsor.
DR coordinator.
Team leaders (there will be several groups and possibly subgroups).
Team members.
This people should be designated as either primary or backup for position, with every position having more than one person assigned this to minimize people as a single point of failure.
The goal is to have the expertise to help develop the various recovery procedures, and is committed to success of the overall effort.
Where do you start? cont…
The next step is to define business goals.
The goal should address items such as:
What functional areas need to be recovered?
What length of time is acceptable for recovery?
What amount of data loss is acceptable?
This often involves prioritization and a cost-benefit analysis to determine the worth of recovery (i.e. something that may be premature at this phase of the project).
Understand the business goals and objectives
To find out what that really entails you must know:
What are the critical systems?
What are the key processes and applications?
What are the dependencies on other systems?
This includes:
Data transfers.
Manual processes
Remote processing
Then documents these processes.
Because there is interaction with dependencies on other systems and user interface, and the sensitivity of the data.
Once the systems have been identified, attempt to quantify their impact relative to the overall business goals.
Identify specific requirements
Everyone involve with this effort (including upper management within a company) needs to have a single vision of what success look like, without this you risk wasting time and money on a plan that may be viewed as a failure.
Identify key personnel
These people may not be part of the DR team, but they are important. (For example who has the authority to declare a disaster?)
This list should be maintained both by name and by role; it should be validated and updated frequently.
Identify single point of failure
The overall goal of this step is to mitigate unnecessary risk.
The scope of this effort includes people, software, equipment, and infrastructure.
It i.
You have been hired as a consultant to design BCP for SanGrafix, a v.docxshantayjewison
You have been hired as a consultant to design BCP for SanGrafix, a video and PC game design company. SanGrafix's newest game has become a hot seller, and the company anticipates rapid growth. It's moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, SanGrafix wants to be fully secured, documented, and maintained while providing high availability, scalability, and performance.
Based on your current technology and information security knowledge, for this project you will design a BCP based off of the company profile below:
A. Primary location in San Francisco, CA
B. Secondary location/hot site in Sunnyvale, CA
C. Capable of supporting 220 users in these departments: Accounting and Payroll, 16; Research and Development, 48; Sales and Marketing, 40; Order Processing, Shipping, and Receiving, 36; secretarial and office management staff, 20; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 30; Technology Support, 20.
D. Full OC3 Internet connection
First step is to issue a clear policy statement on the Business Continuity Plan. At a minimum, this statement should contain the following instructions:
The organization should develop a comprehensive Business Continuity Plan.
A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.
The Business Continuity Plan should cover all essential and critical business activities.
The Business Continuity Plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
All staff must be made aware of the Business Continuity Plan and their own respective roles.
The Business Continuity Plan is to be kept up to date to take into account changing circumstances.
BELOW IS THE EXAMPLE
Policy Statement
1. Agencies are required to develop, implement, test and maintain a Business Continuity Plan (BCP) for all Information Technology Resources (ITR) that deliver or support core systems and services on behalf of the Commonwealth of Massachusetts. For purposes of this policy, the BCP is the overall plan that facilitates sustaining critical operations while recovering from a disruption. BCP’s are required to include, at a minimum:
Standard Incident Response Procedures: An information system-focused set of procedures to be used when an event occurs that is not part of the standard operation of a service and may or does cause disruption to or a reduction in the quality of services and Customer productivity.
Disaster Recovery Plan (DRP): An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure in the event of large scale disaster and/or other cataclysmic event.
Continuity of Operations Plans (COOP): An information system-focused pla.
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
Running Head: ZIFFCORP AUDIT PROPOSAL 1
ZiffCorp Audit IT Security Audit Proposal
Brian A. McDougall
Central Washington University
Author Note:
Final Paper – IT 677 – Summer 2018
ZIFFCORP AUDIT PROPOSAL 2
Table of Contents
Title Page .......................................................................................................................................................................... 1
Table of Contents .......................................................................................................................................................... 2
Audit Proposal ................................................................................................................................................................ 3
Entity-Level Controls .................................................................................................................................................. 4
Data Center ...................................................................................................................................................................... 8
Database ......................................................................................................................................................................... 11
Web Server .................................................................................................................................................................... 13
Cloud ................................................................................................................................................................................ 14
Disaster Preparedness Plan .................................................................................................................................. 15
References ..................................................................................................................................................................... 16
ZIFFCORP AUDIT PROPOSAL 3
Audit Proposal
July 26, 2018
Artie Ziff, CEO
ZiffCorp
1066 3rd St
Springfield, VA 22150
Dear Mr. Ziff:
Thank you for the opportunity to present my proposal to perform an informal audit of
certain critical IT security policies and controls at ZiffCorp. Because of recent changes in
privacy regulations, GDPR in particular, I feel it expedient to review certain controls in
preparation for a formal audit that will verify ZiffCorp’s compliance to GDPR across the
organization. This audit is essential to maintaining quality operations and further help in
mitigating organizational risk, which can easily end up in dollars lost (Collins, 2017).
Let me stress that this will be an informal audit to be performed in order to assess our
security footing in certain areas of the company’s IT infrastructure. Our auditors will
review security controls and issue recommendations for.
Running head Residency DRP Research Paper OutlineResidency DR.docxtodd521
Running head: Residency DRP Research Paper Outline
Residency DRP Research Paper Outline
XYZ Insurance
XYZ is a fictitious healthcare company founded in 2002, headquartered in New York City, NY. XYZ has 10,000 providers in their network serving around 15 million people across 26 states in the U.S. It is crucial and critical to maintain the system availability across the network, so that customers/patients would get necessary services on time.
Data is important for running a business, and it is vulnerable to many threats that can lead to data leaks and data loss. These include physical device damage, human threats, technical threats and natural disasters. We need to protect against many of these, but any exposure could put data in jeopardy, making it important that you have a plan to help you overcome any disasters or data losses.
Disaster can affect your business in many ways from accessing the information and systems blocking to operate like regional power outages, cyber-attacks, employee mistakes and hardware failure. Every company has IT risks that can destroy your business. To prevent such risks and failures we need a Disaster Recovery Plan.
This outline describes the plans purpose, objectives, assumptions and strategies on which the plan is based. Purpose of the plan is to recover our organization critical IT applications and workflows reducing the risk of disruption of operations or loss of information following a significance disruption or disaster. Restore organizations IT environment to minimize or mitigate disruptions to business functions. Identify essential support personnel, facilities, equipment, and hardware, Documents enough detailed recovery tasks, facilitate decision-making for exhibition of the plan subsequent conduct of operations, Comply with regulatory directives.
This plan addresses the recovery of critical IT applications and workflows needed by organization to maintain business, including applications like Data Fabric Manager, Exchange
Payment Portal Organization Website and Online Quoting.
The Technical Recovery Plan assumes hardware to support these IT applications and workflows are operations and available, data and voice communications may be disrupted application data is backed up on a regular basis and is available and current, knowledgeable staff is available and can report to the alternate site(s) to perform required tasks documented in the plan key personnel may be unavailable for extended periods, key stakeholders have access to a current copy of this plan an adequate supply of critical forms, equipment, supplies and vital records that are identified in this plan or stored off-site (hard copy or electronic copy), either at an alternate facility or off-site storage as noted above or are available from other sources, management has identified reasonable alternative recovery sites and facilities to be used in the event of a disaster, alternate site.
Nine keys to successful delegation in Project Managementmrinalsingh385
Project Management Professional (PMP®) certification has been ranked the number 1 certification and is globally acknowledged as a standard for demonstrating your experience, education and ability to lead complex projects as project managers. It also helps you get a better salary.
There are two general types of data dictionaries a database managGrazynaBroyles24
There are two general types of data dictionaries: a database management system data dictionary and an organization-wide data dictionary. For this assignment, we are focusing on the organization-wide data dictionary. In a data dictionary, individual data elements and definitions are defined to ensure consistency and accuracy. Assume you need to collect and analyze data on patients discharged and readmitted to hospital X within 90 days of discharge. Develop the data dictionary for this study by completing the table below. Your data dictionary must include a minimum of 15 discreet data elements. Include information you would need to identify:
· the patient (Unique identifier)
· the admission(s)
· the reason for each admission (why the patient presented to the hospital emergency department)
· the principal diagnosis which is defined as the condition of the patient made after studying the patient and their admission to the hospital.
· the indicator for justified readmission or questionable readmission.
Guided response: Include at least 15 data elements and the rationale for each data element, using the format below and include:
· A title page with the following:
· Title of paper
· Student’s name
· Course name and number
· Instructor’s name
· Date submitted
· Include two scholarly references, excluding the textbook, formatted according to APA style as outlined in the Writing Center.
CHAPTER
5
Security Policies, Standards, Procedures, and
Guidelines
The four components of security documentation are policies, standards,
procedures, and guidelines. Together, these form the complete definition of a
mature security program. The Capability Maturity Model (CMM), which measures
how robust and repeatable a business process is, is often applied to security
programs. The CMM relies heavily on documentation for defining repeatable,
optimized processes. As such, any security program considered mature by CMM
standards needs to have well-defined policies, procedures, standards, and
guidelines.
• Policy is a high-level statement of requirements. A security policy is the primary
way in which management’s expectations for security are provided to the
builders, installers, maintainers, and users of an organization’s information
systems.
• Standards specify how to configure devices, how to install and configure
software, and how to use computer systems and other organizational assets, to be
compliant with the intentions of the policy.
• Procedures specify the step-by-step instructions to perform various tasks in
accordance with policies and standards.
• Guidelines are advice about how to achieve the goals of the security policy, but
they are suggestions, not rules. They are an important communication tool to let
people know how to follow the policy’s guidance. They convey best practices for
using technology systems or behaving according to management’s preferences.
This chapter covers the basics of what you need to know a ...
When implementing change, there are significant risks that can cost millions in potential disruption. Learn how to assess the three risk categories and develop strategies to mitigate risk by downloading our whitepaper: Integrated Risk Analysis.
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
Mid-market firms comprise approximately one third of the US economy according to the U.S. Census Bureau. The purpose of this paper is to outline a logical, practical, and actionable approach to effective cyber security program realization in the mid-market ($100M - $3B in revenue).
Coordinating Security Response and Crisis Management PlanningCognizant
Security or emergency response for businesses must be tactically and strategically integrated with disaster recovery, with a plan for root cause analysis and next steps coordinated by the CIO and chief information security officer in conjunction with business units.
IT 552 Module Five Assignment Rubric The purpose of t.docxchristiandean12115
IT 552 Module Five Assignment Rubric
The purpose of this assignment is to develop an incident response plan to combat a specific security gap.
Prompt: In the Case Document, one of the security gap analyses indicated a high number of laptop thefts and a high number of security incidents. Because of
this recent increase in theft and security incidents, the chief information security officer asks you to develop an incident response plan. Submit a plan including
the eight basic elements of an incident response plan, and procedures for sharing information with outside parties. See the Oregon state incident response
template as a sample, but all work should be original.
Specifically, the following critical elements must be addressed:
Include the eight basic elements of an incident response plan.
Describe procedures for sharing information with outside parties.
Guidelines for Submission: Your paper must be submitted as a 4 to 6 page Microsoft Word document with double spacing, 12-point Times New Roman font, and
one-inch margins.
Critical Elements Proficient (100%) Needs Improvement (70%) Not Evident (0%) Value
Eight Basic Elements Explains the eight basic elements of
an incident response plan
Minimally explains eight basic elements of
an incident response plan
Does not explain the eight basic
elements of an incident response plan
35
Procedures for Sharing
Information
Describes the procedures for sharing
information with outside parties
Insufficiently describes the procedures for
sharing information with outside parties
Does not describe the procedures for
sharing information with outside
parties
35
Articulation of
Response
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors related to
citations, grammar, spelling, syntax, or
organization that negatively impact
readability and articulation of main ideas
Submission has critical errors related
to citations, grammar, spelling, syntax,
or organization that prevent the
understanding of ideas
30
Earned Total 100%
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
http://www.oregon.gov/das/OSCIO/Documents/incidentresponseplantemplate.pdf
http://www.oregon.gov/das/OSCIO/Documents/incidentresponseplantemplate.pdf
<agency> Information Security Incident Response Plan <Date>
1
Information Security
Incident Response Plan
Agency:
Date:
Contact:
<agency> Information Security Incident Response Plan <Date>
2
TABLE OF CONTENTS
Introduction ...................................................................................................... 3
Authority ........................................................................................................... 4
Terms and Definitions ......................................................................................
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
The tasks You are assumed to be one of the software consultants .docxsarah98765
The tasks
You are assumed to be one of the software consultants appointed to shoulder the system analysis responsibilities in, the project outlined in, the case study. You will plan and manage the project as well as investigate and document its system requirements. You will produce a report that discusses this project based on your understanding of it and the related investigation results through the tasks below.
Task 1:
Approaches to Systems Development • How would you go about developing Hospital Information System? Compare different Software Development approaches to consider the best suited for developing HIS. • Justify the choice of your selected approach to systems development.
Task 2: Systems Requirements • What are the primary functional requirements for the system in the case study? List and discuss
Length: 2000 words
these requirements. • What are the non-functional requirements for the system in the case study? List and discuss these non-functional requirements. Justify the choice of your non-functional requirements
Task 3: Project Cost Benefit Analysis • Discuss your project Cost Benefit Analysis (CBA). CBA should focus the following two main points: a. To determine if an investment (or decision) is sound, ascertaining if – and by how much – its benefits outweigh its costs; and b. To provide a basis for comparing investments (or decisions), comparing the total expected cost of each option with its total expected benefits. • Provide an excel spread sheet with details in a Project Cost Benefit Analysis.
Task 4:) Project Schedule • Show a work breakdown structure and a project schedule as a Gantt Chart. Explain both of them and discuss how they relate to each other.
• Given the system goals, requirements, and scope as they are currently understood, is the project schedule reasonable? Why or why not?
Task 5: System Information Requirement Investigation Techniques • Who are the stakeholders involved? • Explain your choice of the 3 most useful investigation techniques. • Justify the usefulness of these 3 investigation techniques.
Information Systems Analysis and Design
Assessment - Systems Development
Lecturer: Lecturer Name
Tutor: Tutor Name
Prepared by:
Student Name
Student Number
Table of Contents (TOC)
Insert a word generated table of contents here
How to create a table of contents in Microsoft Word
1. Apply the built-in Heading styles to the headings in your text.
2. In Word 2007 and Word 2010: References > Table of Contents > choose an option from the menu.
1. Introduction
Add your contents here.
Note: In this section, you provide a clear definition of the aims of this report. You also identify the project objectives. Explain all findings in the reporting document.
2. Approach to Systems Development
Please add your contents here. There are many approaches to Systems development such as Water fall SDLC, Agile, RAD JAD. etc. You need to clearly explain which .
OverviewThe US is currently undergoing an energy boom largel.docxjacksnathalie
Overview
The US is currently undergoing an energy boom largely because of the development of the greatly expanded use of a well technique developed over 40 years ago - hydraulic fracking. It can be used for both oil and natural gas wells.. The technique allows previously unrecoverable oil and gas in old, played out wells to be accessed and increases the efficiency of recovery in new wells significantly. The current level of both recovery and new well drilling is dramatically higher than it has been for decades. The dramatic increase in well activity, some of which has been near towns and places no one thought drilling would ever occur. It has brought a great deal of attention to the technique and associated effects on everything from ground water and air pollution, to biodiversity disruption and earthquakes.
One important fact to weave into your opinion about fracking pro or con is that all of the sub-surface mineral rights in the US are owned by someone (a private individual, a business, or the state or federal government) but surface and mineral rights can be separated, i.e. sold. Originally, mineral rights were sold along with the land and then companies or individuals could decide if they wanted to keep or sell the mineral rights. Before mineral rights were so valuable, many people opted to sell their mineral rights to oil & gas companies. It never occurred to many people that someone would actually be drilling on their property or their neighbors. Oil and gas companies have a legal right to exercise their ownership options and if you are going to say "no" to them, then you owe them for what you are not letting them have, i.e. the money that would be produced if they were allowed to drill. This is not a trivial issue.
Instructions
This week’s discussion focuses on the pros and cons of hydraulic fracking and asks for your SCIENCE informed opinion on whether the economics and political fossil fuel issues justify the negative tradeoffs.
Address each of the following in your discussion:
How is fracking done and why are companies doing this action versus traditional drilling?
Are the environmental issues with fracking worse than conventional drilling? Why or why not?
Why are people along the Front Range and in other states where fracking is widespread, so upset about it now even though fracking has been occurring for a long time?
*In your initial post, please provide 3-4 references in APA format with in-text citations.
.
OverviewThe United Nations (UN) has hired you as a consultan.docxjacksnathalie
Overview
The United Nations (UN) has hired you as a consultant, and your task is to assess the impact that global warming is expected to have on population growth and the ability of societies in the developing world to ensure the adequate security of their food supplies.
Case Assessment
As the world’s population nears 10 billion by 2050, the effects of global warming are stripping some natural resources from the environment. As they diminish in number, developing countries will face mounting obstacles to improving the livelihoods of their citizens and stabilizing their access to enough food. The reason these governments are struggling even now is that our climate influences their economic health and the consequent diminishing living standards of their peoples. Climate changes are responsible for the current loss of biodiversity as well as the physical access to some critical farming regions. As such, these changes in global weather patterns diminish agricultural output and the distribution of food to local and international markets. These difficulties will become even more significant for these countries as the Earth’s climate changes for the worse. Temperatures are already increasing incrementally, and polar ice caps are melting, so the salient question is: what does this suggest for developing societies?
The issue before the developing world is not its lack of food, but rather how to gain access to food. Simply put, changes in our climate are affecting the global food chain, and hence, the living standards of entire populations. Added to this is the fact that food is not getting to where it is needed in time to prevent hunger or starvation. In many developing countries, shortages are due to governments’ control over distribution networks rather than an insufficient supply of food itself. In effect, these governments are weaponizing food by favoring certain ethnic or religious groups over others. When added to dramatic climate changes that we are experiencing even now, the future for billions of poor people looks increasingly dim.
Instructions
You are to write a minimum of a 5 page persuasive paper for the UN that addresses the following questions about the relationship between atmospheric weather patterns and food security in the developing world:
Climate change and global warming are often used interchangeably, but they are not the same phenomenon. What are the differences between the two concepts and what leads to the confusion between them?
In 1900, the average global temperature was about 13.7° Celsius (56.7° Fahrenheit) (Osborn, 2021), but as of 2020, the temperature has risen another 1.2°C to 14.9°C (58.9°F). According to the Earth and climate science community, if the Earth’s surface temperature rises another 2°C (3.6°F), we will suffer catastrophic weather patterns that, among other things, will raise sea levels, cause widespread droughts and wildfires, result in plant, insect, and animal extinctions, and reduce agricultura.
More Related Content
Similar to During week 6 we develop the theory and application of capital bud.docx
The Disaster Recovery Plan Sumanth Lagadapati[email protecte.docxtodd241
The Disaster Recovery Plan
Sumanth Lagadapati
[email protected]
Introduction
Many companies don’t have a disaster recovery plan often there is a desire for a DRP.
The level of effort and\or cost required to create DRP can cause this project to have a low priority relative to other more immediate projects.
A DRP is viewed as "nice to have" or "just insurance that will not be used ", and not as a critical business component.
That is, until there is a failure that causes a significant outage or loss of data (often at a significant cost to the business).
It is my opinion that every company could benefit from both a disaster recovery plan and a business continuity plan (BCP)
Investing in a DRP and BCP is just as an important for most business in my opinion.
Where do you start?
The first step is to create a DR team and this includes an:
Executive sponsor.
DR coordinator.
Team leaders (there will be several groups and possibly subgroups).
Team members.
This people should be designated as either primary or backup for position, with every position having more than one person assigned this to minimize people as a single point of failure.
The goal is to have the expertise to help develop the various recovery procedures, and is committed to success of the overall effort.
Where do you start? cont…
The next step is to define business goals.
The goal should address items such as:
What functional areas need to be recovered?
What length of time is acceptable for recovery?
What amount of data loss is acceptable?
This often involves prioritization and a cost-benefit analysis to determine the worth of recovery (i.e. something that may be premature at this phase of the project).
Understand the business goals and objectives
To find out what that really entails you must know:
What are the critical systems?
What are the key processes and applications?
What are the dependencies on other systems?
This includes:
Data transfers.
Manual processes
Remote processing
Then documents these processes.
Because there is interaction with dependencies on other systems and user interface, and the sensitivity of the data.
Once the systems have been identified, attempt to quantify their impact relative to the overall business goals.
Identify specific requirements
Everyone involve with this effort (including upper management within a company) needs to have a single vision of what success look like, without this you risk wasting time and money on a plan that may be viewed as a failure.
Identify key personnel
These people may not be part of the DR team, but they are important. (For example who has the authority to declare a disaster?)
This list should be maintained both by name and by role; it should be validated and updated frequently.
Identify single point of failure
The overall goal of this step is to mitigate unnecessary risk.
The scope of this effort includes people, software, equipment, and infrastructure.
It i.
You have been hired as a consultant to design BCP for SanGrafix, a v.docxshantayjewison
You have been hired as a consultant to design BCP for SanGrafix, a video and PC game design company. SanGrafix's newest game has become a hot seller, and the company anticipates rapid growth. It's moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, SanGrafix wants to be fully secured, documented, and maintained while providing high availability, scalability, and performance.
Based on your current technology and information security knowledge, for this project you will design a BCP based off of the company profile below:
A. Primary location in San Francisco, CA
B. Secondary location/hot site in Sunnyvale, CA
C. Capable of supporting 220 users in these departments: Accounting and Payroll, 16; Research and Development, 48; Sales and Marketing, 40; Order Processing, Shipping, and Receiving, 36; secretarial and office management staff, 20; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 30; Technology Support, 20.
D. Full OC3 Internet connection
First step is to issue a clear policy statement on the Business Continuity Plan. At a minimum, this statement should contain the following instructions:
The organization should develop a comprehensive Business Continuity Plan.
A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.
The Business Continuity Plan should cover all essential and critical business activities.
The Business Continuity Plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
All staff must be made aware of the Business Continuity Plan and their own respective roles.
The Business Continuity Plan is to be kept up to date to take into account changing circumstances.
BELOW IS THE EXAMPLE
Policy Statement
1. Agencies are required to develop, implement, test and maintain a Business Continuity Plan (BCP) for all Information Technology Resources (ITR) that deliver or support core systems and services on behalf of the Commonwealth of Massachusetts. For purposes of this policy, the BCP is the overall plan that facilitates sustaining critical operations while recovering from a disruption. BCP’s are required to include, at a minimum:
Standard Incident Response Procedures: An information system-focused set of procedures to be used when an event occurs that is not part of the standard operation of a service and may or does cause disruption to or a reduction in the quality of services and Customer productivity.
Disaster Recovery Plan (DRP): An information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure in the event of large scale disaster and/or other cataclysmic event.
Continuity of Operations Plans (COOP): An information system-focused pla.
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
Running Head: ZIFFCORP AUDIT PROPOSAL 1
ZiffCorp Audit IT Security Audit Proposal
Brian A. McDougall
Central Washington University
Author Note:
Final Paper – IT 677 – Summer 2018
ZIFFCORP AUDIT PROPOSAL 2
Table of Contents
Title Page .......................................................................................................................................................................... 1
Table of Contents .......................................................................................................................................................... 2
Audit Proposal ................................................................................................................................................................ 3
Entity-Level Controls .................................................................................................................................................. 4
Data Center ...................................................................................................................................................................... 8
Database ......................................................................................................................................................................... 11
Web Server .................................................................................................................................................................... 13
Cloud ................................................................................................................................................................................ 14
Disaster Preparedness Plan .................................................................................................................................. 15
References ..................................................................................................................................................................... 16
ZIFFCORP AUDIT PROPOSAL 3
Audit Proposal
July 26, 2018
Artie Ziff, CEO
ZiffCorp
1066 3rd St
Springfield, VA 22150
Dear Mr. Ziff:
Thank you for the opportunity to present my proposal to perform an informal audit of
certain critical IT security policies and controls at ZiffCorp. Because of recent changes in
privacy regulations, GDPR in particular, I feel it expedient to review certain controls in
preparation for a formal audit that will verify ZiffCorp’s compliance to GDPR across the
organization. This audit is essential to maintaining quality operations and further help in
mitigating organizational risk, which can easily end up in dollars lost (Collins, 2017).
Let me stress that this will be an informal audit to be performed in order to assess our
security footing in certain areas of the company’s IT infrastructure. Our auditors will
review security controls and issue recommendations for.
Running head Residency DRP Research Paper OutlineResidency DR.docxtodd521
Running head: Residency DRP Research Paper Outline
Residency DRP Research Paper Outline
XYZ Insurance
XYZ is a fictitious healthcare company founded in 2002, headquartered in New York City, NY. XYZ has 10,000 providers in their network serving around 15 million people across 26 states in the U.S. It is crucial and critical to maintain the system availability across the network, so that customers/patients would get necessary services on time.
Data is important for running a business, and it is vulnerable to many threats that can lead to data leaks and data loss. These include physical device damage, human threats, technical threats and natural disasters. We need to protect against many of these, but any exposure could put data in jeopardy, making it important that you have a plan to help you overcome any disasters or data losses.
Disaster can affect your business in many ways from accessing the information and systems blocking to operate like regional power outages, cyber-attacks, employee mistakes and hardware failure. Every company has IT risks that can destroy your business. To prevent such risks and failures we need a Disaster Recovery Plan.
This outline describes the plans purpose, objectives, assumptions and strategies on which the plan is based. Purpose of the plan is to recover our organization critical IT applications and workflows reducing the risk of disruption of operations or loss of information following a significance disruption or disaster. Restore organizations IT environment to minimize or mitigate disruptions to business functions. Identify essential support personnel, facilities, equipment, and hardware, Documents enough detailed recovery tasks, facilitate decision-making for exhibition of the plan subsequent conduct of operations, Comply with regulatory directives.
This plan addresses the recovery of critical IT applications and workflows needed by organization to maintain business, including applications like Data Fabric Manager, Exchange
Payment Portal Organization Website and Online Quoting.
The Technical Recovery Plan assumes hardware to support these IT applications and workflows are operations and available, data and voice communications may be disrupted application data is backed up on a regular basis and is available and current, knowledgeable staff is available and can report to the alternate site(s) to perform required tasks documented in the plan key personnel may be unavailable for extended periods, key stakeholders have access to a current copy of this plan an adequate supply of critical forms, equipment, supplies and vital records that are identified in this plan or stored off-site (hard copy or electronic copy), either at an alternate facility or off-site storage as noted above or are available from other sources, management has identified reasonable alternative recovery sites and facilities to be used in the event of a disaster, alternate site.
Nine keys to successful delegation in Project Managementmrinalsingh385
Project Management Professional (PMP®) certification has been ranked the number 1 certification and is globally acknowledged as a standard for demonstrating your experience, education and ability to lead complex projects as project managers. It also helps you get a better salary.
There are two general types of data dictionaries a database managGrazynaBroyles24
There are two general types of data dictionaries: a database management system data dictionary and an organization-wide data dictionary. For this assignment, we are focusing on the organization-wide data dictionary. In a data dictionary, individual data elements and definitions are defined to ensure consistency and accuracy. Assume you need to collect and analyze data on patients discharged and readmitted to hospital X within 90 days of discharge. Develop the data dictionary for this study by completing the table below. Your data dictionary must include a minimum of 15 discreet data elements. Include information you would need to identify:
· the patient (Unique identifier)
· the admission(s)
· the reason for each admission (why the patient presented to the hospital emergency department)
· the principal diagnosis which is defined as the condition of the patient made after studying the patient and their admission to the hospital.
· the indicator for justified readmission or questionable readmission.
Guided response: Include at least 15 data elements and the rationale for each data element, using the format below and include:
· A title page with the following:
· Title of paper
· Student’s name
· Course name and number
· Instructor’s name
· Date submitted
· Include two scholarly references, excluding the textbook, formatted according to APA style as outlined in the Writing Center.
CHAPTER
5
Security Policies, Standards, Procedures, and
Guidelines
The four components of security documentation are policies, standards,
procedures, and guidelines. Together, these form the complete definition of a
mature security program. The Capability Maturity Model (CMM), which measures
how robust and repeatable a business process is, is often applied to security
programs. The CMM relies heavily on documentation for defining repeatable,
optimized processes. As such, any security program considered mature by CMM
standards needs to have well-defined policies, procedures, standards, and
guidelines.
• Policy is a high-level statement of requirements. A security policy is the primary
way in which management’s expectations for security are provided to the
builders, installers, maintainers, and users of an organization’s information
systems.
• Standards specify how to configure devices, how to install and configure
software, and how to use computer systems and other organizational assets, to be
compliant with the intentions of the policy.
• Procedures specify the step-by-step instructions to perform various tasks in
accordance with policies and standards.
• Guidelines are advice about how to achieve the goals of the security policy, but
they are suggestions, not rules. They are an important communication tool to let
people know how to follow the policy’s guidance. They convey best practices for
using technology systems or behaving according to management’s preferences.
This chapter covers the basics of what you need to know a ...
When implementing change, there are significant risks that can cost millions in potential disruption. Learn how to assess the three risk categories and develop strategies to mitigate risk by downloading our whitepaper: Integrated Risk Analysis.
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
Mid-market firms comprise approximately one third of the US economy according to the U.S. Census Bureau. The purpose of this paper is to outline a logical, practical, and actionable approach to effective cyber security program realization in the mid-market ($100M - $3B in revenue).
Coordinating Security Response and Crisis Management PlanningCognizant
Security or emergency response for businesses must be tactically and strategically integrated with disaster recovery, with a plan for root cause analysis and next steps coordinated by the CIO and chief information security officer in conjunction with business units.
IT 552 Module Five Assignment Rubric The purpose of t.docxchristiandean12115
IT 552 Module Five Assignment Rubric
The purpose of this assignment is to develop an incident response plan to combat a specific security gap.
Prompt: In the Case Document, one of the security gap analyses indicated a high number of laptop thefts and a high number of security incidents. Because of
this recent increase in theft and security incidents, the chief information security officer asks you to develop an incident response plan. Submit a plan including
the eight basic elements of an incident response plan, and procedures for sharing information with outside parties. See the Oregon state incident response
template as a sample, but all work should be original.
Specifically, the following critical elements must be addressed:
Include the eight basic elements of an incident response plan.
Describe procedures for sharing information with outside parties.
Guidelines for Submission: Your paper must be submitted as a 4 to 6 page Microsoft Word document with double spacing, 12-point Times New Roman font, and
one-inch margins.
Critical Elements Proficient (100%) Needs Improvement (70%) Not Evident (0%) Value
Eight Basic Elements Explains the eight basic elements of
an incident response plan
Minimally explains eight basic elements of
an incident response plan
Does not explain the eight basic
elements of an incident response plan
35
Procedures for Sharing
Information
Describes the procedures for sharing
information with outside parties
Insufficiently describes the procedures for
sharing information with outside parties
Does not describe the procedures for
sharing information with outside
parties
35
Articulation of
Response
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors related to
citations, grammar, spelling, syntax, or
organization that negatively impact
readability and articulation of main ideas
Submission has critical errors related
to citations, grammar, spelling, syntax,
or organization that prevent the
understanding of ideas
30
Earned Total 100%
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
http://www.oregon.gov/das/OSCIO/Documents/incidentresponseplantemplate.pdf
http://www.oregon.gov/das/OSCIO/Documents/incidentresponseplantemplate.pdf
<agency> Information Security Incident Response Plan <Date>
1
Information Security
Incident Response Plan
Agency:
Date:
Contact:
<agency> Information Security Incident Response Plan <Date>
2
TABLE OF CONTENTS
Introduction ...................................................................................................... 3
Authority ........................................................................................................... 4
Terms and Definitions ......................................................................................
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
The tasks You are assumed to be one of the software consultants .docxsarah98765
The tasks
You are assumed to be one of the software consultants appointed to shoulder the system analysis responsibilities in, the project outlined in, the case study. You will plan and manage the project as well as investigate and document its system requirements. You will produce a report that discusses this project based on your understanding of it and the related investigation results through the tasks below.
Task 1:
Approaches to Systems Development • How would you go about developing Hospital Information System? Compare different Software Development approaches to consider the best suited for developing HIS. • Justify the choice of your selected approach to systems development.
Task 2: Systems Requirements • What are the primary functional requirements for the system in the case study? List and discuss
Length: 2000 words
these requirements. • What are the non-functional requirements for the system in the case study? List and discuss these non-functional requirements. Justify the choice of your non-functional requirements
Task 3: Project Cost Benefit Analysis • Discuss your project Cost Benefit Analysis (CBA). CBA should focus the following two main points: a. To determine if an investment (or decision) is sound, ascertaining if – and by how much – its benefits outweigh its costs; and b. To provide a basis for comparing investments (or decisions), comparing the total expected cost of each option with its total expected benefits. • Provide an excel spread sheet with details in a Project Cost Benefit Analysis.
Task 4:) Project Schedule • Show a work breakdown structure and a project schedule as a Gantt Chart. Explain both of them and discuss how they relate to each other.
• Given the system goals, requirements, and scope as they are currently understood, is the project schedule reasonable? Why or why not?
Task 5: System Information Requirement Investigation Techniques • Who are the stakeholders involved? • Explain your choice of the 3 most useful investigation techniques. • Justify the usefulness of these 3 investigation techniques.
Information Systems Analysis and Design
Assessment - Systems Development
Lecturer: Lecturer Name
Tutor: Tutor Name
Prepared by:
Student Name
Student Number
Table of Contents (TOC)
Insert a word generated table of contents here
How to create a table of contents in Microsoft Word
1. Apply the built-in Heading styles to the headings in your text.
2. In Word 2007 and Word 2010: References > Table of Contents > choose an option from the menu.
1. Introduction
Add your contents here.
Note: In this section, you provide a clear definition of the aims of this report. You also identify the project objectives. Explain all findings in the reporting document.
2. Approach to Systems Development
Please add your contents here. There are many approaches to Systems development such as Water fall SDLC, Agile, RAD JAD. etc. You need to clearly explain which .
OverviewThe US is currently undergoing an energy boom largel.docxjacksnathalie
Overview
The US is currently undergoing an energy boom largely because of the development of the greatly expanded use of a well technique developed over 40 years ago - hydraulic fracking. It can be used for both oil and natural gas wells.. The technique allows previously unrecoverable oil and gas in old, played out wells to be accessed and increases the efficiency of recovery in new wells significantly. The current level of both recovery and new well drilling is dramatically higher than it has been for decades. The dramatic increase in well activity, some of which has been near towns and places no one thought drilling would ever occur. It has brought a great deal of attention to the technique and associated effects on everything from ground water and air pollution, to biodiversity disruption and earthquakes.
One important fact to weave into your opinion about fracking pro or con is that all of the sub-surface mineral rights in the US are owned by someone (a private individual, a business, or the state or federal government) but surface and mineral rights can be separated, i.e. sold. Originally, mineral rights were sold along with the land and then companies or individuals could decide if they wanted to keep or sell the mineral rights. Before mineral rights were so valuable, many people opted to sell their mineral rights to oil & gas companies. It never occurred to many people that someone would actually be drilling on their property or their neighbors. Oil and gas companies have a legal right to exercise their ownership options and if you are going to say "no" to them, then you owe them for what you are not letting them have, i.e. the money that would be produced if they were allowed to drill. This is not a trivial issue.
Instructions
This week’s discussion focuses on the pros and cons of hydraulic fracking and asks for your SCIENCE informed opinion on whether the economics and political fossil fuel issues justify the negative tradeoffs.
Address each of the following in your discussion:
How is fracking done and why are companies doing this action versus traditional drilling?
Are the environmental issues with fracking worse than conventional drilling? Why or why not?
Why are people along the Front Range and in other states where fracking is widespread, so upset about it now even though fracking has been occurring for a long time?
*In your initial post, please provide 3-4 references in APA format with in-text citations.
.
OverviewThe United Nations (UN) has hired you as a consultan.docxjacksnathalie
Overview
The United Nations (UN) has hired you as a consultant, and your task is to assess the impact that global warming is expected to have on population growth and the ability of societies in the developing world to ensure the adequate security of their food supplies.
Case Assessment
As the world’s population nears 10 billion by 2050, the effects of global warming are stripping some natural resources from the environment. As they diminish in number, developing countries will face mounting obstacles to improving the livelihoods of their citizens and stabilizing their access to enough food. The reason these governments are struggling even now is that our climate influences their economic health and the consequent diminishing living standards of their peoples. Climate changes are responsible for the current loss of biodiversity as well as the physical access to some critical farming regions. As such, these changes in global weather patterns diminish agricultural output and the distribution of food to local and international markets. These difficulties will become even more significant for these countries as the Earth’s climate changes for the worse. Temperatures are already increasing incrementally, and polar ice caps are melting, so the salient question is: what does this suggest for developing societies?
The issue before the developing world is not its lack of food, but rather how to gain access to food. Simply put, changes in our climate are affecting the global food chain, and hence, the living standards of entire populations. Added to this is the fact that food is not getting to where it is needed in time to prevent hunger or starvation. In many developing countries, shortages are due to governments’ control over distribution networks rather than an insufficient supply of food itself. In effect, these governments are weaponizing food by favoring certain ethnic or religious groups over others. When added to dramatic climate changes that we are experiencing even now, the future for billions of poor people looks increasingly dim.
Instructions
You are to write a minimum of a 5 page persuasive paper for the UN that addresses the following questions about the relationship between atmospheric weather patterns and food security in the developing world:
Climate change and global warming are often used interchangeably, but they are not the same phenomenon. What are the differences between the two concepts and what leads to the confusion between them?
In 1900, the average global temperature was about 13.7° Celsius (56.7° Fahrenheit) (Osborn, 2021), but as of 2020, the temperature has risen another 1.2°C to 14.9°C (58.9°F). According to the Earth and climate science community, if the Earth’s surface temperature rises another 2°C (3.6°F), we will suffer catastrophic weather patterns that, among other things, will raise sea levels, cause widespread droughts and wildfires, result in plant, insect, and animal extinctions, and reduce agricultura.
OverviewThis project will allow you to write a program to get mo.docxjacksnathalie
Overview
This project will allow you to write a program to get more practice with object-oriented ideas that we explored in the previous project, as well as some practice with more advanced ideas such as inheritance and the use of interfaces.
Ipods and other MP3 players organize a user's music selection into groups known as playlists. These are data structures that provide a collection of songs and an ordering for how those songs will be played. For this assignment you will be writing a set of PlayList classes that could be used for a program that organizes music for a user. These classes will be written to implement a particular PlayList interface so that they can be easily exchange in and out as the program requires. In addition, you will also be using the SimpleTrack class you wrote for the closed lab on Interfaces - if you did not finish this class before the end of lab, you will need to finish it before starting on this project.
Objectives
Practice with programming fundamentals
Review of various Java fundamentals (branching, loops, variables, methods, etc.)
Review of Java File I/O concepts
Practice with Java ArrayList concepts
Practice with object-oriented programming and design
Practice with Java interfaces
Project Description
The SimplePlaylist Class
Once you have coded and tested your SimpleTrack class, you will need to write a SimplePlaylist class that implements the Playist interface given in the project folder.
The SimplePlayList class stores music tracks in order - the first track added to the play list should be the first one removed from the play list. You should recognize this data structure as a
queue
(or a
first-in, first-out queue
). You do not need to implement the equals, hashCode and toString methods for this class but if you choose to do so make sure you document your implementations properly!
The PlayList Management Program
Once you have written and tested a SimpleTrack class and a SimplePlaylist class, it is time to use them to write a program to manage playlists. This program will simulate the playing of songs from a play list. For the SimplePlaylist, the songs are removed from the playlist as they are played, so you know that you're at the end of the list when your list is empty. This program should be implemented in the file MusicPlayerSimulator.java. Note that we are not defining ANY of the methods you are using for this program - the design is all up to you. You must, however, practice good programming style - make sure you are breaking the program up into smaller methods and aren't just trying to solve everything with one monolithic main method. If you have fewer than 5 methods for this program you are probably trying to fit too much into a single method.
Here is a sample transcript of the output of this program:
Enter database filename:
input.txt
Currently playing: 'Elvis Presley / Blue Suede Shoes / Elvis Presley: Legacy Edition' Next track to play: 'The Beatles / Wit.
OverviewThis week, we begin our examination of contemporary resp.docxjacksnathalie
Overview
This week, we begin our examination of contemporary responses to youths’ illegal behaviors. The goal for this week is to assess pre-adjudication responses to youths’ illegal behavior. Primarily, our focus will be on nonformal responses or diversion. As a prelude to this discussion, we will consider the “school to prison pipeline” as it provides a good way to understand the need for diversion in juvenile justice.
Objectives
Upon completion of this week’s lesson, you should be able to:
Define what is meant by the “school to prison pipeline.”
Explain how the political economy contributes to the school to prison pipeline.
Explain how trends in education, policing, and juvenile justice contribute to the school to prison pipeline
Describe juvenile arrest trends and trends in the willingness of police to refer youths to juvenile court.
Define radical nonintervention or true diversion and assess the role in can play in juvenile justice.
Explain the rationale for diversion and its value in juvenile justice.
Describe diversion programs that appear to be effective and programs that are not effective
Assess arguments that are made in support of diversion.
Assess the potential problems that should be addressed when developing or operating diversion programs
Tasks
View Video Lecture (Part 1 and Part 2 below) on the School to Prison Pipeline. While viewing the videos, use the pause feature to stop the slides when needed so that you can examine the content.
Part 1
Part 2
Watch the video:
Rethinking Challenging Kids-Where There's a Skill There's a Way | J. Stuart Ablon | TEDxBeaconStreet
Read the material below, Juvenile Diversion.
View Video Lecture 3
.
OverviewProgress monitoring is a type of formative assessment in.docxjacksnathalie
Overview
Progress monitoring is a type of formative assessment in which student learning is evaluated
on a regular basis to provide useful feedback about performance to both students and
teachers. Though there are a number of methods for monitoring a student’s progress, the most
widely used is general outcome measurement, sometimes referred to as curriculum-based
measurement (CBM). Progress monitoring consists of the frequent administration (e.g., once
per month, every two weeks) of brief probes or tests, which include sample items from every
skill taught across the academic year. After each probe is scored, the teacher or student plots
the score on an individual CBM graph. The teacher can then use this data to determine a
student’s:
• Rate of growth — Average growth of a student’s mathematics skills over a period of time
• Performance level — An indication of a student’s current mathematics skills, often
denoted by a score on a test or probe.
You will determine the rate of growth for the two students listed on page 3 using the data provided.
.
OverviewThe work you do throughout the modules culminates into a.docxjacksnathalie
Overview
The work you do throughout the modules culminates into a Customer Service Plan. This plan incorporates the following:
Module 2: Company Description & Evaluation
Module 3: Examine Customer Service & Quality
Module 4: Examine Customer Service Practices in the Twenty-First Century
Module 5: Company Analysis
Instructions
Part I:
Customer Perspective
In relation to what you have learned in Module 3 so far, observe and describe the following as you would view it from the customer’s perspective. Hint: What is each communicating to the customer?
Physical appearance of the business
How quickly is a customer greeted
Pace of the transaction
Parking lot
Hours of operation
Courtesy of customer service representative
Knowledge of customer service representative
Website - if there is a website, how user-friendly is it?
Part II: Quality Recognition
Discuss the following:
Identify criteria that your organization deems important in communications.
How do you know this criteria is important?
How are representatives evaluated on this?
What training is provided to employees in the five main methods of communication (Listening, writing, talking, reading, nonverbal expression)?
What are the expectations when using technology to communicate with customers?
Part III: Proactive Practices
Evaluate the practices in place to avoid challenging situations. What are the practices in place in your business to demonstrate:
Respecting the customer’s time
Keeping a positive attitude
Recognizing regular customers
Maintaining professional communication
Showing initiative
.
OverviewThis discussion is about organizational design and.docxjacksnathalie
Overview
This discussion is about
organizational design and leadership
, as well as
global leadership issues and practices
. Conduct research on current events relating to one of the unit concepts of interest to you. Then, share your findings in an initial post. Try to choose a concept that has not been, or is rarely, addressed by your classmates. Review peers' findings and then engage in an active discussion to learn more about the topic at hand.
Resources
Park LibraryLinks to an external site.
Click on the Library Sources tab.
Enter your topic in the search box.
Click on full text, and you will find one, or several, articles to analyze.
.
OverviewScholarly dissemination is essential for any doctora.docxjacksnathalie
Overview
Scholarly dissemination is essential for any doctoral level student. Posters are often a way to ease into scholarly communication. Building a poster is one of the ways scholars participate in the dissemination of knowledge.
Instructions
1. Your poster submission must have a central focus, as developed from the topic selected in Module 2, and that focus must be evident throughout the poster. Specifically, your introduction, analysis, and results must be focused on a set of research questions and/or hypotheses that are obvious in your theoretical diagram.
2. The focus must comprehensively place the problem/question in appropriate scholarly context (scholarly literature, theory, model, or genre).
.
OverviewRegardless of whether you own a business or are a s.docxjacksnathalie
Overview:
Regardless of whether you own a business or are a stakeholder in a business, understanding basic contract terms is important. Businesses enter into contracts with many areas, from shipping to suppliers to customers. As a business owner or manager knowledge of these basic terms will assist you in the day to day operations of the business, regardless of the field.
Instructions:
• Fill in the attached template.
• For each term, define the term with citation to authority, define the term in your own words and provide an example of each term.
Requirements:
• Use APA format for non-legal sources such as the textbook. Use Bluebook citation format for any legal citations.
• Submit a Word document using the template.
• Maximum two pages in length, excluding the Reference page.
.
OverviewImagine you have been hired as a consultant for th.docxjacksnathalie
Overview
Imagine you have been hired as a consultant for the United Nations. You have been asked to write an analysis on how global population growth has caused the following problem and how it affects
TURKEY
A growing global population that consumes natural resources is partially to blame for the release of greenhouse gases since human consumption patterns lead to deforestation, soil erosion, and farming (overturned dirt releases CO2). However, the critical issue is the burning of fossil fuels (hydrocarbons) such as coal oil and natural gas to produce energy that is used for things like electricity production, and vehicle, heating, and cooking fuels.
Instructions
Content
The U.N. has asked that your paper contain three sections. It has asked that each section be one page (or approximately 300 words) in length and answer specific questions, identified in the outline below. It also asks that you use examples from Turkey when answering the questions.
Introduction
Provide an introduction of half a page minimum that addresses points
points
1–5 below:
Explain the problem the U.N. has asked you to address in your own words.
Identify the three sections your paper will cover.
Identify the developing country (TURKEY) you will consider.
Telly
the U.N. which causes of greenhouse gases you will explore.
Provide a one-sentence statement of your solutions at the end of your introduction paragraph.
Section I. Background
What are greenhouse gases?
How do greenhouse gases contribute to global warming?
Section II. How Emissions Causes Problems for the Developing World
Which countries produce the most greenhouse gases?
What are the economic challenges of these emissions in Turkey?
What are the security challenges of these emissions in Turkey?
What are the political challenges of these emissions in Turkey?
Section III. Causes and
Solution
s of Greenhouse Gases
Name two causes of greenhouse gases.
What are potential solutions to address each of the causes you identified?
What is the relationship between population control and greenhouse gases?
Conclusion
Provide a conclusion of half a page minimum that includes a summary of your findings that the United Nations can use to inform future policy decisions.
Success Tips
In answering each question, use examples from Turkey to illustrate your points.
The U.N. needs facts and objective analysis on which to base future policy decisions. Avoid
personal opinion
and make sure your answers are based on information you find through research.
Formatting Requirements
Make sure your paper consists of 4–6 pages (1,200 words minimum, not including the cover page, reference page, and quoted material if any).
Create headings for each section of your paper as follows:
Section I. Background.
Section II. How Emissions Causes Problems for the Developing World.
Section III. Causes and
.
OverviewDevelop a 4–6-page position about a specific health care.docxjacksnathalie
Overview
Develop a 4–6-page position about a specific health care issue as it relates to a target vulnerable population. Include an analysis of existing evidence and position papers to help support your position. Your analysis should also present and respond to one or more opposing viewpoints.
Note
: Each assessment in this course builds on the work you completed in the previous assessment. Therefore, you must complete the assessments in this course in the order in which they are presented.
Position papers are a method to evaluate the most current evidence and policies related to health care issues. They offer a way for researchers to explore the views of any number of organizations around a topic. This can help you to develop your own position and approach to care around a topic or issue.
This assessment will focus on analyzing position papers about an issue related to addiction, chronicity, emotional and mental health, genetics and genomics, or immunity. Many of these topics are quickly evolving as technology advances, or as we attempt to push past stigmas. For example, technology advances and DNA sequencing provide comprehensive information to allow treatment to become more targeted and effective for the individual. However as a result, nurses must be able to understand and teach patients about the impact of this information. With this great power comes concerns that patient conditions are protected in an ethical and compassionate manner.
By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and assessment criteria:
Competency 1: Design evidence-based advanced nursing care for achieving high-quality population outcomes.
Evaluate the evidence and positions of others that could support a team's approach to improving the quality and outcomes of care for a specific issue in a target population.
Evaluate the evidence and positions of others that are contrary to a team's approach to improving the quality and outcomes of care for a specific issue in a target population.
Competency 2: Evaluate the efficiency and effectiveness of interprofessional interventions in achieving desired population health outcomes.
Explain the role of the interprofessional team in facilitating improvements for a specific issue in a target population.
Competency 3: Analyze population health outcomes in terms of their implications for health policy advocacy.
Explain a position with regard to health outcomes for a specific issue in a target population.
Competency 4: Communicate effectively with diverse audiences, in an appropriate form and style, consistent with organizational, professional, and scholarly standards.
Communicate an initial viewpoint regarding a specific issue in a target population and a synthesis of existing positions in a logically structured and concise manner, writing content clearly with correct use of grammar, punctuation, and spelling.
Integrate .
Overview This purpose of the week 6 discussion board is to exam.docxjacksnathalie
Overview:
This purpose of the week 6 discussion board is to examine social class and global stratification. Answer prompt 1. Then select and answer one prompt from prompts 2-4. Refer to Chapters 7 and 8 to answer the prompts.
Instructions:
Respond to prompts in paragraph form (200-400 words
Prompt 1:
Describe 3 topics from Chapters 7 and 8 that you found interesting. Three topics I found interesting from Chapter 7 and 8 were the Dependency Theory, World Systems Theory, and Modernization Theory.
Prompt 2:
Describe 3 different social classes and criteria for membership in each.
Prompt 3:
Describe the effect of social inequality upon dominant and minority groups.
Prompt 4
: Describe social mobility regarding how to rise up the social class ladder, if it is possible.
Prompt 5:
Apply a functionalist or conflict theory perspective to social inequality.
.
Overall Scenario Always Fresh Foods Inc. is a food distributor w.docxjacksnathalie
Overall Scenario
Always Fresh Foods Inc. is a food distributor with a central headquarters and main warehouse in Colorado, as well as two regional warehouses in Nevada and Virginia. The company runs Microsoft Windows 2019 on its servers and Microsoft Windows 10 on its workstations. There are 2 database servers, 4 application servers, 2 web servers, and 25 workstation computers in the headquarters offices and main warehouse. The network uses workgroups, and users are created locally on each computer. Employees from the regional warehouses connect to the Colorado network via a virtual private network (VPN) connection. Due to a recent security breach, Always Fresh wants to increase the overall security of its network and systems. They have chosen to use a solid multilayered defense to reduce the likelihood that an attacker will successfully compromise the company’s information security. Multiple layers of defense throughout the IT infrastructure makes the process of compromising any protected resource or data more difficult than any single security control. In this way, Always Fresh protects its business by protecting its information.
Scenario 1
Assume you are an entry-level security administrator working for Always Fresh. You have been asked to evaluate the option of adding Active Directory to the company’s network.
Tasks
Create a summary report to management that answers the following questions to satisfy the key points of interest regarding the addition of Active Directory to the network:
1. System administrators currently create users on each computer where users need access. In Active Directory, where will system administrators create users?
2. How will the procedures for making changes to the user accounts, such as password changes, be different in Active Directory?
3. What action should administrators take for the existing workgroup user accounts after converting to Active Directory?
4. How will the administrators resolve differences between user accounts defined on different computers? In other words, if user accounts have different settings on different computers, how will Active Directory address that issue? (Hint: Consider security identifiers [SIDs].)
.
OverviewCreate a 15-minute oral presentation (3–4 pages) that .docxjacksnathalie
Overview
Create a 15-minute oral presentation (3–4 pages) that examines the moral and ethical issues related to triaging patients in an emergency room.
By successfully completing this assessment, you will demonstrate your proficiency in the following course competencies and assessment criteria:
· Competency 1: Explain the effect of health care policies, legislation, and legal issues on health care delivery and patient outcomes.
. Explain the health care policies that can affect emergency care.
. Recommend evidence-based decision-making strategies nurses can use during triage.
· Competency 3: Apply professional nursing ethical standards and principles to the decision-making process.
. Describe the moral and ethical challenges nurses can face when following hospital policies and protocols.
. Explain how health care disparities impact treatment decisions.
· Competency 4: Communicate in a manner that is consistent with expectations of nursing professionals.
. Write content clearly and logically, with correct use of grammar, punctuation, and mechanics.
. Correctly format citations and references using APA style.
Context
Working in an emergency room gives rise to ethical dilemmas. Due to time restraints and the patient's cognitive impairment and lack of medical history, complications can and do occur. The nurse has very little time to get detailed patient information. He or she must make a quick assessment and take action based on hospital protocol. The organized chaos of the emergency room presents unique ethical challenge, which is why nurses are required to have knowledge of ethical concepts and principles.
Questions to consider
To deepen your understanding, you are encouraged to consider the questions below and discuss them with a fellow learner, a work associate, an interested friend, or a member of your professional community.
· How does a triage nurse decide which patient gets seen first?
· How does health disparity affect the triage nurse's decision making?
· What ethical and moral issues does the triage nurse take into account when making a decision?
· What are triage-level designations?
Resources
Suggested Resources
The following optional resources are provided to support you in completing the assessment or to provide a helpful context. For additional resources, refer to the Research Resources and Supplemental Resources in the left navigation menu of your courseroom.
Capella Resources
· APA Paper Template.
· APA Paper Tutorial.
Library Resources
The following e-books or articles from the Capella University Library are linked directly in this course:
· Tingle, J., & Cribb, A. (Eds.). (2014). Nursing law and ethics (4th ed.). Somerset, NJ: John Wiley & Sons.
· Cranmer, P., & Nhemachena, J. (2013). Ethics for nurses: Theory and practice. Maidenhead, UK: Open University Press.
· Aacharya, R. P., Gastmans, C., & Denier, Y. (2011). Emergency department triage: An ethical analysis. B MC Emergency Medicine, 11(1), 16–29.
· Guidet, B., H.
Overall CommentsHi Khanh,Overall you made a nice start with y.docxjacksnathalie
Overall Comments:
Hi Khanh,
Overall you made a nice start with your U06a1 assignment; however, many of the required objectives have not been addressed in the first version of your assignment. Please carefully review the scoring guide, and review my feedback below, and be sure to contact me if you have any questions about my comments. You can reach me at: [email protected] or 813-417-0860.
Sincerely,
Dr. Marni Swain
COMPETENCY: Assess approaches for recruiting, selecting, and retaining talent.
CRITERION: Explain why and when candidate background checks will be authorized.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Basic
Explains why but not when candidate background checks will be authorized.
Faculty Comments:“
You made a nice start with this discussion; however, it is important to develop your content further to address the legalities involving when a background check can be conducted during the interview process, and the other steps employers have to follow to be in compliance with the law.
”
CRITERION: Identify the top three candidates to interview for the position.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not identify the top three candidates to interview for the position.
Faculty Comments:“
Please develop your content further to address this topic in your assignment.
”
CRITERION: Explain rationale for why the selected candidates should be interviewed.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not explain rationale for why the selected candidates should be interviewed.
Faculty Comments:“
Please develop your content further to address this topic in your assignment.
”
CRITERION: Identify pre-employment screening tests for the position being recruited.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Basic
Identifies a pre-employment screening test for the position being recruited.
Faculty Comments:“
I would like to see your content developed further to clearly identify your rationale for the pre-employment screening tests you selected, as this is not clear based on the limited information provided.
”
CRITERION: Select assessment methods to use based on the job being recruited and the budget available.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not select assessment methods to use based on the job being recruited and the budget available.
Faculty Comments:“
I would like to see your content developed further to clearly identify the assessment methods you will use for CapraTek's Regional Sales positions based on the available budget, as this is not identified in your work.
”
CRITERION: Develop the sequence in which methods will be used to screen applicants.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not develop the sequence in which methods will be used to screen applicants.
Faculty Comments:“
Please develop your content further to address this topic in your assignment.
”
CRITERION: Design a final candidate selection process for the CapraTek.
Overall CommentsHi Khanh,Overall you made a nice start with.docxjacksnathalie
Overall Comments:
Hi Khanh,
Overall you made a nice start with your U03a1 assignment; however, your content still does not address the required objectives. For this assignment you will need to focus the content on Capra Tek's regional sales position, and for objective #1 analyze the KSAs for this position, and for objective #2 you will need to analyze wage trends related to this position as well. Objectives 3 & 4 focus on job description and the job analysis so please carefully review what is required for these two objectives.
Please see my feedback below and be sure to let me know if you have any questions about my comments.
Sincerely,
Dr. Marni Swain
COMPETENCY: Describe how hiring practices support an organization's strategy.
CRITERION: Articulate the components of a job description for a position.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not articulate the components of a job description for this position.
Faculty Comments:“
Please see feedback above.
”
COMPETENCY: Assess approaches for recruiting, selecting, and retaining talent.
CRITERION: Identify the knowledge, skills, and abilities required for this position.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not identify the knowledge, skills, and abilities required for this position.
Faculty Comments:“
Please see feedback above.
”
COMPETENCY: Explore technology tools that support recruiting and staffing management.
CRITERION: Identify wage information and employment trends for this position in a selected state.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not identify wage information and employment trends for this position in a selected state.
Faculty Comments:“
Please see feedback above.
”
COMPETENCY: Analyze the impact of legal and regulatory issues on staffing management.
CRITERION: Explain why a job analysis is a requirement for any recruiting and selecting process.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not explain why a job analysis is a requirement for any recruiting and selecting process.
Faculty Comments:“
Please see feedback above.
”
COMPETENCY: Communicate in a manner that is scholarly and professional.
CRITERION: Communicate in a professional manner that is appropriate for the intended audience.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not communicate in a professional manner that is appropriate for the intended audience.
Faculty Comments:“
Please see feedback above.
”
Dysphagia .
Dysphagia is a serious problem and contributes to weight loss, malnutrition, dehydration, aspiration pneumonia, and death. Careful assessment of risk factors, observation for signs and symptoms, and collaboration with speech-language pathologists on interventions are essential.
Dysphagia, or difficulty swallowing, is a common problem in older adults. The prevalence of swallowing disorders is 16% to 22% in adults older than 50 years of age, and up to 60% of nursing ho.
Overall feedbackYou addressed most all of the assignment req.docxjacksnathalie
Overall feedback:
You addressed most all of the assignment requirements. The assignment had several requirements including, but not limited to: an introduction, 3 questions, conclusion, and at least 2 scholarly references to support your claims. You did include an introduction. However, the introduction should briefly identify the key areas/sections to be covered in the paper. This helps the reader navigate through the organization of both your paper and thought process. You did address the question requirements. The assignment required at least 2 scholarly peer reviewed journal articles. Although you included several references, I only saw one scholarly peer reviewed journal article. Moving forward. Be sure to carefully review the instructions before and after you complete your final draft to ensure all requirements have been met. Second, always include an introduction which briefly describes what areas will be covered. Finally, make sure that you include the required number of scholarly peer reviewed journal articles to support your claims. If you have questions, please contact me.
be sure to fully address the question with terminology and concepts from the book to apply to the case. This demonstrates proficiency at the required tasks. For example, question 2 asked:
Question #2: Discuss your plans for developing formal job descriptions for the employees at the second shop
For this question, I was looking for your approach in terms of methods discussed in the text (interviews, observations, questionnaires, etc.) and application to the case study to show application of the concepts/theories.
As far as the scholarly peer reviewed journal articles, this is an essential part of supporting your claims at the graduate level of writing. The assignment required 2 scholarly peer reviewed journal articles. I only saw one? The purpose of this requirement is to ensure that you are supporting your claims with contemporary research within the management/business discipline. Second, this also gives credit to the author's ideas. While I do not point out every error or missing item on your paper, I focus on those areas/content that are required and can be improved. Moving forward, be sure to fully address each question with terminology from the text/material, as well as provide examples to demonstrate the ability to apply the concepts to the case study. I look forward to receiving your next paper. Second, be sure to include the required number of current (within past 5 years) scholarly peer reviewed journal articles to support your paper.
.
Performance Management
Third Edition
Herman Aguinis
Kelley School of Business
Indiana University
Boston Columbus Indianapolis New York San Francisco Upper Saddle River
Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal Toronto
Delhi Mexico City Sao Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
Credits and acknowledgments borrowed from other sources and reproduced, with per.
Overall Comments Overall you made a nice start with your U02a1 .docxjacksnathalie
Overall Comments:
Overall you made a nice start with your U02a1 assignment. Please see my specific feedback below for each objective, and I can be reached at: [email protected] or 813-417-0860 if you have any questions about my comments.
COMPETENCY: Analyze the impact of legal and regulatory issues on staffing management.
CRITERION: Describe the important issues in the case.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not identify the important issues in the case.
Faculty Comments:“
It is important to select a legal case of disparate impact as the focus of your assignment, and it is unclear if the case you selected is this type of case based on the information provided. Please develop your content further to clearly analyze the important issues of this case, and be sure to describe why this is a case of disparate impact.
”
CRITERION: Distinguish the theory of disparate (or adverse) impact from the theory of disparate treatment.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Basic
Partially distinguishes the theory of disparate (or adverse) impact from the theory of disparate treatment.
Faculty Comments:“
You made a nice start with this objective; however, I would like to see your content developed further to clearly distinguish the theory of disparate treatment from disparate or adverse impact, and this is only briefly addressed in your assignment.
”
CRITERION: Analyze the outcome of the case.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not state the outcome of the case.
Faculty Comments:“
It is important to select a legal case of disparate impact as the focus of your assignment, and it is unclear if the case you selected is this type of case based on the information provided. Please develop your content further to clearly analyze the outcome of this case, and be sure to apply disparate impact theory.
”
CRITERION: Analyze the evidence of discriminatory effects.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not describe the evidence of discriminatory effects.
Faculty Comments:“
It is important to select a legal case of disparate impact as the focus of your assignment, and it is unclear if the case you selected is this type of case based on the information provided. Please develop your content further to clearly analyze the evidence of discriminatory effects in this case, and provide specific examples of connections to the rule, policy or process.
”
CRITERION: Describe how the Uniform Guidelines on Employee Selection Procedures help employers avoid issues related to disparate or adverse impact.
DISTINGUISHED
PROFICIENT
BASIC
NON-PERFORMANCE
Non-Performance
Does not identify how the Uniform Guidelines on Employee Selection Procedures help employers avoid issues related to disparate or adverse impact.
Faculty Comments:“
Please develop your content further to address this in your work.
”
COMPETENCY: Communicate in a manner that is scholarly and professional.
CRITERION: Commun.
Overview This purpose of the week 12 discussion board is to e.docxjacksnathalie
Overview:
This purpose of the week 12 discussion board is to examine health, healthcare, and disability status. Answer prompt 1. Then select and answer one prompt from prompts 2-4. Refer to Chapter 13 to answer the prompts.
Instructions:
Respond to prompts in paragraph form (200-400 words)
Prompt 1:
Describe 3 topics from Chapter 13 that you found interesting.Three topics I found interesting in Chapter 14 was "A Functionalist Perspective: The Sick Role", "A Symbolic Interactionist Perspective:
Prompt 2:
Describe how stereotypes regarding disability status may lead to prejudice and discrimination.
Prompt 3:
Describe how access to healthcare is associated with social class location (e.g., socioeconomic status).
Prompt 4:
How is culture associated with attitudes towards health and healthcare.
Prompt 5:
Compare how the United States pays for health care with how other nations provide health services for their citizens.
.
Over the years, the style and practice of leadership within law .docxjacksnathalie
Over the years, the style and practice of leadership within law enforcement agencies has gradually changed. In the past, leadership was primarily relegated to one individual within the department. However, there has been a transformation in leadership theory resulting in a more dynamic, multifaceted nature of teamwork, inclusion, and dispersed leadership. More and more, police chiefs are being encouraged to move toward a more participatory leadership style of management, one that encourages collaboration and cooperation in the decision-making process.
Based on your readings in the text and credible Internet research, respond to the following:
What does the term
shared leadership
mean? What advantages or disadvantages do you see in this leadership approach?
What direction should law enforcement leaders take for the future, related to leadership styles?
What does the term
visionary leadership
mean?
2-3 pages
.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
During week 6 we develop the theory and application of capital bud.docx
1. During week 6 we develop the theory and application of capital
budget analysis. The theory was robust, the calculations
mathematically and logically defined, and many of the real-
world problems, likely to be encountered, were addressed. As
capital budgeting essentially re-invents the company through
major long-term expenditures it is arguably one of the most
critical functions that financial management performs. However,
based on my personal experiences, extensive empirical data, and
antidotal data - many firms routinely experience significant
failures in their selection of capital projects.
The assignment for this topic consists if two parts:
1) For your first topic in this conference I would like for you to
briefly review either your personal experiences and/or the
financial literature to identify and present a description of one
actual capital project/product failure and the reasons attributed
to the failure. For those of you who do not have personal
experiences the following are some illustrated examples of
failed projects/products over the last 50 years you may want to
look up and consider: -New Coke,- The Iridium Satellite
Communication,- the Edsel automobile, Beta (vs. VHS), the
Concord SST, and various Dot Coms. Feel free to research
others.
In your response please provide financial information regarding
the project (what is available): initial outlay, projected cash
flows, final dollar losses.
Remember this is a one to two paragraph exercise - do not go
overboard - a few hours research and summation is all that’s
required. I am interested only in your short, concise description
of the project and the major reasons you believe it failed.
2) Synthesize your one-paragraph position on what 3-5 specific
factors you believe most likely to contribute to capital project
2. analysis failure.
CDC
IT Security Staff BCP Policy
[
CSIA 413,
Professor Last Name:
Policy Document
IT
Business Continuity Plan Policy
Document Control
Organization
Center for Disease and Control (CDC)
Title
CDC IT Security Staff BCP Policy
Author
Owner
3. IT Security Staff Manager
Subject
Business Continuity Plan Policy
Review date
Revision History
Revision Date
Reviser
Previous Version
Description of Revision
No Revisions
Document Approvals
This document requires the following approvals:
Sponsor Approval
Name
Date
Approved
Document Distribution
This document will be distributed to:
Name
Job Title
Email Address
All CDC Security Staff
Information Security Specialist
4. Contributors
Development of this policy was assisted through information
provided by the following organization:
· CDC and Department of Defense, Health and Homeland
Security
Table of Contents
Policy Statement4
1Purpose4
2Objective4
3Scope5
4Compliance5
5Terms and Definitions7
6Risk Identification and Assessment7
7Policy8
Policy Statement
The Center for Disease and Control mission is to protect
America from health, safety and security threats, both foreign
and in the U.S whether the diseases starts at home or abroad,
are chronic or acute, curable or preventable, human error or
deliberate attack, it fights disease and supports communities and
citizens to do the same. It is this sensitive mandate that makes
CDC infrastructure critical. CDC is both a source and
repository of information.
It is thus critical to secure the information and control access to
5. it, not to mention what information departs the organisation.
CDC has to contend with IT regulations and laws that control
how sensitive information is used. Given the sources of some
of this information, CDC has to contend with the threat of this
information being compromised since not all its operations are
in one place. Thus CDC conducts critical science and provides
health information that protects the nation against expensive
and dangerous health threats and responds when these arise.
Unfortunately in life, things do not always follow the ideal and
predictable path. Actions may conspire to affect the smooth
running of CDC and at the worst case, the relocation to a new
site and the continuation of the work that was being done. With
the increased security threat, CDC finds itself not able to avoid
having to plan for instances where its operations may be
disrupted. The plan in intended to achieve efficient and
effective operational continuity in order to have all data
recovered and restored thus firewalling critical operations. This
plan is referred to as the business continuity plan.Purpose
Given the identified risks referred to above, the document is
developed for the sole purpose of offering a roadmap to be
followed by CDC to recover and restore its operations. The
business continuity plan is to be activated should the center be
hit by a natural disaster, emergency or deliberate external
system attack.Objective
The following are the objectives of the policy:
· To achieve and uphold the highest level of security within the
CDC campus in order to guarantee sensitive and essential
information that addresses health concerns is not access by
authorised person – in person or virtually.
· To guarantee minimal disruption of processes and rapid
recovery of decisive operations and or systems.
· To pinpoint and rank operations, processes and systems to
reinstate essential systems and functions that maximise the
operational and availability of activities.
· To pinpoint the Key CDC personnel whose central task will be
6. to activate the recovery and restoration process that will make
sure communication channels are established and fidelity of all
security systems.
· To point out the critical third party vendors who can and
should be relied upon to actualise the success of the business
continuity and recovery plan.Scope
The scope refers to all the aspects covered by the business
continuity plan policy. These include and not confined to
functions, locations, resources and personnel.
Functions: This is demarcated by assignments or departments.
The functions are not cast on stone and will change from time to
time.
Location: The CDC main campus and all other satellite
locations all over the world. This will ensure breaches do not
emanate from within the system in remote sites.
Business Units: All Projects and Assignments and Satellite
locations globally.
Activities: All activities conducted by the projects,
assignments and satellite locations globally.
Stakeholders: All project, assignment and satellite location
staff globally.
Resources: All ICT assets, information systems, office
buildings, equipment, and people. (Drewitt, 2013)Compliance
a. Identify the measures which will be taken to ensure
compliance with this policy (e.g. audits, compliance reporting,
exception reporting, etc.)
Development of the business continuity IT security policy will
be an effort in futility if the policies are not complied with.
Ideally compliance will be individual driven. This is designed
to reduce the need to oversight each assignment, project or
satellite location for adherence. The local staff are empowered
to appreciate the important of the policy and how and when to
put it into action. They are also empowered to understand, who
does what when and how their actions or lack of, affect other
people within and without the project, assignment or satellite
7. station.
When this is engrained into all the CDC staff, actions intended
to ensure compliance become beneficial to the organizations.
The staff no longer see the exercise of confirming conformity as
antagonistic, but as contributing to the achievement of each
individually task. Audits will be conducted regularly to check
on conformity levels and pick up on improvement of
impediments flagged. These audits will be supported by
compliance reports prepared by the IT security head at the
project, assignment or satellite location globally. This will be
on occasion be accompanied by exception reporting for cases
where the policy was not followed strictly. This is possible
since all staff appreciates the role security plays and also
understands that the policy is not meant to curtail an
individual’s work but to protect it. Thus even when the policy
is circumvented, the exception report must be accompanied by a
comprehensive report with clear reasoning as to why it was
necessary to deviate from the policy.
b. Identify the sanctions which will be implemented for
compliance failures or other violations of this policy.
Given the sensitivity of the activities at CDC, compliance with
the policy will be of utmost importance. Despite empowerment
of all staff to appreciate the role the policy plays, and having
empowered them to make adjustments when they evaluate it to
be absolutely critical to their work, when their reasoning does
not meet the threshold then sanctions must be enforced. The
sanctions for non compliance and violations of the policy will
be wide and varied. When the action does not cause any
discernable harm but is still a violation, the violator must be
summoned by their supervisor and reminded on the need to
adhere to the policy. If this is the first offence, the matter will
be considered addressed. Should this be repeated, the staff must
be cited and this citation placed in their human resource file.
Where the compliance failure or violation causes the
organisation to suffer loss – financial or otherwise, the culprit
must be sanctioned severely. This could range from loss of
8. employment, financial restitution for the loss incurred by the
organisation or serve jail time. The choice of sanction to be
applied will be influenced by the seriousness of the compliance
failure or violation.
c. Include information about how to obtain guidance in
understanding or interpreting this policy (e.g. HR, corporate
legal counsel, etc.)
Considering the sanctions that will be enforced will be punitive
– in some instances, it is important that the interpretation be
guided the relevant department that care for the staff welfare.
The HR department will give guidance as to what sanction will
not contravene the policies that guide the department.
Interpretation of the sanction will be guided by how the
organisation has set out to care for its staff. Similarly, the
corporate legal counsel department will be consulted and
guidance sort where the sanction is with regards to a policy
violation of non compliance that has resulted in sever loss to
the organization and the HR is recommending legal prosecution.
This guidance will be critical in laying bear the consequence of
the violation or non compliance to the organisation, as it will
the lay the foundation of a criminal prosecution of those
responsible.Terms and DefinitionsRisk Identification and
Assessment
a. Identify the risks which could arise if IT security
requirements are not included in business continuity planning
and subsequent operations.
A number of risks could arise if IT security requirements are
not included in business continuity planning and subsequent
operations. Some of this will include
1. Failure to cover IT security basics: This will more often than
not be ignored or assumed. It thus exposes the organisation to
exploits and vulnerabilities that can be easily used by hackers to
compromise the organisation. Actions like not updating the
browser used or adobe flash player are the higher exploited.
With the multiplying aggressiveness of exploits emanating from
the world wide web, achieving protection will require constant
9. education on the dangers and taking actions that minimize if not
eliminate thus risk, within the confines of available resources.
2. Not understanding the source of IT security risks: This is
closely tied in with a poor appreciation of the value of the
critical assets coupled with the potential attackers’ profile. It’s
critical to appreciate that IT security risk is not generated by
technology alone. Psychological and sociological aspects do
play significant roles to. Thus the organisation culture need to
be aligned which in turn affects the amount of resources
allocated to this endeavor.
3. Confusing compliance with IT security: This is evident when
there is confusion between compliance and the IT security
policy. Compliance to organisation rules does not necessarily
mean protection against hacker attacks. Compliance needs to
encompasses an IT security management system capable of
allowing management to oversee data flow within the system
thus protection confidential information from leakage to
unwanted sources.
4. Bring your own device policy (BYOD) and the cloud: This is
especially critical for the different projects, assignments and
satellite locations globally. Globally, it has been found that a
sizable number of respondents pointed to mobility as the root
cause of a breach. The increased mobility coupled with users
flooding the networks with access devices h as the unintended
result of providing many paths for exposing data and
application risks (Bourne, 2014)
b. Identify and describe the impacts of such risks (include an
assessment of the possible severity for each impact).
1. Failure to cover IT security basics: This will have the impact
of multiplying aggressiveness exploits emanating from the
World Wide Web. This failure will result in severe impact on
the organisation. This is because; the failure will have resulted
from the organisation not setting policies that guide information
risk management.
2. Not understanding the source of IT security risks: The effect
of this risk will be significant to the organisation. Its severity
10. will be especially considerable given it will have resulted from
a lack of training or new and current employees on security.
3. Confusing compliance with IT security: Confusion will breed
increased risk. It is unfortunate with organisation suffers from
confusion given the effect of this risk could have been
eliminated if not avoided by patching security systems.
4. Bring your own device policy (BYOD) and the cloud: In as
much as personal devices allow for flexibility and ease of work,
it does expose the organisation to risk since it cannot have
control of where the devices are used outside the work
environment. The risk is especially severe thus the need for the
organization to institute policies for BYOD security.Policy
1. To cover for cyber security basics, all IT hardware and
software will be programmed to update themselves at the
beginning of the day, before they are used. This policy will be
implemented by each individual staff for the IT equipment
allocated to them. The IT security manager in-charge of the
project, assignment or satellite location will have overall
responsibility for the enforcement of the policy. The manager
will regularly and constantly educate the staff of the dangers
and the resources available to them to protect them from the
identified dangers.
2. To address the source of CDC’s IT security risks, the
organisation will regularly refresh its staff on the value it
attaches to the critical assets and the dynamic profile of
potential attackers. This should cover the organisation from
malware, viruses and intrusions, outside attack, user error,
cloud apps for service usage, phishing among others. By
incorporating sociological and psychological aspects in the
training, CDC will engrain its culture into its staff. This culture
should in turn be supported by the requisite resources to benefit
the organisation.
3. To avoid confusion in complying with IT security policies,
rules must be adhered to, to the letter. Further the information
security management system will allow managers oversee data
flows within the system. This should greatly enhance
11. protection of confidential information from unwanted sources.
4. The Bring Your Own Devices (BYOD) and cloud policy will
not seek to impede the staff flexible working environment or
conditions. This will instead contribute very significantly to
preventing security breaches. For the case of cloud computing
the policy will give the due attention given its important and the
vulnerabilities it comes with.
8 References
Dewitt, T. (2013). A Manager's Guide to ISO22301: A Practical
Guide to Developing and
Implementing a Business Continuity Management System
Bourne, V (2014) Protecting the Organisation Against the
Unknown: A New Generation of Threats, accessed February 13,
2016 from http://software.dell.com/documents/protecting-the-
organization-against-the-unknown-whitepaper-27396.pdf
Zaharia, A (2015) 10 Cyber Security Risks That Might Affect
Your Company, accessed February 13, 2016 from
https://heimdalsecurity.com/blog/10-critical-corporate-cyber-
security-risks-a-data-driven-list/
Schiff, J, L (2015) 6 Biggest Security Risks and How You Can
Fight Back, accessed February 13, 2016 from
http://www.cio.com/article/2872517/data-breach/6-biggest-
business-security-risks-and-how-you-can-fight-back.html
Kaspersky Lab (2015) Global IT Security Risks Survey 2015,
accessed February 13, 2016 from
http://media.kaspersky.com/en/business-security/it-security-
risks-survey-2015.pdf
NIST (2011) Managing Information Security Risk:
Organizations, Mission and Information System View, accessed
February 13, 2016 from
http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-
final.pdf
NSCS (2013) Cyber Security and Risk Management: An
Executive Level Responsibility, accessed February 13, 2016
13. Document Control
Organization
White House
Title
White House IT Security Staff BCP Policy
Author
Owner
Security Staff Manager
Subject
Business Continuity Plan Policy
Review date
Revision History
Revision Date
Reviser
Previous Version
Description of Revision
No Revisions
Document Approvals
This document requires the following approvals:
Sponsor Approval
Name
Date
Approved
14. Document Distribution
This document will be distributed to:
Name
Job Title
Email Address
All White House Security Staff
Information Security Specialist
Contributors
Development of this policy was assisted through information
provided by the following organization:
· White House and Department of Defense
Table of Contents
Policy Statement3
1Purpose4
2Objectives4
3Scope4
4Business Impact Analysis (BIA)5
5Business Continuity Planning Personel5
6 Business Continuity Planning
Procedures……………………………………………… . … 5
6.1 Events
…………………………………………………………………………
……… 6
15. 6.2
Vendors………………………………………………………………
………………….. 6
6.3
Task……………………...……………………………………………
………………... 6
6.3 Timleine 7
7 Testing and
Maintenance…………………………………………………………
………... 7
8
References……………………………………………………………
…………………….. 7
Policy Statement
The United States of America and its military rely on the
confidentiality, integrity, and availability of accurate
information stored in information systems to proactively
prepare and defend the nations critical infrastructures and
protect national security.
In the event of natural disasters and/or attacks from malicious
hacktivist it is imperative that the White House IT Security
Staff has a quick, efficient, and effective business continuity
plan to recover and restore data to ensure critical operations are
not impacted. The business continuity plan is needed to
continue the White House and military operations efforts to
strategize and protect it critical infrastructures and citizens.
Purpose
The purpose of this document is to outline the
necessaryprocedures and steps to recover and restore business
operations within the White House in the event of a natural
disaster, emergency, or system attack from external sources.
Objective
The following ae the objectives of the policy:
16. · To maintain the highest amount of national security through
the availability of critical and sensitiveinformationconcerning
military operations, critical infrastructure, and foreign relations.
· To ensure minimal impact to resources and immediate
recovery of critical systems and operations.
· To identify and prioritize systems, processes, and operations
to restore critical functions and systems to maximizeavailability
and operational activities.
· To identify key White House Securitypersonnelresponsible for
the restoration and recovery process to ensure immediate
contact is available in case of an emergency event.
· To Identify third party vendors needed to help attain
successful businesscontinuity and recovery planning.
Scope
The scope describes all locations, functions, personnel, and
resources affected by the business continuity plan policy:
Locations: White House IT Department, The White House, The
Sun Guard Hot Site, Herndon, VA
Business Units: All Business Units
Activities: All Actives conducted by business units
Stakeholders: Chain of Command, Vendors, and White House
Staff
Resources: All telecommunication assets, information systems,
office buildings, equipment, and people. (Drewitt,
2013)Business Impact Analysis
The Business Impact Analysis (BIA) will assess the financial,
operational impact, and recovery time objectives (RTO) needed
to restore critical systems, process, and operations. The BIA
will be conducted by assuming the worst case scenario due to he
high level of exposure the White House presents. The BIA will
be conducted in the event of an immediate shutdown of all
functions and resources to analyse the recovery time and
resources needed to restore critical systems and operations
(ISACA, n.d.). The BIA will estimate the level of impact the
17. White House will be willing to accept. The impact range is as
follows:
Very High- Impact could cripple the White House and
potentially cause catastrophic loses.
High – Impact exceeds the White House’s Executives tolerance
and could threaten National Security.
Medium – Impact will cause major harm to critical systems and
operations and threaten National Security
Low – Impact results in the temporary loss of critical systems
and operations and could harm critical infrastructure.
Very Low – Impact results in minor loss of operations and does
not threaten critical infrastructure.
The White House’s level of tolerance is: Very Low.
Business Continuity Planning Personnel
The following are the personnelthat can be immediate contacted
in the event the business continuity plan activation:
IT Security Manager: smith, IT Security Section, ph #
Lead IT Security Specialist: Jerry Mayweather, IT Security
Sections, ph #
IT Security Specialist: Ethan Snowden, It Security Department,
ph #
The following personnel are to be immediately contacted
secondary to the above mentioned personnel:
CISO: John Stamens, IT Department, ph #
CIO: Randy Howitzer, IT Department, ph #Business Continuity
PlanningProcedures
The business continuity planning procedures are to be followed
immediately in the event the businesses continuity plan is
activated.
Events
The following the events that may occur in which the BCP
should be immediate activated to minimize the loss of
availability of critical systems and operations:
Equipmentfailure, disruption of power supply or
18. telecommunication application failure corruption ofdatabase,
human error, sabotage, malicioussoftware attacks, hacking,
social unrest, terrorist attack, fire, or natural disasters (SANS,
2002).
Vendors
The below list are approved vendors that are critical to the day
to day operations and should be contacted immediately in the
event of a BCP activation:
1. Sun Guard – BCP Documentation and Hot Ste resource
2. AppNomic – Backup and fail over solutions
3. Amazon – Cloud Services
6.3 Task
The followingshould be taken in the event the BCP is activated:
1- Contact The IT Security Manager and give a situation report.
2- Retrieve BCP documentation
3- IT SecurityManager will determine the type of event and
determine which department or function within the White House
will activate their BCP.
4- If impact level is designated as Medium or Higher IT
personnel will relocate to the designated hot site:
a. Hot Site location will
b. The Hot Site representative will be immediately contact at:
c. Hot Site will provide all hardware and needs, however IT
personnel will bring all backup tapes, laptops, and critical
servers within the IT data center of the Hot Site.
5- All secondary BCP personnel will be contacted and briefed.
6- A final determination of event will be formally announced
and appropriate chain of command will be notified.
Timeline
The following is the timeline in which all major task will be
19. competed, the total time for completion i3 3 hours. Each
timeframe is a:
· Contact IT Manager: 10 Minutes (Total: 10 minutes)
· Retrieve BCP Documentation: 5 minutes (Total: 15 minutes)
· IT Manager event determination: 30 Minutes (Total: 45
minutes)
· Relocation to Hot Site: 1 ½ hours (Total: 2 hours 15 minutes)
· All secondary personnel are called and briefed: 15 Minutes
(Total: 2 hours 30 minutes)
· Chain of Command is notified: 30 Minutes (Total: 3
hours)Testing and Maintenance
The following are is the criteria for testing and maintenance to
ensure continuous training and BCP compliance:
· BCP rehearsal should be conducted annually at least one to
provide awareness and accuracy.
· Business unit level exercise should be conducted every two
years.
· Executive management exercises should be conducted every
three years. (Drewitt, 2013)
8 References
Dewitt, T. (2013). A Manager's Guide to ISO22301: A Practical
Guide to Developing and
Implementing a Business Continuity Management System
ISACA (n.d.). Business Continuity Planning. Retrieved from:
http://www.isaca.org/Groups/Professional-English/business-
continuity-disaster-recovery-
planning/GroupDocuments/Business_Impact_Analysis_blank.do
c
SANS (2002). Introduction to Business Continuity Planning.
Retrieved from:
http://www.sans.org/reading-
room/whitepapers/recovery/introduction-business-continuity-
planning-559
Sun Guard (2015). Availability Services Herndon Workgroup.
21. over time). The larger the organization, the more important it is
that policies exist which will guide DR/BCP planners through
the planning and implementation processes. For this assignment,
you will be writing one such policy – guidance for DR/BCP
planning for a particular data center.
DR/BCP policies for the enterprise (the entire organization)
establish what must be done by the organization in order to
develop its DR/BCP strategies, plans, and procedures. Table 4-1
provides a simplified list of phases and required activities for
the planning process. Depending upon the level of detail
covered by the policy, this information could be in the policy
itself or covered in another document, which the policy refers
to. The required content for the DR/BCP plan may also be
presented in the policy or, more likely, it will be provided in an
appendix or separate document. A typical outline for the plan is
presented in Table 4-2.
Sometimes, it is necessary to create supplementary policies,
which address specific circumstances or needs, which must be
accounted for in the DR/BCP planning process and throughout
the management of the DR/BCP program. For this assignment,
you will be developing one such policy – the Business
Continuity IT Security Policy. The “Tasks” section of this
assignment explains the content requirements for your policy.
Table 4-1. Disaster Recovery / Business Continuity Planning
Phases (adapted from
http://www.ready.gov/business/implementation/continuity )
Phase 1: Business Impact Analysis
· Survey business units to determine which business processes,
resources, and capital assets (facilities, IT systems) are critical
to survival of business
· Conduct follow-up interviews to validate responses to survey
& obtain additional info
Phase 2: Develop Recovery Strategies
· Identify resource requirements based on BIAs
· Perform gap analysis (recovery requirements vs current
capabilities)
22. · Investigate recovery strategies (e.g. IaaS, PaaS, Alternate
Sites)
· Document & Implement recovery strategies (acquire / contract
for products & services)
Phase 3: Develop Business Continuity Plan
· Develop plan framework (follow policy)
· Identify personnel forDR/BCP teams
· Develop Recovery and/or Relocation Plans
· Write DR/BCP Procedures
· Obtain approvals for plans & procedures
Phase 4: Testing & Readiness Exercises
· Develop testing, exercise and maintenance requirements
· Conduct training for DR/BCP teams
· Conduct orientation exercises for staff
· Conduct testing and document test results
· Update BCP to incorporate lessons learned from testing and
exercises
Table 4-2. Outline for a Business Continuity Plan
Purpose: to allow company personnel to quickly and effectively
restore critical business operations after a disruption.
Objective: to identify the processes or steps involved in
resuming normal business operations.
Scope: work locations or departments addressed.
Scenarios: (a) loss of a primary work area, (b) loss of IT
services for a prolonged period of time, (c) temporary or
extended loss of workforce, etc.
Issues, Assumptions, and Constraints: (a) restore in place vs.
transfer operations to alternate site, (b) availability of key
personnel, (c) vendor or utility service availability, (d)
communications, (e) safety of life issues, etc.
Recovery Strategy Summary: In this section, a plan will
typically outline the broad strategies to be followed in each of
the scenarios identified in the plan Introduction section. As an
example, if “loss of work area” is identified as a possible
failure scenario, a potential recovery strategy could be to
23. relocate to a previously agreed-upon or contracted alternate
work location, such as a SunGard work area recovery center.
Recovery Tasks: This section of the plan will usually provide a
list of the specific recovery activities and sub-activities that
will be required to support each of the strategies outlined in the
previous section. For example, if the strategy is to relocate to
an alternate work location, the tasks necessary to support that
relocation effort could include identifying any equipment needs,
providing replacement equipment, re-issuing VPN tokens,
declaration of disaster, and so on.
Recovery Personnel: Typically, a BC/DR plan will also identify
the specific people involved in the business continuity efforts,
for example, naming a team lead and an alternate team lead, as
well as the team members associated with any recovery efforts.
This section of the plan will also include their contact
information, including work phone, cellphone, and email
addresses. Obviously, because of any potential changes in
personnel, the plan will need to be a “living” document that is
updated as personnel/workforce changes are made.
Plan Timeline: Many plans also include a section in the main
body that lays out the steps for activating a plan (usually in the
form of a flow chart). For example, a typical plan timeline
might start from the incident detection, then flow into the
activation of the response team, the establishment of an incident
command center, and notification of the recovery team,
followed by a decision point around whether or not to declare a
disaster. A plan timeline may also assign the recovery durations
or recovery time objectives required by the business for each
activity in the timeline.
Critical Vendors and their RTOs: In this section, a plan may
also list the vendors critical to day-to-day operations and
recovery strategies, as well as any required recovery time
objectives that the vendors must meet in order for the plan to be
successful.
Critical Equipment/Resource Requirements: A plan may also
detail the quantity requirements for resources that must be in
24. place within specified timeframes after plan activation.
Examples of resources listed might include workstations,
laptops (both with and without VPN access), phones, conference
rooms, etc.
Tasks
The Business Continuity Security Policy is being written by you
as the data centerfacility manager. This supplementary DR/BCP
policy will be used to ensure that needed security controls are
restored and functioning as designed in the event that the
business continuity plan is activated. These controls must
ensure that information, information systems, and information
infrastructure (e.g. networks, communications technologies,
etc.) are protected to the same level as required during normal
business operations. Your policy must ensure that security
requirements are adequately addressed during all four phases of
the Business Continuity Planning process (see Table 4-1).Your
policy must also addressrequired content (sections) for the
DR/BCP plan (see Table 4-2) even if that means requiring
modifications to standard sections of the document or even
adding sections.
Your policy must also address the roles and responsibilities for
data center recovery operations. During recovery operations, the
data center manager and recovery team personnel (including
system administrators and network engineers) must ensure that
IT systems and services, including required IT security controls,
are operational within the required Recovery Time Objectives
and Recovery Point Objectives. These metrics are established
using the results of the BIA and are included in the DR/BCP
plans. These metrics are used to determine the restoral order for
systems and services and guide the selection and
implementation of recovery strategies. The metrics also provide
performance criteria for outside vendors and service providers
from whom your organization purchases or will purchase IT
services and products to implement its recovery strategies.
Recovery Time Objective: the maximum time allowed to restore
critical operations and services after activation of the business
25. continuity plan. Different RTO’s may be set for different IT
systems and services.
Recovery Point Objective: the point in time to which you must
restore data during startup operations for DR/BCP(used to
determine backup frequency for data during normal operating
periods and the maximum allowable amount of “lost data”
which can be tolerated).
Your Business Continuity Security Policy must address the
requirement to set appropriate RTO and RPO metrics for
hardware and software, which provide IT security controls. For
example, if the data center relies upon an Active Directory
server to implement role based access controls, that server
should have both an RTO and an RPO and be listed in the
business continuity plan.
The primary audience for your policy will be the CIO and CISO
staff members who are responsible for developing IT business
continuity plans.Your policy will be communicated to other
personnel and to the senior managers who are ultimately
responsible for the security of the organization and its IT assets.
These managers include: CEO, CIO/CISO, and CSO. The policy
must be approved and signed by the CEO and CIO of the
organization.Tasks:
1. Review the Contingency Planning control family and
individual controls as listed in NIST SP 800-53.(See Table 4-3).
Identify policy statements, which can be used to ensure that the
required controls are in place before, during, and after business
continuity operations. (For example, for CP-6 your policy
statement should require that IT security requirements be
included in plans / contracts involving alternate storage sites for
critical business data.) You must address at least 5 controls
within the CP control family.Table 4-3. Contingency Planning
Control Family (from NIST SP 800-53)
2. Review the phases in the Business Continuity Planning
Process (see Table 4-1). Identify policy statements which can be
used to ensure that IT security requirements are addressed
26. during each phase. These statements should include ensuring
that RTO/RPO objectives for security services will be addressed
during the planning process. (You may wish to include these as
part of your policies for implementing CP-1, CP-2, CP-3, and
CP4).
3. Review the outline for a Business Continuity Plan (Table 4-
2). Analyze the outline to determine specific policy statements
required to ensure that the required CP controls and any
additional or alternative IT security measures (e.g. controls
required to implement CP-13) are set forth in a business
continuity plan.(Your policy statements will tell Business
Continuity Planners where and how to “build security in.”)
4. Write your Business Continuity Security Policy usingthe
outline in Table 4-4. You must tailor your policy to the subject
of IT Security Requirements for the Business Continuity
program and address the required controls and actions identified
during steps 1-3.Table 4-4. Outline for an IT Security Policy
I. Identification
a. Organization: [name]
b. Title of Policy: Data Center Business Continuity Policy
c. Author: [your name]
d. Owner: [role, e.g. Data Center Manager]
e. Subject: Business Continuity for [data center name]
f. Review Date: [date submitted for grading]
g. Signatures Page: [authorized signers for the policy: CEO,
CISO, Data Center Manager]
h. Distribution List
i. Revision History
II. Purpose
a. Provide a high level summary statement as to the policy
requirements which are set forth in this document.
III. Scope
a. Summarize the business continuity activities and operations
that this policy will apply to.
b. Identify who is required to comply with this policy.
IV. Compliance
27. a. Identify the measures which will be taken to ensure
compliance with this policy (e.g. audits, compliance reporting,
exception reporting, etc.)
b. Identify the sanctions which will be implemented for
compliance failures or other violations of this policy.
c. Include information about how to obtain guidance in
understanding or interpreting this policy (e.g. HR, corporate
legal counsel, etc.)
V. Terms and Definitions
VI. Risk Identification and Assessment
a. Identify the risks which could arise if IT security
requirements are not included in business continuity planning
and subsequent operations.
b. Identify and describe the impacts of such risks (include an
assessment of the possible severity for each impact).
VII. Policy
a. Present policies which will ensure that IT security is
addressed
i. In all phases of DR/BCP planning
ii. In all relevant sections of the DR/BCP plan
iii. By requiring implementation of relevant NIST guidance, e.g.
controls from the CP family
iv. By specifying roles and responsibilities for IT security
during data center recovery operations
v. Using RTO/RPO metrics for restoral of IT security services
and functions
b. Include an explanatory paragraph for each policy statement.
5. Prepare a Table of Contents and Cover Page for your policy.
Your cover page should include your name, the name of the
assignment, and the date. Your Table of Contents must include
at least the first level headings from the outline (I, II, III, etc.).
6. Prepare a Reference list (if you are using APA format
citations & references) or a Bibliography and place that at the
end of your file. (See Item #3 under Formatting.) Double check
your document to make sure that you have cited sources
appropriately. Formatting:
28. 1. Cite sources using a consistent and professional style. You
may use APA formatting for citations and references. Or, you
may use another citation style includinguse of footnotesor end
notes. (Citation requirements for policy documents are less
stringent than those applied to research papers. But, you should
still acknowledge your sources and be careful not to plagiarize
by copying text verbatim.)You are expected to write
grammatically correct.Criteria and Steps to follow (Below in
bold are subheadings)
***Please make sure three reference sites per subheading.***
Policy Outline & Body
Provided an excellent IT Security Policy, which clearly,
concisely, and accurately presents all required information (see
outline in assignment for sections, fields, and content
requirements). Presentation of information is organized in a
logical fashion and uses 3 or more tables to group related
information for presentation. All required fields under each
section are listed and filled in (e.g. Owner Name in ID Section
has a name filled in.)
Policy Section: DR/BCP Planning Phases
Presented an excellent policy statement or statements, which
will ensure that IT Security is addressed during all four phases
of the DR/BCP planning process.Policy statement(s) and
supporting explanations are clear, concise, and accurate. Use
and cited at least two authoritative sources.
Policy Section: IT Security in DR/BCP Plan
Presented an excellent policy statement or statements which
will ensure that IT Security is addressed within DR/BCP plans.
Identified and discussed five or more sections of the plan (using
outline from assignment) which must address requirements for
IT Security during recovery operations.Policy statement(s) and
supporting explanations are clear, concise, and accurate. Use
and cited at least two authoritative sources.
Policy Section: IT Security Roles & Responsibilities in DR/BCP
Plan
Presented an excellent policy statement or statements which
29. will ensure that roles and responsibilities for IT Security are
addressed within DR/BCP plans. Identified and discussed five
or more sections of the plan (using outline from assignment)
which must address who is responsible for ensuring IT security
during recovery operations.Policy statement(s) and supporting
explanations are clear, concise, and accurate. Use and cited at
least two authoritative sources.
Policy Section: Security Controls during DR/BCP Planning,
Implementation, & Execution (NIST CP Family)
Presented an excellent policy statement or statements which
will ensure that NIST recommended security controls for
Contingency Planning (CP family) are addressed as part of
DR/BCP planning, implementation, and execution.Identified and
discussed five or more controls from the CP family which
should be implemented (using NIST SP 800-53 guidance) to
ensure adequate IT security during recovery operations.Policy
statement(s) and supporting explanations are clear, concise, and
accurate. Use and cited at least two authoritative sources.
Crediting Sources
Work credits all sources used in a professional manner using
APA format citations/references, footnotes with publication
information, or endnotes with publication information. Provides
a Bibliography or "Works Cited" if not using APA format.
Publication information is sufficient to retrieve all listed
resources.