The document summarizes Target Corporation's 2013 data breach where hackers stole payment card details of up to 70 million customers. It discusses how Target failed to act on warnings from security firm FireEye about malware on its systems, which allowed hackers to install programs that stole credit card data from cash registers in stores. As a result of the breach, Target faced lawsuits, lost customers, and its CEO resigned. The document then provides recommendations for improving Target's security, including implementing EMV chip cards, security training for employees, and an alert system to detect suspicious account activity.
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
Target suffered a major data breach in 2013 that compromised over 70 million customer payment records. Hackers were able to infiltrate Target's network through an HVAC system and install malware on cashier systems to steal credit card data. Target was alerted multiple times by security firm FireEye that malware was present but failed to act, allowing the breach to continue. In response, Target implemented new security measures like credit cards with chips, security training for employees, and an incident response plan to prevent future breaches.
Cyber risks troubling organisations
The document discusses data breaches, how they occur, and common types like insider leaks and payment card fraud. It provides a case study on Anthem, a large US health insurer that suffered a major data breach in 2015 affecting 80 million customers. Anthem ultimately paid $115 million to settle lawsuits. The document concludes with lessons learned from the Anthem breach and recommendations for preventing data breaches like maintaining system documentation, having an IT security framework, and conducting continuous auditing.
Cyber threat intelligence aims to help companies understand and address cybersecurity threats. It involves collecting and analyzing information on current and potential cyber attacks from sources like malware analysis and human intelligence. There are three main types of threat intelligence: strategic intelligence for executives, tactical intelligence for IT professionals, and operational intelligence from active attacks. Uncovering threats through cyber threat intelligence can help identify security issues like malware infections and prevent costly data breaches and ransomware attacks. The intelligence gathering process typically involves four phases: planning, data collection, threat analysis, and responding to threats.
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
In digital media trust is everything, without it your business model doesn’t work. Cybersecurity can be a key component, ensuring the integrity of your services. Check out this brief guide to securing your data.
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
The document discusses warning signs that a business's information security may be at risk. It outlines 7 signs that a network or data systems have been compromised, including devices slowing down or crashing, unexplained pop-up windows, and backup failures. The biggest warning sign is having no record that all computers and devices are adequately protected. Strong security requires balancing network access with protection measures and finding expertise to continuously update defenses against evolving threats. Outsourcing to an IT security partner can help identify and address vulnerabilities.
This document discusses intelligence driven fraud prevention strategies. It notes that fraud prevention has become more complex due to evolving threats from cybercriminals. An intelligence driven approach uses visibility, analytics, and risk-based authentication to balance security, user experience, and organizational risk tolerance. The approach analyzes user behavior and device data across channels to detect anomalies and take targeted action.
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
Target suffered a major data breach in 2013 that compromised over 70 million customer payment records. Hackers were able to infiltrate Target's network through an HVAC system and install malware on cashier systems to steal credit card data. Target was alerted multiple times by security firm FireEye that malware was present but failed to act, allowing the breach to continue. In response, Target implemented new security measures like credit cards with chips, security training for employees, and an incident response plan to prevent future breaches.
Cyber risks troubling organisations
The document discusses data breaches, how they occur, and common types like insider leaks and payment card fraud. It provides a case study on Anthem, a large US health insurer that suffered a major data breach in 2015 affecting 80 million customers. Anthem ultimately paid $115 million to settle lawsuits. The document concludes with lessons learned from the Anthem breach and recommendations for preventing data breaches like maintaining system documentation, having an IT security framework, and conducting continuous auditing.
Cyber threat intelligence aims to help companies understand and address cybersecurity threats. It involves collecting and analyzing information on current and potential cyber attacks from sources like malware analysis and human intelligence. There are three main types of threat intelligence: strategic intelligence for executives, tactical intelligence for IT professionals, and operational intelligence from active attacks. Uncovering threats through cyber threat intelligence can help identify security issues like malware infections and prevent costly data breaches and ransomware attacks. The intelligence gathering process typically involves four phases: planning, data collection, threat analysis, and responding to threats.
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
In digital media trust is everything, without it your business model doesn’t work. Cybersecurity can be a key component, ensuring the integrity of your services. Check out this brief guide to securing your data.
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
The document discusses warning signs that a business's information security may be at risk. It outlines 7 signs that a network or data systems have been compromised, including devices slowing down or crashing, unexplained pop-up windows, and backup failures. The biggest warning sign is having no record that all computers and devices are adequately protected. Strong security requires balancing network access with protection measures and finding expertise to continuously update defenses against evolving threats. Outsourcing to an IT security partner can help identify and address vulnerabilities.
This document discusses intelligence driven fraud prevention strategies. It notes that fraud prevention has become more complex due to evolving threats from cybercriminals. An intelligence driven approach uses visibility, analytics, and risk-based authentication to balance security, user experience, and organizational risk tolerance. The approach analyzes user behavior and device data across channels to detect anomalies and take targeted action.
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
This document provides guidance for lawyers on data security issues and how to help clients meet data security standards. It discusses how lack of security knowledge is common among both personal and enterprise computer users. Various threats like viruses, worms, Trojans, bots, and spyware/adware are described. Examples of data security risks include loss of portable devices containing personal information, insecure home networks that employees access for work, and insecure disposal of physical documents and digital media. The document advises evaluating security controls and investing in tools to detect breaches and audit compliance.
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
The CEO has tasked you with developing an identity theft response plan for your financial organization. This plan will outline procedures for responding to potential cyberattacks involving theft or compromise of customers' personally identifiable information (PII). You will need to consider responses to both internal incidents, like a rogue employee accessing records, and external incidents, such as a hacker breaching systems. The plan will need to address regulatory compliance, communication with leadership and authorities, and recovery of operations should PII be stolen. It will also help the organization avoid damages to its reputation and legal liability in the event of an identity theft incident.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Why is cyber security a disruption in the digital economyMark Albala
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they don’t trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
The document discusses securing and protecting information systems through proper authentication processes and policies. It describes how today's authentication methods must be more secure to protect against threats like password hacking and impersonation. Effective security policies clearly define roles and responsibilities, and use techniques like mandatory access control, role-based access control, and multifactor authentication to regulate access to systems and data. Proper user training and system monitoring are also needed to counter evolving cyber threats.
We are living in a world where cyber security is a top priority for .pdfgalagirishp
We are living in a world where cyber security is a top priority for all governments and
businesses. In fact, last week the United States announced cyber security as its biggest. James
Clapper, the Director of National Intelligence, says that “the world is applying digital
technologies faster than our ability to understand the security implications and mitigate potential
risks.” Hackers are able to get ahead of governments because they are applying technology faster
than many can understand it.
(http://ca.reuters.com/article/technologyNews/idCABRE92B0LS20130312)
These attackers are persistent, and it is important to be aware of the methods used by hackers as
it is an important step towards defending sensitive company data.
When a hacker strikes, the cost to a company could potentially be millions of dollars. Not only
will it affect the bottom line, but hard-earned reputations can be compromised or destroyed.
It is important to recognize the differences between the different kinds of cyber threats: external
and internal. An external, or outsider threat is much trickier to pinpoint. It can be “from someone
that does not have authorized access to the data and has no formal relationship to the company.”
They could be from someone who is actively targeting the company, or accidentally from
someone who found a lost mobile device.
Internal threats are likely to come from an authorized individual that has easy access to sensitive
corporate data as part of their day-to-day duties. This could be anyone working within the
company or acting as a third party representative. The Global Knowledge Blog states that
insiders have a much greater advantage because they have means, motive, and opportunity,
whereas outsiders most often only have a motive.
(http://globalknowledgeblog.com/technology/security/hacking-cybercrime/insider-vs-outsider-
threats/)
When focusing on internal threats, we have made a digital security check list:
Implement an Intrusion Detection System (IDS). These systems act like security cameras
watching a network. They react to suspicious activity by logging off suspect users, or in some
cases, they might reprogram firewalls to snag a possible intrusion.
Implement a log management platform that will centralize all the logs and correlate to find
threats and alert on them.
Stay proactive with Identity Management systems that will monitor high risk or suspicious user
activity by detecting and correcting situations that are out of compliance or present a security
risk.
Be aware of who has keys and access codes to vulnerable information. Monitor the activity
when these spaces are accessed, authorized, or not.
Create safety policies for when employees with these security privileges leave the company or
are terminated. This will reduce the risk of theft due to careless behaviour, or break-ins from
disgruntled employees.
Get employees involved with the security procedures of the company. As a team, you can work
to strengthen your digital security pr.
The document discusses how reducing the "window of compromise" can limit damage from data breaches. It defines the window of compromise as starting when an intruder accesses a network and ending when the breach is contained. On average, vulnerabilities exist for 470 days before exploitation, and then card data is captured for another 176 days. The document provides recommendations for organizations to reduce this window through early detection methods like logging, security testing, employee training, and continual protection measures.
The document discusses insider threats and how to mitigate them. It covers how insider threats can come from employees with malicious intent, but also from inadvertent actions like clicking a phishing link. Insider threats also include third party contractors who are given access to networks. The document provides recommendations for organizations to mitigate insider threats such as conducting background checks, monitoring unusual employee behavior, and escorting outsiders within the company's physical sites. It also discusses the ongoing threat of spam being used to distribute malware and how organizations need to protect their users from inadvertently enabling attacks through emails.
The document discusses insider threats and how to mitigate them. It covers how insider threats can come from employees with malicious intent, but also from inadvertent actions like clicking a phishing link. Insider threats also include third party contractors who are given access to networks. The document provides recommendations for organizations to mitigate insider threats such as conducting background checks, monitoring unusual employee behavior, and escorting outsiders within the company's physical sites. It also discusses the ongoing threat of spam distribution of malware and how organizations need to ensure all users remain vigilant against phishing attempts.
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
The document discusses data breaches and cybersecurity measures to prevent them. It begins by defining a data breach and describing major causes from cases at companies like Adobe, eBay, Facebook, and Myspace. It then discusses types of data breaches like ransomware, denial of service attacks, phishing, malware, insider threats, physical theft, and employee errors. Finally, it proposes cybersecurity measures organized into technical practices, organizational practices, and policies/standards to help prevent future breaches.
The document discusses cyber security threats facing the financial services industry based on data collected by IBM between 2012-2013. It finds that:
1) Financial services firms experience a high rate of cyber attacks and security incidents, with an average of over 111 million security events and 87 incidents annually requiring action.
2) The most common incidents are malicious code (42% of incidents) and sustained probes/scans (28%). Over half of attacks are carried out by a combination of insiders and outsiders.
3) Most attacks (49%) are opportunistic in nature. Preventable factors like misconfigured systems or end-user errors are the primary reasons for security breaches across industries.
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
In today’s digitally interconnected world, the term “data breaches” has become all too familiar. Whether it’s a small-scale business or a multinational corporation, no organization is immune to its threat. These breaches can wreak havoc on a company’s finances, reputation, and customer trust. Understanding what they are, how they occur, and most importantly, how to prevent and respond to them, is paramount for businesses of all sizes.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Replies Required for below Posting 1 user security awarene.docxsodhi3
Replies Required for below :
Posting 1 : user security awareness is the most important element of an organization as we know a single email can result in a multi-million dollar loss through a breach in very short time. that is the primary reason many large organizations have a specific division who deal with the security whose prime task is it identify and prevent security breaches and most interestingly companies like Facebook have one million dollar price reward for ethically breaching their security which helps them identify more ways and prevent them before they occur. speaking of which user security deals with various levels of users as mentioned below.
1. New employees
2. Company executives
3. Traveling Employees
4. IT Employees
5. For all employees
Security awareness should be covered focusing the four above mentioned categories using real-world examples like classroom training, and circulating latest updates in security patches and also articles or suggestions as well as visual examples about security awareness. Training employees by pasting most important security preventions every employee must consider in order to prevent security breach and pasting lastest updates about security measurements in common areas across office space and conduct brainstorm sessions with individual senior staff members to understand their needs and how to apply security awareness across teams.
and second thing is to secure customers who are the core revenue generating people to an organization and its organization's duty to secure customers. The customer is the benefit of any organization. At the present time, where online security turns into an essential, the association must view client's profitable data that movements between the server and the site. By building security culture, the association can spur clients, contractual workers, representatives. A fulfilled client dependably functions as a mouth exposure and will fill in as an advantage of the organization. The association can guarantee their clients that the amount they think about their web assurance. The association ought to likewise distribute a note of wellbeing safety measure on the site for clients while collaborating with the web world.
Posting 2:
Security is a key human thought that has ended up being harder to portray and approve in the Information Age. In rough social requests, security was compelled to ensuring the prosperity of the get-together's people and guaranteeing physical resources. As society has grown more mind-boggling, the centrality of sharing and securing the fundamental resource of data has extended. Before the extension of present-day trades, data security was confined to controlling physical access to oral or created correspondences. The essentials of data security drove social requests to make innovative techniques for guaranteeing their data.
Changes in security systems can be direct. Society needs to execute any new security innovation as a get-together, whic ...
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Assist with first annotated bibliography. Assist with f.docxnormanibarber20063
Assist with first
annotated bibliography
.
Assist with first
annotated bibliography
.
(Thesis topic: Psychotherapy)
. Each submission must also include a brief critique of the source (e.g., how could the study be improved, criticism of the author(s) assertions, ideas for future studies, etc.).
summary of the article, including the purpose/hypothesis of the study, a statement about the participants and methods utilized in the study, results and implications for future research, as well as the methodological limitations/critique of the study.
.
Assistance needed with SQL commandsI need assistance with the quer.docxnormanibarber20063
Assistance needed with SQL commands
I need assistance with the query commands assigned to an assignment. I have the databases properly created and do not need assistance with the commands associated with creating the databases. Here is the complete assignment. I have attached the database information.
The structure of the movies database is as follows:
Director (
DIRNUB
, DIRNAME, DIRBORN, YR-DIRDIED)
STAR (
STARNUB
, STARNAME, BIRTHPLACE, STARBORN, YR-STARDIED)
MOVIE (
MVNUB
, MVTITLE, YRMDE, MVTYPE, CRIT, MPAA, NOMINATIONS, AWRD,
DIRNUB
)
MOVSTAR (
MVNUB
,
STARNUB
, AMTPAID)
MEMBER (
MMBNUB
, MMBNAME, MMBADD, MMBCITY, MMBST, NUMRENT, BONUS, JOINDATE)
TAPE (
TAPENUM,
MVNUB, PURDATE, TMSRNT,
MMBNUB
)
Create Video Store database as discussed in the class. Make sure to correct column widths/types before creating tables. Use SQL to form queries to produce the following reports
:
** List the names and numbers of directors whose names begin with the alphabet ‘K’.
List the tape no, movie title, and the membership number and name of members, who are currently borrowing tapes numbered below 20. Arrange the report in descending order by tape number.
List the names and respective numbers of stars and directors who have worked together.
** List the tape numbers for movies of movie type: ‘HORROR’.
List the name of the director who has received the maximum number of total awards considering all his/her movies: AWRD.
** List the names of all members who have not borrowed any movie currently.
List the movie type and number of tapes for each type in the database.
** For each movie list total how many times it has been rented: TMSRNT.
Report the total times rented (TMSRNT) for each movie type.
The database administrator discovers that the name of director whose number is 7 in the database should be spelt as ‘JOHNNY FORD’. Make corrections to the data.
Delete the movie number 14 and all its tapes. Print both tables to verify.
List all tape numbers and their movie titles, and indicate the member number and member name if the tape is currently rented out.
13. List all tape numbers, and also indicate the member’s city if a tape is currently rented out by a member.
14. Who is the youngest director?
How many movies did he/she direct?
15. Grant access to me (joshi) to your movstar table for select and update.
16. Create a unique index on movstar table.
17. For each movie type list the average age of movies given the current year is 2011.
18. ** Create a view MEMB_TAPES that includes the currently rented movies and the members who are renting them, include movie type.
19. ** Use the view MEMB_TAPES to find all currently rented “COMEDY” type movies and members who are renting them.
20. ** List all tape numbers, along with movie name and member name if rented out (leave member name blank if not rented out).
.
More Related Content
Similar to Intro to Information AssuranceModule 3Chaston Carter0417.docx
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
This document provides guidance for lawyers on data security issues and how to help clients meet data security standards. It discusses how lack of security knowledge is common among both personal and enterprise computer users. Various threats like viruses, worms, Trojans, bots, and spyware/adware are described. Examples of data security risks include loss of portable devices containing personal information, insecure home networks that employees access for work, and insecure disposal of physical documents and digital media. The document advises evaluating security controls and investing in tools to detect breaches and audit compliance.
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
The CEO has tasked you with developing an identity theft response plan for your financial organization. This plan will outline procedures for responding to potential cyberattacks involving theft or compromise of customers' personally identifiable information (PII). You will need to consider responses to both internal incidents, like a rogue employee accessing records, and external incidents, such as a hacker breaching systems. The plan will need to address regulatory compliance, communication with leadership and authorities, and recovery of operations should PII be stolen. It will also help the organization avoid damages to its reputation and legal liability in the event of an identity theft incident.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Why is cyber security a disruption in the digital economyMark Albala
As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.
The digital economy is different than other versions of commerce because in the digital economy, information is the lifeblood of digital commerce that passes through the hands of many platforms involved in a digital event. Each of these platforms are an opportunity to wreak havoc on your well-intended but incomplete intents to protect the information contained within the network you control. In the digital economy, it is not only the network you control, but the platforms that touch the personal data entrusted to you as a means of enabling digital commerce, and several techniques have begun to emerge to protect personal information contained within your information domain and the domain of platforms participating in digital commerce.
Because the life blood of the digital economy is information, information hacked in the digital economy is akin to shrinkage in the legacy economy. Both are means to directly attack your bottom line, whether it is redirecting customers elsewhere because they don’t trust your privacy program, ransomware which makes your site or one of your partner platform sites dangerous to use or some other reason which challenges your ability to participate in the digital economy. Shrinking the potential market share because of information safety and security challenges is a disruption, making cyber-security a disruptive activity, particularly if it is not dealt with swiftly.
If your cyber-security program is focused entirely on protecting the information housed in your four walls, you have exposed yourself to problems you will have difficulty in identifying both the source and the entry point of these issues.
The document discusses securing and protecting information systems through proper authentication processes and policies. It describes how today's authentication methods must be more secure to protect against threats like password hacking and impersonation. Effective security policies clearly define roles and responsibilities, and use techniques like mandatory access control, role-based access control, and multifactor authentication to regulate access to systems and data. Proper user training and system monitoring are also needed to counter evolving cyber threats.
We are living in a world where cyber security is a top priority for .pdfgalagirishp
We are living in a world where cyber security is a top priority for all governments and
businesses. In fact, last week the United States announced cyber security as its biggest. James
Clapper, the Director of National Intelligence, says that “the world is applying digital
technologies faster than our ability to understand the security implications and mitigate potential
risks.” Hackers are able to get ahead of governments because they are applying technology faster
than many can understand it.
(http://ca.reuters.com/article/technologyNews/idCABRE92B0LS20130312)
These attackers are persistent, and it is important to be aware of the methods used by hackers as
it is an important step towards defending sensitive company data.
When a hacker strikes, the cost to a company could potentially be millions of dollars. Not only
will it affect the bottom line, but hard-earned reputations can be compromised or destroyed.
It is important to recognize the differences between the different kinds of cyber threats: external
and internal. An external, or outsider threat is much trickier to pinpoint. It can be “from someone
that does not have authorized access to the data and has no formal relationship to the company.”
They could be from someone who is actively targeting the company, or accidentally from
someone who found a lost mobile device.
Internal threats are likely to come from an authorized individual that has easy access to sensitive
corporate data as part of their day-to-day duties. This could be anyone working within the
company or acting as a third party representative. The Global Knowledge Blog states that
insiders have a much greater advantage because they have means, motive, and opportunity,
whereas outsiders most often only have a motive.
(http://globalknowledgeblog.com/technology/security/hacking-cybercrime/insider-vs-outsider-
threats/)
When focusing on internal threats, we have made a digital security check list:
Implement an Intrusion Detection System (IDS). These systems act like security cameras
watching a network. They react to suspicious activity by logging off suspect users, or in some
cases, they might reprogram firewalls to snag a possible intrusion.
Implement a log management platform that will centralize all the logs and correlate to find
threats and alert on them.
Stay proactive with Identity Management systems that will monitor high risk or suspicious user
activity by detecting and correcting situations that are out of compliance or present a security
risk.
Be aware of who has keys and access codes to vulnerable information. Monitor the activity
when these spaces are accessed, authorized, or not.
Create safety policies for when employees with these security privileges leave the company or
are terminated. This will reduce the risk of theft due to careless behaviour, or break-ins from
disgruntled employees.
Get employees involved with the security procedures of the company. As a team, you can work
to strengthen your digital security pr.
The document discusses how reducing the "window of compromise" can limit damage from data breaches. It defines the window of compromise as starting when an intruder accesses a network and ending when the breach is contained. On average, vulnerabilities exist for 470 days before exploitation, and then card data is captured for another 176 days. The document provides recommendations for organizations to reduce this window through early detection methods like logging, security testing, employee training, and continual protection measures.
The document discusses insider threats and how to mitigate them. It covers how insider threats can come from employees with malicious intent, but also from inadvertent actions like clicking a phishing link. Insider threats also include third party contractors who are given access to networks. The document provides recommendations for organizations to mitigate insider threats such as conducting background checks, monitoring unusual employee behavior, and escorting outsiders within the company's physical sites. It also discusses the ongoing threat of spam being used to distribute malware and how organizations need to protect their users from inadvertently enabling attacks through emails.
The document discusses insider threats and how to mitigate them. It covers how insider threats can come from employees with malicious intent, but also from inadvertent actions like clicking a phishing link. Insider threats also include third party contractors who are given access to networks. The document provides recommendations for organizations to mitigate insider threats such as conducting background checks, monitoring unusual employee behavior, and escorting outsiders within the company's physical sites. It also discusses the ongoing threat of spam distribution of malware and how organizations need to ensure all users remain vigilant against phishing attempts.
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
The document discusses data breaches and cybersecurity measures to prevent them. It begins by defining a data breach and describing major causes from cases at companies like Adobe, eBay, Facebook, and Myspace. It then discusses types of data breaches like ransomware, denial of service attacks, phishing, malware, insider threats, physical theft, and employee errors. Finally, it proposes cybersecurity measures organized into technical practices, organizational practices, and policies/standards to help prevent future breaches.
The document discusses cyber security threats facing the financial services industry based on data collected by IBM between 2012-2013. It finds that:
1) Financial services firms experience a high rate of cyber attacks and security incidents, with an average of over 111 million security events and 87 incidents annually requiring action.
2) The most common incidents are malicious code (42% of incidents) and sustained probes/scans (28%). Over half of attacks are carried out by a combination of insiders and outsiders.
3) Most attacks (49%) are opportunistic in nature. Preventable factors like misconfigured systems or end-user errors are the primary reasons for security breaches across industries.
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
In today’s digitally interconnected world, the term “data breaches” has become all too familiar. Whether it’s a small-scale business or a multinational corporation, no organization is immune to its threat. These breaches can wreak havoc on a company’s finances, reputation, and customer trust. Understanding what they are, how they occur, and most importantly, how to prevent and respond to them, is paramount for businesses of all sizes.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Replies Required for below Posting 1 user security awarene.docxsodhi3
Replies Required for below :
Posting 1 : user security awareness is the most important element of an organization as we know a single email can result in a multi-million dollar loss through a breach in very short time. that is the primary reason many large organizations have a specific division who deal with the security whose prime task is it identify and prevent security breaches and most interestingly companies like Facebook have one million dollar price reward for ethically breaching their security which helps them identify more ways and prevent them before they occur. speaking of which user security deals with various levels of users as mentioned below.
1. New employees
2. Company executives
3. Traveling Employees
4. IT Employees
5. For all employees
Security awareness should be covered focusing the four above mentioned categories using real-world examples like classroom training, and circulating latest updates in security patches and also articles or suggestions as well as visual examples about security awareness. Training employees by pasting most important security preventions every employee must consider in order to prevent security breach and pasting lastest updates about security measurements in common areas across office space and conduct brainstorm sessions with individual senior staff members to understand their needs and how to apply security awareness across teams.
and second thing is to secure customers who are the core revenue generating people to an organization and its organization's duty to secure customers. The customer is the benefit of any organization. At the present time, where online security turns into an essential, the association must view client's profitable data that movements between the server and the site. By building security culture, the association can spur clients, contractual workers, representatives. A fulfilled client dependably functions as a mouth exposure and will fill in as an advantage of the organization. The association can guarantee their clients that the amount they think about their web assurance. The association ought to likewise distribute a note of wellbeing safety measure on the site for clients while collaborating with the web world.
Posting 2:
Security is a key human thought that has ended up being harder to portray and approve in the Information Age. In rough social requests, security was compelled to ensuring the prosperity of the get-together's people and guaranteeing physical resources. As society has grown more mind-boggling, the centrality of sharing and securing the fundamental resource of data has extended. Before the extension of present-day trades, data security was confined to controlling physical access to oral or created correspondences. The essentials of data security drove social requests to make innovative techniques for guaranteeing their data.
Changes in security systems can be direct. Society needs to execute any new security innovation as a get-together, whic ...
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Similar to Intro to Information AssuranceModule 3Chaston Carter0417.docx (20)
Assist with first annotated bibliography. Assist with f.docxnormanibarber20063
Assist with first
annotated bibliography
.
Assist with first
annotated bibliography
.
(Thesis topic: Psychotherapy)
. Each submission must also include a brief critique of the source (e.g., how could the study be improved, criticism of the author(s) assertions, ideas for future studies, etc.).
summary of the article, including the purpose/hypothesis of the study, a statement about the participants and methods utilized in the study, results and implications for future research, as well as the methodological limitations/critique of the study.
.
Assistance needed with SQL commandsI need assistance with the quer.docxnormanibarber20063
Assistance needed with SQL commands
I need assistance with the query commands assigned to an assignment. I have the databases properly created and do not need assistance with the commands associated with creating the databases. Here is the complete assignment. I have attached the database information.
The structure of the movies database is as follows:
Director (
DIRNUB
, DIRNAME, DIRBORN, YR-DIRDIED)
STAR (
STARNUB
, STARNAME, BIRTHPLACE, STARBORN, YR-STARDIED)
MOVIE (
MVNUB
, MVTITLE, YRMDE, MVTYPE, CRIT, MPAA, NOMINATIONS, AWRD,
DIRNUB
)
MOVSTAR (
MVNUB
,
STARNUB
, AMTPAID)
MEMBER (
MMBNUB
, MMBNAME, MMBADD, MMBCITY, MMBST, NUMRENT, BONUS, JOINDATE)
TAPE (
TAPENUM,
MVNUB, PURDATE, TMSRNT,
MMBNUB
)
Create Video Store database as discussed in the class. Make sure to correct column widths/types before creating tables. Use SQL to form queries to produce the following reports
:
** List the names and numbers of directors whose names begin with the alphabet ‘K’.
List the tape no, movie title, and the membership number and name of members, who are currently borrowing tapes numbered below 20. Arrange the report in descending order by tape number.
List the names and respective numbers of stars and directors who have worked together.
** List the tape numbers for movies of movie type: ‘HORROR’.
List the name of the director who has received the maximum number of total awards considering all his/her movies: AWRD.
** List the names of all members who have not borrowed any movie currently.
List the movie type and number of tapes for each type in the database.
** For each movie list total how many times it has been rented: TMSRNT.
Report the total times rented (TMSRNT) for each movie type.
The database administrator discovers that the name of director whose number is 7 in the database should be spelt as ‘JOHNNY FORD’. Make corrections to the data.
Delete the movie number 14 and all its tapes. Print both tables to verify.
List all tape numbers and their movie titles, and indicate the member number and member name if the tape is currently rented out.
13. List all tape numbers, and also indicate the member’s city if a tape is currently rented out by a member.
14. Who is the youngest director?
How many movies did he/she direct?
15. Grant access to me (joshi) to your movstar table for select and update.
16. Create a unique index on movstar table.
17. For each movie type list the average age of movies given the current year is 2011.
18. ** Create a view MEMB_TAPES that includes the currently rented movies and the members who are renting them, include movie type.
19. ** Use the view MEMB_TAPES to find all currently rented “COMEDY” type movies and members who are renting them.
20. ** List all tape numbers, along with movie name and member name if rented out (leave member name blank if not rented out).
.
assingment Assignment Agenda Comparison Grid and Fact Sheet or .docxnormanibarber20063
assingment
Assignment: Agenda Comparison Grid and Fact Sheet or Talking Points Brief
It may seem to you that healthcare has been a national topic of debate among political leaders for as long as you can remember.
Healthcare has been a policy item and a topic of debate not only in recent times but as far back as the administration of the second U.S. president, John Adams. In 1798, Adams signed legislation requiring that 20 cents per month of a sailor’s paycheck be set aside for covering their medical bills. This represented the first major piece of U.S. healthcare legislation, and the topic of healthcare has been woven into presidential agendas and political debate ever since.
As a healthcare professional, you may be called upon to provide expertise, guidance and/or opinions on healthcare matters as they are debated for inclusion into new policy. You may also be involved in planning new organizational policy and responses to changes in legislation. For all of these reasons you should be prepared to speak to national healthcare issues making the news.
In this Assignment, you will analyze recent presidential healthcare agendas. You also will prepare a fact sheet to communicate the importance of a healthcare issue and the impact on this issue of recent or proposed policy.
To Prepare:
Review the agenda priorities of the
current/sitting U.S. president and the two previous presidential administrations.
Select an issue related to healthcare that was addressed by each of the last three U.S. presidential administrations.
Reflect on the focus of their respective agendas, including the allocation of financial resources for addressing the healthcare issue you selected.
Consider how you would communicate the importance of a healthcare issue to a legislator/policymaker or a member of their staff for inclusion on an agenda.
The Assignment: (1- to 2-page Comparison Grid, 1-Page Analysis, and 1-page Fact Sheet)
Part 1: Agenda Comparison Grid
Use the Agenda Comparison Grid Template found in the Learning Resources and complete the Part 1: Agenda Comparison Grid based on the current/sitting U.S. president and the two previous presidential administrations and their agendas related to the public health concern you selected. Be sure to address the following:
Identify and provide a brief description of the population health concern you selected and the factors that contribute to it.
Describe the administrative agenda focus related to the issue you selected.
Identify the allocations of financial and other resources that the current and two previous presidents dedicated to this issue.
Explain how each of the presidential administrations approached the issue.
Part 2: Agenda Comparison Grid Analysis
Using the information you recorded in Part 1: Agenda Comparison Grid on the template, complete the Part 2: Agenda Comparison Grid Analysis portion of the template, by addressing the following:
Which administrative agency would most likely be respons.
Assimilate the lessons learned from the dream sequences in Defense o.docxnormanibarber20063
Assimilate the lessons learned from the dream sequences in Defense of Duffer's Drift.
The Lieutenant's dream sequences help him understand his tactical problem and make decisions when faced with a new problem. The Lieutenant had virtually no knowledge of the terrain, the weather, civilians, enemy, etc. If an intelligence section had been made available to the Lieutenant, how might have he used such a staff to help him avoid the painful (and deadly) consequences of poor decision making in his dream sequences?
.
Assignmnt-500 words with 2 referencesRecognizing the fa.docxnormanibarber20063
Assignmnt:-
500 words with 2 references
Recognizing the fact usernames passwords are the weakest link in an organization’s security system because username and password are shareable, and most passwords and usernames are vulnerable and ready to be cracked with a variety of methods using adopting a record number of devices and platforms connected to the Internet of Things daily and at an alarming rate.
Provide the all-inclusive and systematic narratives of the impact of physical biometric operations on the current and future generation.
500 words with 2 references
Discussion:-
Discussion
Effective and efficient use of biometric technology will play a key role in automating method of identifying living persons based on individual physiological and behavioral characteristics.
Provide the comprehensive narratives on the advantages and disadvantages of a physical biometric system?
.
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxnormanibarber20063
Assignmnt-700 words with 3 references
Today, there is a crisis about organizations’ inability to resolve the age-old problem of how to control the abuse of trust and confidence given to authorized officials to freely logon onto the organization’s system, Many such officials , turn around to betray the organization by committing cybercrimes. Vulnerability stems from interactions and communications among several system components and categorized as deficiency, weakness and security cavity on
network data center.
To what extent do internal threats constitute a key factor against any organization’s ability to battle insider threats caused by people who abuse assigned privilege?
What is the most effective mechanism for organizations to combat internal threats?
Why should disgruntled employees must be trained on the danger of throwing wastepaper and electronic media in a bin within and outside the facility?
Discussion:
400 words with 2 references
Per Fennelly (2017-182), “Why do Employees steal?” employee stealing is a multiple part operation.
Most organizations are often intolerant and impatient to verify employee’s identity and background and establish trust due to the time-consuming nature of daily assignments.
Most organizations often ignore to establish and adopt on-board ecological waste management action plans to deal with discarded materials, shredded left-over documents and magnetic media and placing fragments in isolated location.
Nonetheless, organizations must learn to support and train employers who are assigned to work and protect the organization data center, facilities and resources. Large segments of any organizations’ facility managers are often none-aggressive and choose short cuts in discharging assigned services by posting passwords on the screen and leaving confidential documents lying out on the table and uploading same document to associates, husbands, loved ones and competitors. Most authorized users within the organization are often the puniest linkage in any security operation.
Per Fennelly (2017-182), “Why do Employees steal?”
employee stealing is a multiple part operation.
Disgruntled employees can install sniffers on organizations’ data file server via polite phone calls
They can gain required user identification and password to access the organization’s secured data center.
Most organization retain an employee on the same salary for twenty years and they pay new a newly hired employee the salary of the actively existing employee.
Most organizations often ignore to establish and adopt on-board ecological waste management action plans to deal with discarded materials, shredded left-over documents and magnetic media and placing fragments in isolated location.
.
Assignment For Paper #2, you will pick two poems on a similar th.docxnormanibarber20063
Assignment:
For Paper #2, you will pick two poems on a similar theme to
compare and contrast
. Your paper will explain how the poems use some of the poetic devices we’ve been discussing to express distinct attitudes towards their common subject. It will point out the
similarities and differences
in the ways the two poems do
this
. Therefore, you will need to compare and contrast the general tones of the poems as well as how they use poetic devices to create those tones. Poetic devices you might want to consider include diction, imagery, figurative language, sound (including rhyme, alliteration, assonance, rhythm, and meter), and form.
Your
audience
for this paper is other students in the class who have read these poems. You can assume that your reader has the poems in front of him or her, so you don’t need to quote the whole poem, though a brief paraphrase might be useful. You will need to quote specific lines, phrases, or words in order to point out specific features of the poems. Your
purpose
is to help your reader see the
differences and similarities
in the two poems and, consequently, to better understand how each one works to create its particular effects or meanings.
Your paper should be
800 – 1000 words long, typed and double-spaced, with 1” margins all around
.
Use of secondary sources (other than our own textbook) is not allowed
for this assignment. If you have questions about the poem, ask other students or the instructor.
Here are some
suggested topics
:
1. Compare and contrast the ways Whitman’s “To a Locomotive in
Winter
” (p. 504) and Dickinson’s “I like to see it lap the Miles” (p. 504-05) represent their common subject: a locomotive. What claims does each poem make about the locomotive? What tone or attitude is taken towards the locomotive? How does each poem use specific poetic devices to create its tone?
2. Compare and contrast the ways Lovelace’s “To
Lucasta
” (p. 521) and Owens’ “
Dulce
et
Decorum
Est
” (p. 521-22) represent their common subject: war. What claims does each poem make about war? What tone or attitude is taken towards war? How does each poem use specific poetic devices to create its tone?
3. Compare and contrast the ways
any two
love poems in our reading represent their common subject. What claims does each poem make about love? What tone or attitude is taken towards love? How does each poem use specific poetic devices to create its tone? (Please check the two poems you pick with the instructor before proceeding.)
4. Compare and contrast the ways
any two
of the following poems represent God:
·
Donne’s “Batter my Heart, Three-
Personed
God” (p. 531),
·
Hopkins’ “God’s Grandeur” (p. 624),
·
Herbert’s “Easter Wings” (p. 676),
·
Blake’s “The
Tyger
” (p. 824-25).
What claims does each poem make about God? What tone or attitude is taken towards God? How does each poem use specific poetic devices to create its tone?
5. Compare and contrast the ways.
Assignment Write an essay comparingcontrasting two thingspeople.docxnormanibarber20063
Assignment:
Write an essay comparing/contrasting two things/people/places/ideas, etc. This should not simply be a list of their similarities and differences, but a cohesive essay written in paragraph form with a thesis, introduction, body, and conclusion.
Remember, a compare/contrast thesis can be formulated in one of the following ways:
1) One thing is better than another
2) Two things that seem to be similar are actually different
3) Two things that seem different are actually similar
Parameters:
*Typed
*Double-Spaced
*Times New Roman
*12 Point Font
*1 Inch Margin
*3 pages (not even a word shorter)
*2 outside sources
.
Assignment Travel Journal to Points of Interest from the Early Midd.docxnormanibarber20063
Assignment :Travel Journal to Points of Interest from the Early Middle Ages, Romanesque, and Gothic World
Travel Journal to Points of Interest from the Early Middle Ages, Romanesque, and Gothic World
Travel was one of the social characteristics that helped shape the Early Middle Ages and the Romanesque period—either to the Middle East to fight in the Crusades or throughout Europe as part of extensive pilgrimages.
For this assignment, put yourself in the place of a person living during this time who traveled extensively throughout Europe by selecting six pieces of art or architecture that you found personally to be the most interesting and important examples that date from this period in history. You should have 2 examples from each of the time periods specific to the Middle Ages: two examples from the Early Middle ages, two that represent the Romanesque, and two that represent Gothic art.
Your objects need to date between 400 CE and 1300 CE—the time span that encompasses the Early Middle Ages, Romanesque, and Gothic periods.
You are going to create a travel journal and itinerary for other students who will travel with you to your points of interest. Create a PowerPoint presentation of seven slides, including an introduction, your five destinations, and a conclusion. On each slide, include the image of the artwork or architecture, and the following information about the image:
Its location
Its name
The period of time it was created
Three interesting points about the artwork/building
What people viewing the image could learn about the Early Middle Ages, the Romanesque period, or Gothic art and architecture.
Why you selected this image
THIS MUST BE FOLLOWED
Assignment 2 Grading Criteria
Maximum Points
Selected two images representative of the early Middle Ages style, from between 400 CE and 1000 CE.
10
Provided location, name, and period of time created for the early Middle Ages images.
12
Explained why you selected each early Middle Ages image, and offered three interesting points about each image and what people could learn from viewing each image.
15
Selected two images representative of the Romanesque style, from between 1000 CE and 1100 CE.
10
Provided location, name, and period of time created for the Romanesque style images.
12
Explained why you selected each Romanesque style image, and offered three interesting points about each image and what people could learn from viewing each image.
15
Selected two images representative of the Gothic style, from between 1100 CE and 1300 CE.
10
Provided location, name, and period of time created for the Gothic style images.
12
Explained why you selected each Gothic style image, and offered three interesting points about each image and what people could learn from viewing each image.
15
The PowerPoint presentation meets length requirements and contains correct spelling and grammar.
.
Assignment What are the factors that influence the selection of .docxnormanibarber20063
Assignment
What are the factors that influence the selection of access control software and/ or hardware? Discuss all aspects of access control systems.
DQ requirement:
initial posting to be between 200-to-300 words.
All initial posts must contain a properly formatted in-text citation and scholarly reference.
Reply post 100-to-150 words.
No plagarism
.
Assignment Write a research paper that contains the following.docxnormanibarber20063
Assignment:
Write a research paper that contains the following:
Discuss the visual assets such as charts, interactive controls, and annotations that will occupy space in your work.
Discuss the best way to use space in terms of position, size, and shape of every visible property.
Data representation techniques that display overlapping connections also introduce the need to contemplate value sorting in the z-dimension, discuss which connections will be above and which will be below and why. Show example using any chart or diagram of your choice.
Your research paper should be at least 3 pages (800 words) excluding cover page and reference page. It should be double-spaced, have at least 2 APA references, and typed in Times New Roman 12 font. Include a cover page and a table of content.
.
Assignment Talk to friends, family, potential beneficiaries abou.docxnormanibarber20063
Assignment
Talk to friends, family, potential beneficiaries about your idea. Do they agree that you deeply understand what the proposed beneficiaries are doing currently to manage/endure their problem? Explain. What are your proposed beneficiaries doing currently to manage/endure their problem? How would you get buy-in from others to sign on to your proposed Beneficiary Experience table (reference Chapter 4)? Include research to support your social entrepreneurship idea.
Minimum 2 pages
Minimum 2 scholarly sources
APA formatted
.
Assignment The objective of assignment is to provide a Power .docxnormanibarber20063
Assignment:
The objective of assignment is to provide a
Power Point Presentation
about
all vaccines including the Flu vaccine in the pediatric population
. Your primary goal as a
Family Nurse Practitioner
is to educate parents about the importance of vaccination and understanding their beliefs and preference by being cultural sensitive in regards this controversial topic. This is an individual presentation and must include
a minimum of 8 slides with a maximum of 10 slides
.
This presentation must include a “Voice Presentation”. Please, this part includes
as a note in each slide
, so I can read it. Thank you.
and the following headings:
*Voice attached in all slides. Please use notes, so I can read it.
ALL REFERENCES FROM USA and within 5 years.
1.
Introduction
(Clearly identifies the topic and Establishes goals and objectives of presentation)
2.
Clinical Guidelines Evidence Based Practice per CDC
– (Presents an insightful and through analysis of the issue (s) identified. Excellent Clinical guidelines)
3.
Population and Risk Factors
(The population is identified and addressed as well the topic(s) and issue(s)
4.
Body and Content
: (Makes appropriate and powerful connections between the issue(s) identified and the concept(s) studied. Very creative and Supports the information with strong arguments and evidence.
5.
Education
– (Presents detailed, realistic, and appropriate recommendations and education including parents/patients)
6.
Conclusion
. Excellent Conclusion clearly supported by the information presented
.
Assignment During the on-ground, residency portion of Skill.docxnormanibarber20063
Assignment:
During the on-ground, residency portion of Skills Lab II, you will have attended sessions covering topics relevant to advanced clinical social work practice. During Skills Lab II, you join with a group of three to four students to present a clinical case. You will create your own case—this case will be a situation you have faced in practice or one you create. During the presentation, you and each group member are expected to demonstrate knowledge, awareness, and skills appropriate to a concentration-year master’s student.
The presentation should include the following:
· The identification of the individual/family or group with background information including:
o Presenting problem or concern
o History of the presenting problem
o Social history
o Family history
o Previous interventions
· Your assessment of the client/family/group
· Your engagement of the client/family/group
o Specify the specific social work practice skills that were or would be used in your engagement.
This is the right up about this project
Tiffany, a 17-year-old African American female resides in Huston Texas with her mother (48 years old) and 2 brothers (20 years old and 10 years old). Tiffany was raised by her mother. Her father went to prison for selling drugs when Tiffany was 5 years old. Tiffany has been having trouble sleeping, her grades have dropped, she is no longer interested in sports or her after school club activities. Tiffany is also afraid to go outside and she does not want to leave her mother’s side. Tiffany reports she gets nervous and has heart palpitations when she sees a police car or hears police sirens. Tiffany’s mother is concerned about the sudden change of behavior in her daughter and thus, took her in to see a therapist.
Tiffany was very active in school. She had good grades, active in sports and after school clubs. The teachers spoke very highly of Tiffany, however, expressed concerns to her mother when they noticed a change in her grades. Additionally, the school staff noticed Tiffany withdrawing from her friends appeared to be isolating herself from others. Tiffany and her family were active within their church community. Tiffany and her family live in a low-income community. Tiffany’s mother does work full time, however, she still receives SNAP and Medicaid services. They also live in Section 8 housing. Tiffany lives in a community with a high crime rate. She often witnesses and hears stories of police brutality. Tiffany’s mother had to explain to her children how to respond to a police officer with they are ever stopped. Tiffany’s other brother has a history of police involvement.
.
Assignment PurposeThe first part of this assignment will assist.docxnormanibarber20063
Assignment Purpose:
The first part of this assignment will assist you in identifying a topic which you will work with for subsequent activities in the course. The second part of the assignment helps you articulate what constitutes plagiarism.
Part 1:
In this course you will be using a variety of resources and research tools. This activity will guide you in formulating a topic to use for later assignments in this course.
1. What is something you are curious about? What is something you see out in the world that you want to know more about? Perhaps think of health, business, or socio-cultural issues. Write it here:
_______________________________________________________________________
(Need help selecting a topic? Review the Research Topic Starting Points for EN 104, EN 106, EN 111, and EN 116 guide from the Herzing University Library. Browse some of the resources linked there for generating topic ideas. http://herzing.libguides.com/research_topic_starting_points)
2. Create a Mind Map for your topic in the Credo Reference Database available through the Herzing University Library. You can access the link to that database and view a brief tutorial in the Research Topics Starting Points guide at http://herzing.libguides.com/research_topic_starting_pointsIf you need assistance using this tool, contact the Herzing University Librarians using the contact information in that guide. You might need to play around with how you word your topic.
Did the Mind Map help you narrow your topic? Describe your experience with the Mind Map feature and indicate your narrowed topic:
3. Write at least three research questions related to your topic and circle or somehow indicate the one you are most interested in answering:
4. Create a thesis statement for your research project. Be sure it meets the characteristics of a “strong” thesis statement as described in the reading for this unit.
Characteristics of a Strong Thesis Statement
· Answers the research question and is adequate for the assignment.
· Takes a position – doesn’t just state facts.
· It is specific and provable.
· It passes the “so what?” test.
Include your thesis statement here:
Part 2:
The following paragraph is from this source:Spiranec, S., &Mihaela, B. Z. (2010). Information literacy 2.0: Hype or discourse refinement? Journal of Documentation, 66(1), 140-153. doi:http://dx.doi.org.prx-herzing.lirn.net/10.1108/00220411011016407
Web 2.0 is currently changing what it means to be an information literate person or community…. The erosion did not begin with Web 2.0 but had started considerably earlier and became evident with the first web document without an identifiable author or indication of origin. Generally, this erosion comes naturally with the advancement towards electronic environments. In the era of print culture the information context was based on textual permanence, unity and identifiable authorship, and was therefore stable. The appearance of Web 1.0 has already undermined .
Assignment PowerPoint Based on what you have learned so .docxnormanibarber20063
Assignment:
PowerPoint:
Based on what you have learned so far in this course, create a PowerPoint presentation that addresses each of the following points. Be sure to completely answer all the questions for each bullet point. Use clear headings that allow your professor to know which bullet you are addressing on the slides in your presentation. Support your content with at least four (4) citations throughout your presentation. Make sure to reference the citations using the APA writing style for the presentation. Include a slide for your references at the end. Follow best practices for PowerPoint presentations related to text size, color, images, effects, wordiness, and multimedia enhancements.
Title Slide (1 slide)
At each stage of development, culture can have a distinct impact on basic aspects of life. Based on your reading thus far, describe how cultural influences impact development throughout the lifespan. Include the following aspects of life:
Cognition (2-3 slides)
Acceptance of cultural traditions (2-3 slides)
Biological health (2-3 slides)
Personality(2-3 slides)
Relationships (2-3 slides)
References (1 slide)
Each slide should have a graphic and very few words. In a separate Word file, create a script to use when giving this presentation (about 50 words per content slide - 500 words total). Submit both files to the dropbox.
.
Assignment In essay format, please answer the following quest.docxnormanibarber20063
Assignment: In essay format, please answer the following questions:
On your second In-Class Assignment, which was on John Stuart Mill's freedom of thought and discussion, you were asked to provide your own opinion on any moral issue.
1) Your task is to write an essay
DEFENDING
the
the OPPOSITE opinion.
2) Please structure your essay in the following format: (SEE ATTACHED FILE FOR MORE DETAILS ON WHAT EACH OF THESE MEAN)
I. Introduction/Thesis Statement
II. Body - Include at least two reasons why one would support this position
III. Counter-Argument - What is the argument against that position?
IV. Reply to Counter-Argument - Why could the counter-argument be wrong?
V. Conclusion
.
Assignment Name:
Unit 2 Discussion Board
Deliverable Length:
150-500 words (not including references) 2 Peer Responses
Details:
The Discussion Board (DB) is part of the core of online learning. Classroom discussion in an online environment requires the active participation of students and the instructor to create robust interaction and dialogue. Every student is expected to create an original response to the open-ended DB question as well as engage in dialogue by responding to posts created by others throughout the week. At the end of each unit, DB participation will be assessed based on both level of engagement and the quality of the contribution to the discussion.
At a minimum, each student will be expected to post an original and thoughtful response to the DB question and contribute to the weekly dialogue by responding to at least two other posts from students. The first contribution must be posted before midnight (Central Time) on Wednesday of each week. Two additional responses are required after Wednesday of each week. Students are highly encouraged to engage on the Discussion Board early and often, as that is the primary way the university tracks class attendance and participation.
The purpose of the Discussion Board is to allow students to learn through sharing ideas and experiences as they relate to course content and the DB question. Because it is not possible to engage in two-way dialogue after a conversation has ended, no posts to the DB will be accepted after the end of each unit.
A. Questions for weekly discussions and conversations (not part of the required Discussion Board assignment)
These questions can serve as the starting point for your discussions during the week. They are “thought starters,” so that you can explore some ideas associated with the discussion board and unit topics. Answers are not required, and should not be submitted with your required assignment. Answers are not graded.
1. What images do we use today that originated from creations by early civilizations for religious ceremonies?
2. What historical art images do we use today, from creations by early civilizations, for cultural celebrations?
B. Required Discussion Board assignment.
From the list below, choose one Greek work of art and one Roman work of art and
compare and contrast
them according to the criteria listed:
Greek Art
Roman Art
The
Doryphoros
(Polykleitos, 450 BCE)
Augustus of Primaporta
(c. 20 BCE)
The Laocoon Group
(1
st
Century, CE)
Marcus Agrippa with Imperial Family
(South frieze from the Ara Pacis, 13-9 CE)
Nike of Samothrace
(c. 190 BCE)
She-Wolf
(c. 500 BCE)
The Temple of Athena
(427–424 BCE)
The Colosseum
(72–80 CE)
The Parthenon
(447–438 BCE)
The Arch of Constantine
(313 CE)
Answer the following list of questions in a comparative essay to evaluate your choices. Be sure to introduce the works you have chosen.
What is the FORM of the work?
Is it a two-dimensional or three-dimensional work of art?
What materials are us.
Assignment In essay format, please answer the following questions.docxnormanibarber20063
Assignment: In essay format, please answer the following questions:
1) Briefly summarize Stirner's Egoism.
2) Look at some contemporary moral issues in the news, either current or past, and apply his Egoist theory to the issue. How would he view the issue?
3) Do you agree with the way Stirner would view the issue? Why or why not?
All together, the answers must total up to about 500-700 words. Assignments
MUST
have the following format: Name, Class, and Essay Subject & Date in the upper left hand corner.
Double Spaced
, 12pt Times New Roman or Arial font. If you use outside sources, it must include a works cited page.
.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Pride Month Slides 2024 David Douglas School District
Intro to Information AssuranceModule 3Chaston Carter0417.docx
1. Intro to Information Assurance
Module 3
Chaston Carter
04/17/17
Target Corporation
Target has had many ethical challenges over the
years but one of the biggest ones they have encountered was
the a credit and debit card data breach thought to have exceed
ed $700 million which was the biggest retail hacking in U.S.
history to date. While this is serious, what is even more serious
is that Target had clear warning signs that hacking was
occurring, but due to the lack of action the hacking continued
within the organization. It was estimated that close to 70
million people had their personal data stolen. That information
consisted of names, mailing addresses, phone numbers and
email addresses. Not only was it personal information shared ,
but a-lot of people encountered unauthorized, charges on their
credit card or debit card. The organization was shocked at the
amount of people that were affected by this recent attack.
I had only 10 days to implement changes to its
security policies, to prevent this from happening again. The
ultimate goal was to come up with quick solutions to solve this
problem. My first goal was to develop a written information
security program, which would ultimately document potential
security risk. Since the confidentiality of the customers
information is a important key factor. The goal of the whole
credit breach is to prevent customers information from getting
stolen . We can start by eliminating the problem, by offering
security training to current workers, this would not only
educate them but they would learn the importance of
2. safeguarding personal information , and it will allow them to
learn when to be alert to potential threats. To insure integrity in
the organization a system must be put in place to detect any
changes in data that might cause the server to crash when
making a purchase, or interfere when a customers makes a
purchase at a target store.
To Ensure Availability in Target Corporation ,
we would maintain all certain possible customers information,
to prevent any data from being lost, data could be store in a
isolated protected location. One of the main issues with the
credit cards hacked in the breach was that when the cards were
swiped the magnetic strip on the back contained unchanging
data. Whoever accessed the data got ahold of information
necessary to make purchases. Which eventually made traditional
cards prime targets for counterfeiters. The problem with Target
corporation is that they had no real structure on how to be
alerted when there was suspicious activity in a customers
account. The main objective for this information assurance plan
is to develop an alerting system that will alert a middle man
when there is suspicious, or unusual activity in a customers
account.
Even Though , target already had current policies in
place, six months prior to hackers
getting into their security system . They had began a
$1.6 million malware detection tool
they purchased from a computer security firm called
FireEye. Even with this billion dollar
infrastructure, which was much more extensive than other
retailers. It still couldn't do much
for the company because, target failed to act upon their
finding in the new security system.
Hackers were eventually able to infiltrate Target’s
network by using an HVAC. When
they gained access, they installed a pair of malware
3. programs. They then sent malware
designed to steal credit card numbers to cashier stations
in every domestic Target store.
November 30, 2013, FireEye was alerted to the presence
of the malware. Target’s security
teams in Bangalore were immediately notified of the
potential breach. FireEye had the ability
to automatically disable the malware, but Target had turned
this feature off. By target turning
the feature off, they no longer had any way of being alerted
so FireEye also alerted Target on
December 2 after hackers released a new version of
malware. (Adkins, 2014)
Based on the evaluation, the best approach to
targets security system . Is to come up with a security system
that alerts the user immediately giving the middle man the
opportunity to find a quick solution to the breach and putting a
stop to it right away. There are several key leaders since
confidentiality is a important factor , it is essential to have
designated a security officer who would be responsible for
coordinating and executing the program that would protect
customers information . This security officer would also report
to someone outside of the organization to make sure everything
is secure and in line. The officer would also offer classes to
current employees , by teaching them how to detect a potential
threats to the organization.
Thats why it is important develop a risk
assessment team who would manage the security program. This
team would be one the most important key factors to the
organization because they would identify the risk and would
ultimately decide on the appropriate, most cost effective ways
4. to manage them. The main objective would be to minimize
potential threats , but not eliminate them . To insure integrity in
the organization and to prevent data integrity failure an alerting
system would be put into place. This system will be designed to
detect potential threats, and give the risk assessment team
options on how to get rid of the threats.
Target already has had a bad reputation with
immediate response to the breaches. They also claimed that it
had suffered a data breach despite its best efforts, but it was
later revealed that it had been alerted more than once about
breaches. It was said Target also waited six days after it was
informed to tell consumers about the hacking attack, and about
a month before it revealed the extent of it. More than 90
lawsuits have been filed against Target by both customers and
banks, and Target's profit during the holiday shopping period
dropped 46 percent from the previous year.
Since a lot of customers were left out of the loop,
target came up with the solution of
sending customers emails with general security tips and
were offered with one year of free
credit monitoring and identity theft protection.
Additionally, The CEO assured customers
that they would not be held liable for any fraudulent
charges made to their credit cards as a
result of the hack. Customers were offered 10 percent off
in-store purchases following the
data breach.
The best solution thus far was Target announcing that it
would begin to release credit and debit cards with chips instead
of magnetic strips on the back of the cards by 2015. They had
invested over $100 million in registers and technology that will
be able to read the new chip cards.
As result in the huge percentage of customers lost CEO Gregg
Steinhafel stepped down.
5. References:
Kossman, S. (2016, xxsssdddFebruary 02). 8 FAQs about EMV
credit cards. Retrieved April 21, 2017, from
http://www.creditcards.com/credit-card-news/emv-faq-chip-
cards-answers-1264.php
Initiative, Daniels Fund Ethics, University Of New Mexico, and
Http://danielsethics.mgt.unm.edu. Target: Putting Customers
First? (n.d.): n. pag. Web.
Chaston Carter
05/30/17
Statement of Policy
Purpose: This policy outlines the incident response protocols,
6. disaster response protocols, access control protocols, and
maintenance plan, which will serve as controls and guidelines to
address instances of unauthorized access to CFZ information
and also as response to disastrous events or conditions that
might adversely impact operations at CFZ.
Incident Response Protocol
Incidence Response Protocols have become integral part of
information technology and they are used for detecting and
handling incidents, minimizing loss and destruction, mitigating
weaknesses and restoring IT services (Cichonski et.al, 2012).
The incident response process has several phases which includes
preparation, detection & analysis, containment, eradication and
recovery and post incident activities (Cichonski et.al, 2012).
The preparation phase attempts to limit or prevent the number
of security incidence that might occur by selecting controls such
as regular risk assessments, host security, network security,
malware prevention, and implementing user awareness training
etc. that will effectively reduce the number of incidence
occurring (Cichonski et.al, 2012).
Detection and analysis phase uses precursors and indicators to
monitor and analyze attack vectors such as external media,
attrition, web, email, impersonation, improper usage or
unauthorized accesses etc. that can be used to propagate attacks
against an organization. Some of the precursors that have been
put in place at CFZ includes:
Intrusion Detection and Prevention systems to identify and log
suspicious events, alert the necessary response team and take
automated mitigative actions;
Security information and event management (SIEM) products to
generate alerts based on the analysis of log data;
Antivirus and Anti-malware softwares to detect and prevent
attacks from infecting the systems;
File integrity checker to detect changes to important files during
attack incidents, and
Awareness programs for both internal and external users to keep
them abreast of the latest attack incidents and to create a
7. reporting route after anomalies have been identified (Cichonski
et.al., 2012).
The Containment, Eradication and Recovery phase is used to
manage incident attacks before they overwhelm the system and
result into more fatal damages, using predetermined procedures
such as disabling system functions or shutting down the systems
and disconnecting them from the network to mitigate the effects
of any attack (Cichonski et.al, 2012).
Finally the post incident activity phase is used by the
organization or response team to reflect on the new threats and
use lessons learned to improve on incident response plan
(Cichonski et.al, 2012).Within CFZ, the incident response plan
created will be used in responding to a variety of potential
threats such as:
Unauthorized access or unauthorized privilege escalation and
data breaches,
Denial or Distributed Denial of Service Attacks,
Firewall Breaches,
Viruses and malware outbursts,
Theft or physical loss of equipment, and
Insider Threats (Rouse, 2014).
To mitigate these issues, some of the recommended actions that
have been put in place at CFZ include the following:
Incident Type
Kill Chain Stage
Priority Level
Recommended Action
Unauthorized Access
Exploitation & Installation
High
Detect, monitor and investigate unauthorized access attempts
with priority on those that mission critical or contain sensitive
data.
Unauthorized Privilege Escalation
Exploitation & Installation
High
8. Critical systems are configured to record all privileged
escalation events and set alarms for unauthorized privilege
escalation attempts.
Data Breach
System Compromise
High
During a data breach, all evidence is captured carefully and
evidentiary data is collected. Alarms are set to alert system and
administrators and emergency system shut down and data
recovery steps is initiated.
All critical documents or data are backed up on a different
system.
Denial or Distributed Denial of Service Attacks
Exploitation & Installation
High
An IPS is implemented to monitor, detect and automatically
terminate all traffic patterns that steps out of the normal
behavior of the system.
Viruses or Malware
Delivery & Attack
Low
Remediate any malware infections as quickly as possible. The
rest of the network needs to scanned to ensure no further
compromise were associated with the outbreak.
Insider Breach
System Compromise
High
User accounts are routinely monitored using system log events
and security information and event management products that
can generate alerts based on the analysis of log files
Theft of Physical Loss
System Compromise
High
Whole disk encryption is used to protect all laptops and mobile
devices. Lockout screen or remote wiping is lost or stolen
equipment is used to remotely remove all critical data on stolen
9. or lost equipment.
Firewall Breaches
System Compromise
High
Technology additions and updates are used to evaluate firewall
settings and adjust them as needed in order to minimize the
impact on business.
Firewall rules are regularly reviewed and actively updated to
protect against the latest security threats and dedicated and
ongoing monitoring practices are employed to maximize system
uptime while actively defending network and connected network
devices.
Justification of Incident Response protocol
Since it is really difficult to assume the path that an attacker
will take to infiltrate the network, CFZ decided to create their
incidence response plan through the cyber kill chain sequence
(Malik, 2016). The cyber kill chain sequence is the stages
required for an attacker to successfully infiltrate a network and
exfiltrate data from it. The cyber kill chain involves the
following stages:
Reconnaissance and Probing - This is the stage when the
attacker is probing the network to exploit any vulnerability or
opportunities that may present in the system (Malik, 2016).
Delivery and Attack – Once a vulnerability has been
established, then a delivery mechanism (attack mechanism) is
put in place to deliver the attacks or social engineering is
employed to induce the target (Malik, 2016).
Exploitation and Installation – This is the stage after the
attacker have found the vulnerability to the system. They
proceed to exploit those vulnerability in order to acquire access
to the system and once access has been granted, they proceed to
elevate their user privileges in order to elevate the access or
even install persistence payload (Malik, 2016).
System Compromise - At the stage, high value data is been
exflitrated as quickly as possible (Malik, 2016).
10. Designing an incidence response plan or protocol around these
different stages will allow CFZ to understand the threats being
faced in their network environment, the steps an attacker can
used to exploits such threats and take steps to adequately
prevent or mitigate the effects of any of such security threats.
Disaster Response Protocol
Disaster response protocols are other critical components
of computer security operations that ensure the continuation of
vital business processes in the event that a disaster occurs
(Martin, 2002). At CFZ, the disaster response and recovery
protocols was not only focused on the physical infrastructure,
back up and restoration systems but was expanded to include
other critical components such as perimeter defenses, IDS
network, threat evaluation and assessment, virus protections,
patches and host configurations and vulnerability surveillance
(Velliquette, 2005). Paying proper attention all these aspects is
very critical to addressing computer security within disaster
recovery planning to ensure the most efficient and successful
recovery operations (Velliquette, 2005). Some of the major
components that was developed into the disaster response
protocols at CFZ includes:
Crisis Management Plan: This was a plan designed to ensure
continuation of vital business processes in case of an emergency
(Martin, 2002). This plan was developed to provide information,
procedures, responsibilities and checklists that will enhance an
organized and effective system of handling situations during a
crisis occurrence (Martin, 2002).
Alternate Recovery Site: To ensure that IT services and
recovery time matches the business recovery time objective,
CFZ implemented a back-up site at an alternate location, where
all data infrastructure is configured to run similar hardware and
software applications to ensure that regular operations can be
restored at the shortest time possible in the case of a disaster
occurrence (Velliquette, 2005).
11. Regular Data Backup: CFZ also implemented a scheduled
hardware and software backup and periodically validates that
critical systems, applications and data are accurately backed up
in a standard hardware in order to be able to easily replicate a
new hardware in the case of a disaster.
Perimeter Defenses: Perimeter defenses such as firewall and
VPN management are important aspects of CFZ disaster
recovery plan because they assist in monitoring traffic during a
recovery process and also ensuring a safe connection for users
and clients to the alternate network in order to get the operation
back online and reduce downtime (Velliquette, 2005).
Intrusion Prevention and Protection: This is another component
that been built into the recovery plan to ensure that during the
recovery process, proper configuration is established to keep
virus definition files current and to ensure new threat and
vulnerability are detected and prevented to improve the
fortification process in order to reduce system downtime and
return the system back to normal operations (Velliquette, 2005).
Justification of Disaster Response Protocol
The primary goal of CFZ is to get critical infrastructure,
networks and systems back up and running as quickly as
possible in order to minimize the potential long term impact on
the business. Having a crisis management plan is highly
important to coordinate the recovery effort in a systematic way
that enables the disaster response team to make quick and
effective decisions that will limit the impact of such disaster or
crisis. Not having this type of systematic plan might cause
ineffective decisions to be made and in turn cause an increase in
disruption time, which can be very detrimental not only to the
business but also to customers, stakeholders and investors alike
(Velliquette, 2005). The presence of an alternate recovery site,
an emergency response location and backup data are
instrumental to the strategic and tactical implementation of the
recovery procedures, without which the recovery process is
impossible. Also implementing perimeter defenses, intrusion
prevention system and virus protection during the recovery
12. process will ensure that new threats that could impede the
recovery process do not arise and increase the magnitude of the
already bad situation (Martin, 2005). The survivability of any
organization after a disaster is dependent on the premise of a
successful continence planning, which would determine how
effective an organization would responds to mitigate the
business impacts of such disaster (Martin, 2005).
Access Control Protocols
Security challenges faced at CFZ due to data breaches caused
the management to implement network access control protocols
that will provide endpoint assessment, authentication and
authorization of entities trying to gain access to their network,
while also limiting the privileges of user assigned roles. First,
CFZ decided to implement smart cards for employees, which
digital certificate and underlying password associated with
individual users. The smart cards provided authentication and
authorization used by employees and users to gain secure access
to the organization’s network (Boscolo, 2008). It also formed
the basis of accountability for users in ensuring that their smart
card are used in accordance to the organization’s acceptable use
policy and cannot be shared with any other users (Boscolo,
2008).
CFZ also implemented the Role Based Access Control List,
which grants permissions to users based on assigned roles rather
than granting permission to actual users. Users can only inherit
certain permissions or privileges based on the role they have
been assigned to (Conklin & White, 2015). The least privilege
security approach was also implemented to grant the least
necessary permission and privileges that will enable users to
perform their daily tasks according to their assigned roles
(Conklin & White, 2015).
Finally, the company also implemented separation of duties
with the different departments. This concept ensures that tasks
are broken down into several duties to be performed by
different individuals, in order to limit the probability of an
employee exploiting the organization system for their personal
13. gains (Conklin & White, 2015).
Justification of Access Control Protocols
CFZ decided to utilize smart cards, because it satisfies two
factor authentication, which was more secure than a one factor
authentication process such as passwords. Even though it cost
more in terms of infrastructure to support it, two factor
authentication provided two step verification process, which
makes data breaches twice as hard for an external intruder,
because not only do they need to have physical control of the
smart card but they will also need to have the pin number
associated to that card before they can be granted access to the
organization’s network (Conklin & White, 2015). The smart
card also created accountability measures, which makes the
owner of the card responsible for it usage on the network. It
also provided non repudiation, which means that a user cannot
deny to certain information as long as their digital signatures
was associated with the retrieval or access of such information.
In order words, it provided easy tracking of user and employee
activity across the network. Finally it improves integrity of
information because users can use embedded digital signatures /
private keys to encrypt files and emails before transmission and
also makes it easy for other members of organization to easily
decrypt such files or information using the corresponding public
keys (Conklin & White, 2015).
CFZ also decided to utilize role based access control list
because of the flexibility it create of granting and revoking user
access based on specified roles within the organization. Users
can be granted permissions to objects in terms of the specific
duties they must perform and not according to a security
classification associated to the individual objects (Rouse,
2012).
Finally implementing separation of duties helps CFZ
manage conflict of interest and fraud, by restricting power held
by any one individual. This provides checks and balances and
also limits the harm that can be caused by one single individual
and reduces the organization’s exposure to damage (Conklin &
14. White, 2015).
Maintaining Information Assurance Plan
CFZ understands that maintaining this information
assurance plan will involve every member of the organization
and also require a day to day monitoring, so it is stays effective
and relevant in improving their network security. Therefore
management created some critical steps and programs that will
enforce daily maintenance and continuous implementation of
the plan.
Security Awareness Programs: CFZ management decided to
implement monthly security meetings to talk about security
policies, risks and incidents assessments performed for the
organization. The awareness program serves as a monthly
refresher to the daily security risks facing the organization as
well as creating continous awareness for relevant security
incidents that has occurred within their organization or industry
(Kadam, 2002).
Monitor and Review Security Performance: Since the
implementation of an information assurance policy is not a one-
time event, CFZ created controls to monitor and review
performance of the plan, to ensure that it is still serving the
purpose for which it was created (Kadam, 2002).
Quarterly Audits: CFZ IT department also set up quarterly
audits with an external auditor to review the various
performance controls in place, gather performance results,
document all non-conformities that will require corrective
actions and identify new threats (Kadam, 2002).
Management Review: This review meetings will be conducted to
revisit issues, analyze audit reports and take decisive actions,
whether to keep the information assurance plan as is or to
recommend improvements in order to accommodate the newly
identified threats (Kadam, 2002).
Justification of Maintenance Plan
The importance of these maintenance steps is that they help to
periodically access risks, identify new risks, and measure
15. effectiveness of the program. Periodic audits are important
because they serve as compliance controls that help the
organization to monitor compliance to the plan. They also help
access new risks, which gives the management the most updated
information concerning risk facing their organization, and helps
determine proper corrective actions to taken in order to ensure
the most adequate security controls are implemented.
Awareness training programs are also critical to keep users and
employees abreast of the latest security information that will
ensure conformance or unanimous compliance to the most
updated security controls (Garbars, 2002). When users are
unaware of the latest threats, then they cannot protect
themselves nor the organization from such threats and damages
that will ensue afterwards.
Monitoring the effectiveness of the information assurance
plan is also critical to the safety and security of the
organization. After plan has been created and implemented, it is
important to monitor and review the security performance of the
plan in order to analyze its effectiveness in improving the
security posture of the organization (Garbars, 2002).
References
Boscolo, C. (2008). How to Implement Network Access Control.
Retrieved from
http://www.computerweekly.com/opinion/How-to-
implement-network-access-control
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012).
Computer Security Incident Handling Guide. NIST
Special Publication Vol 800, pp. 61
Conklin, W. & White, G. (2015). All-in-one CompTIA
Security+ Exam Guide. Fourth Ed.
(Exam SYO-401). San Francisco: McGraw Hill.
Garbars, K. (2002). Implementing an Effective IT Security
Program. Retrieved from
https://www.sans.org/reading-
room/whitepapers/bestprac/implementing-effective-security-
16. program-80
Kadam, A. (2002). Implementation Methodology for
Information Security Management System.
Retrieved from
https://www.giac.org/paper/gsec/2693/implementation-
methodology-information-security-management-system-to-
comply-bs-7799-requi/104600
Martin, B. C. (2002). Disaster Recovery Plan Strategies and
Processes. Retrieved from
https://www.sans.org/reading-
room/whitepapers/recovery/disaster-recovery-plan-strategies-
processes-564
Rouse, M. (2012). Role Based Access Control (RBAC).
Retrieved from
http://searchsecurity.techtarget.com/definition/role-based-
access-control-RBAC
Rouse, M. (2014). Incidence Response Plan (IRP). Retrieved
from
http://searchsecurity.techtarget.com/definition/incident-
response-plan-IRP
Velliquette, D. (2005). Computer Security Considerations in
Disaster Recovery Planning. Retrieved from
http://www.sans.org/reading-
room/whitepapers/recovery/computer- security-
considerations-disaster-recvery-planning-1512.
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional
information assurance plan.
17. The effective management of information and protection of
pertinent data is essential for leveraging the required knowledge
to serve customers and
stakeholders on a continuous basis. Employing information
assurance best practices will ensure a firm is able to eliminate
hierarchical structures, become more
flat, and have greater customer touch points by leveraging the
correct information at the right time. Successful firms will
maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional
information assurance plan. You will review a real-world
business scenario in order to apply
information assurance research and incorporate industry best
practices to your recommendations for specific strategic and
tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking
industry professionals in the information assurance field.
The project is divided into four milestones, which will be
submitted at various points throughout the course to scaffold
learning and ensure quality final
submissions. These milestones will be submitted in Modules
Two, Four, Five, and Seven. The final product will be submitted
in Module Nine.
In this assignment, you will demonstrate your mastery of the
following course outcomes:
integrity, and availability of
information in a given situation for their relation to an
information assurance plan
18. responses and managing security functions that adhere to best
practices for information
assurance
research and industry best practices to inform network
governance
practices for maintaining an information assurance plan
decisions about security, access controls, and legal issues
information assurance to determine potential impact on an
organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following
prompt: Review the scenario and create an information
assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed
in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your
19. information assurance plan, including the importance of
ensuring the confidentiality,
integrity, and availability of information. What are the benefits
of creating and maintaining an information assurance plan
around those key
concepts?
b) Assess the confidentiality, integrity, and availability of
information within the organization.
c) Evaluate the current protocols and policies the organization
has in place. What deficiencies exist within the organization’s
current information
assurance policies? What are the potential barriers to
implementation of a new information assurance plan?
II. Information Security Roles and Responsibilities
a) Analyze the role of the key leaders within the organization
specific to how their responsibilities are connected to the
security of the organization’s
information. What is the relationship between these roles?
b) Evaluate key ethical and legal considerations related to
information assurance that must be taken into account by the
key leaders within the
organization. What are the ramifications of key leaders not
properly accounting for ethical and legal considerations?
c) What are the key components of information assurance as
they relate to individual roles and responsibilities within the
information assurance
plan? For example, examine the current policies as they relate
to confidentiality, integrity, and availability of information.
20. III. Risk Assessment
a) Analyze the environment in which the organization operates,
including the current protocols and policies in place related to
information
assurance.
b) Evaluate the threat environment of the organization.
c) Based on your analysis and evaluation, what are the best
approaches for implementing information assurance principles?
Where do you see the
most areas for improvement to current protocols and policies?
d) Assess the threats and vulnerabilities of the organization by
creating a risk matrix to outline the threats and vulnerabilities
found and determine
possible methods to mitigate the identified dangers.
IV. Statements of Policy
a) Develop appropriate incident response protocols to respond
to the various threats and vulnerabilities identified within the
organization.
b) Justify how the incident response protocols will mitigate the
threats to and vulnerabilities of the organization. Support your
justification with
information assurance research and best practices.
c) Develop appropriate disaster response protocols to respond to
the various threats and vulnerabilities identified within the
organization.
d) Justify how the disaster response protocols will mitigate the
threats to and vulnerabilities of the organization. Support your
justification with
21. information assurance research and best practices.
e) Develop appropriate access control protocols that provide an
appropriate amount of protection while allowing users to
continue to operate
without denial of service.
f) Justify your access control protocols. Support your
justification with information assurance research and best
practices.
g) Recommend a method for maintaining the information
assurance plan once it has been established.
h) Justify how your maintenance plan will ensure the ongoing
effectiveness of the information assurance plan. Support your
justification with
information assurance research and best practices.
V. Conclusion
a) Summarize the need for an information assurance plan for the
selected organization, including the legal and ethical
responsibilities of the
organization to implement and maintain an appropriate
information assurance plan.
b) Defend the key elements of your information assurance plan,
including which members of the organization would be
responsible for each
element.
22. Milestones
Milestone One: Information Assurance Plan Introduction
In Module Two, you will submit your introduction to the
information assurance plan. This section of the plan will
provide the overview of the current state of
the organization. Provide a brief overview of the goals and
objectives of your information assurance plan, including the
importance of ensuring the
confidentiality, integrity, and availability of information. What
are the benefits of creating and maintaining an information
assurance plan around those key
concepts? Are there current protocols and policies the
organization has in place? Additionally, what deficiencies exist
within the organization’s current
information assurance policies? What are the potential barriers
to implementation of a new information assurance plan? This
milestone is graded with the
Milestone One Rubric.
Milestone Two: Information Security Roles and Responsibilities
In Module Four, you will submit your roles and responsibilities
portion of the final project. Who are the key leaders of the
organization specific to how their
responsibilities are connected to the security of the
organization’s information? You must also identify key ethical
considerations. What are the ramifications of
key leaders not properly accounting for ethical and legal
considerations? What are the key components of information
assurance as they relate to individual roles
and responsibilities within the information assurance plan? For
example, examine the current policies as they relate to
confidentiality, integrity, and availability of
information. This milestone is graded with the Milestone Two
Rubric.
Milestone Three: Risk Assessment
23. In Module Five, you will submit the risk assessment portion of
the information assurance plan. You will provide the
organization with an assessment of the
threat environment and the risks within, as well as methods
designed to mitigate these risks. Based on your analysis and
evaluation, what are the best
approaches for implementing information assurance principles?
Where do you see the most areas for improvement to current
protocols and policies? This
milestone is graded with the Milestone Three Rubric.
Milestone Four: Statements of Policy
In Module Seven, you will submit your plan pertaining to
statements of policy. You will recommend protocols and
mitigating factors to the organization. Justify
how the disaster response protocols will mitigate the threats to
and vulnerabilities of the organization. You will focus on
disaster and incident response protocols
as well as access control. Assess, your proposed method for
maintaining the success of the plan going forward. Justify how
your method will ensure the ongoing
effectiveness of the information assurance plan. This milestone
is graded with the Milestone Four Rubric.
Final Submission: Information Assurance Plan
In Module Nine, you will submit your information assurance
plan. It should be a complete, polished artifact containing all of
the critical elements of the final
product. It should reflect the incorporation of feedback gained
throughout the course. This submission will be graded with the
Final Product Rubric.
24. Deliverables
Milestone Deliverable Module Due Grading
1 Information Assurance Plan Introduction Two Graded
separately; Milestone One Rubric
2 Information Security Roles and
Responsibilities
Four Graded separately; Milestone Two Rubric
3 Risk Assessment Five Graded separately; Milestone Three
Rubric
4 Statements of Policy Seven Graded separately; Milestone
Four Rubric
Final Submission: Information Assurance
Plan
Nine Graded separately; Final Product Rubric
Final Product Rubric
Guidelines for Submission: Your information assurance plan
should adhere to the following formatting requirements: 10–12
pages, double-spaced, using 12-
point Times New Roman font and one-inch margins. Use
25. discipline-appropriate citations.
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Overview of Goals
and Objectives
Meets “Proficient” criteria and
quality of overview establishes
expertise in the discipline
Provides a brief but
comprehensive overview of the
goals and objectives of the
information assurance plan,
including the importance of
ensuring the confidentiality,
integrity, and availability of
information and the benefits of
creating and maintaining an
information assurance plan
Provides a brief overview of the
goals and objectives of the
information assurance plan but
does not include the importance
of ensuring the confidentiality,
integrity, and availability of
26. information or the benefits of
creating and maintaining an
information assurance plan
Does not provide a brief overview
of the goals and objectives of the
information assurance plan
4
Confidentiality,
Integrity, and
Availability of
Information
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of key information
assurance concepts
Accurately assesses the
confidentiality, integrity, and
availability of information within
the organization
Assesses the confidentiality,
integrity, and availability of
information within the
organization but some elements
of the assessment may be
illogical or inaccurate
Does not assess the
confidentiality, integrity, and
availability of information within
27. the organization
5
Current Protocols
and Policies
Meets “Proficient” criteria and
demonstrates deep insight into
complex deficiencies and barriers
to implementation of a new
information assurance plan
Logically evaluates the current
protocols and policies in place,
including deficiencies that
currently exist and potential
barriers to implementation of a
new information assurance plan
Evaluates the current protocols
and policies in place but does not
address the deficiencies that
currently exist or potential
barriers to implementation of a
new information assurance plan,
or evaluation is illogical
Does not evaluate the current
protocols and policies in place
4
Responsibilities of
Key Leaders
28. Meets “Proficient” criteria and
demonstrates a nuanced
understanding of the relationship
between these roles and
information security
Analyzes the role of the key
leaders within the organization
specific to how their
responsibilities are connected to
the security of the organization’s
information
Analyzes the role of the key
leaders within the organization
but misses key roles or aspects of
responsibilities specific to the
security of the organization’s
information
Does not analyze the role of the
key leaders within the
organization
5
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf
Key Ethical and Legal
Considerations
29. Meets “Proficient” criteria and
provides complex or insightful
reflection of the ramifications of
key leaders not properly
accounting for ethical and legal
considerations
Accurately evaluates key ethical
and legal considerations related
to information assurance that
must be taken into account by
the key leaders within the
organization, including the
ramifications of key leaders not
properly accounting for ethical
and legal considerations
Evaluates ethical and legal
considerations related to
information assurance that must
be taken into account by the key
leaders within the organization
but does not include the
ramifications of key leaders not
properly accounting for ethical
and legal considerations, or
evaluation is inaccurate
Does not evaluate ethical and
legal considerations related to
information assurance that must
be taken into account by the key
leaders within the organization
30. 5
Key Components of
Information
Assurance
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of how each key
component identified impacts
each individual’s role and
responsibility
Comprehensively addresses
components of information
assurance as they relate to
individual roles and
responsibilities within the
information assurance plan
Addresses components of
information assurance as they
relate to individual roles and
responsibilities within the
information assurance plan but
does not address confidentiality,
integrity, and/or availability of
information
Does not address any
components of information
assurance as they relate to
individual roles and
responsibilities within the
information assurance plan
31. 5
Analysis of
Environment
Meets “Proficient” criteria and
demonstrates unique or
insightful reflection of current
protocols and policies
Logically analyzes the
environment in which the
organization operates, including
the current protocols and policies
in place related to information
assurance
Analyzes the environment in
which the organization operates
but does not include the current
protocols and policies in place
related to information assurance
Does not analyze the
environment in which the
organization operates
5
Threat Environment
Meets “Proficient” criteria and
demonstrates deep insight into
32. hidden or complex threats or
vulnerabilities
Accurately analyzes the threat
environment of the organization
Evaluates the threat environment
of the organization but misses
crucial threats or vulnerabilities,
or the evaluation is inaccurate
Does not evaluate the threat
environment of the organization
5
Best Approaches
Meets “Proficient” criteria and
demonstrates unique or
insightful reflection regarding
areas for improvement
Comprehensively discusses best
approaches for implementing
information assurance principles,
including areas of improvement
to current protocols and policies
Discusses best approaches for
implementing information
assurance principles, but does
not fully develop ideas related to
areas of improvement to current
protocols and policies
33. Does not discuss best approaches
for implementing information
assurance principles
5
Risk Matrix
Meets “Proficient” criteria and
demonstrates deep insight into
hidden or complex threats or
vulnerabilities and possible
methods to mitigate the
identified dangers
Creates a risk matrix to
comprehensively and accurately
assess the threats to and
vulnerabilities of the
organization, including possible
methods to mitigate the
identified dangers
Creates a risk matrix to assess the
threats to and vulnerabilities of
the organization but does not
include possible methods to
mitigate the identified dangers,
or assessment is incomplete or
inaccurate
34. Does not create a risk matrix to
assess the threats to and
vulnerabilities of the organization
5
Incident Response
Protocols
Meets “Proficient” criteria and
provides secondary incident
response protocols in the event
that primary protocols fail
Develops appropriate incident
response protocols to respond to
the various threats and
vulnerabilities identified
Develops incident response
protocols to respond to the
various threats and
vulnerabilities identified, but they
are not all appropriate or do not
respond to all the threats and
vulnerabilities
Does not develop incident
response protocols
5
Justification of
Incident Response
35. Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of not
providing for adequate incident
response protocols
Logically justifies how the
incident response protocols will
mitigate the threats to and
vulnerabilities of the organization
with support from information
assurance research and best
practices
Justifies how the incident
response protocols will mitigate
the threats to and vulnerabilities
of the organization with minimal
support from information
assurance research and best
practices, or justification is
illogical
Does not justify how the incident
response protocols will mitigate
the threats and vulnerabilities to
the organization
5
Disaster Response
Protocols
36. Meets “Proficient” criteria and
demonstrates deep insight into
responding to hidden or complex
threats or vulnerabilities
Develops appropriate disaster
response protocols to respond to
the various threats and
vulnerabilities identified
Develops disaster response
protocols to respond to the
various threats and
vulnerabilities identified, but they
are not all appropriate or do not
respond to all the threats and
vulnerabilities
Does not develop disaster
response protocols
4
Justification of
Disaster Response
Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of not
providing for adequate disaster
response protocols
37. Logically justifies how the
disaster response protocols will
mitigate the threats to and
vulnerabilities of the organization
with support from information
assurance research and best
practices
Justifies how the disaster
response protocols will mitigate
the threats to and vulnerabilities
of the organization with minimal
support from information
assurance research and best
practices, or justification is
illogical
Does not justify how the disaster
response protocols will mitigate
the threats to and vulnerabilities
of the organization
5
Access Control
Protocols
Meets “Proficient” criteria and
demonstrates unique or
insightful reflection into
appropriate protocols
38. Develops appropriate access
control protocols that provide an
appropriate amount of protection
while allowing users to continue
to operate without denial of
service
Develops access control
protocols, but they do not
provide an appropriate amount
of protection while allowing
users to continue to operate
without denial of service
Does not develop access control
protocols
4
Justification of Access
Control Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of not
providing for adequate access
control protocols
Logically justifies the access
control protocols with support
from information assurance
research and best practices
Justifies the access control
protocols with minimal support
39. from information assurance
research and best practices, or
justification is illogical
Does not justify the access
control protocols
5
Method for
Maintaining the
Information
Assurance Plan
Meets “Proficient” criteria and
provides an established interval
for the recommended
maintenance actions
Recommends a comprehensive
method for maintaining the
information assurance plan once
it has been established
Recommends a method for
maintaining the information
assurance plan once it has been
established but
recommendations are not fully
developed
Does not recommend a method
for maintaining the information
assurance plan once it has been
40. established
5
Justification of
Maintenance Plan
Meets “Proficient” criteria and
provides insight into the dangers
of not providing for an adequate
maintenance plan
Logically justifies how the
maintenance plan will ensure the
ongoing effectiveness of the
information assurance plan with
support from information
assurance research and best
practices
Justifies how the maintenance
plan will ensure the ongoing
effectiveness of the information
assurance plan with minimal
support from information
assurance research and best
practices or justification is
illogical
Does not justify how the
maintenance plan will ensure the
ongoing effectiveness of the
information assurance plan
5
41. Summary of Need for
Information
Assurance Plan
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of the need for an
information assurance plan
Concisely summarizes the need
for an information assurance
plan, including the legal and
ethical responsibilities of the
organization to implement and
maintain an appropriate
information assurance plan
Summarizes the need for an
information assurance plan but
does not include the legal and
ethical responsibilities of the
organization to implement and
maintain an appropriate
information assurance plan or is
not concise
Does not summarize the need for
an information assurance plan
5
Defense of Key
Elements of
42. Information
Assurance Plan
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of which members
of the organization should be
responsible for each element
Strongly defends key elements of
the information assurance plan,
including which members of the
organization would be
responsible for each element and
who should be contacted in the
event of an incident
Defends key elements of the
information assurance plan but
does not include which members
of the organization would be
responsible for each element, or
defense is weak
Does not defend elements of the
information assurance plan
5
Articulation of
Response
43. Submission is free of errors
related to citations, grammar,
spelling, syntax, and organization
and is presented in a professional
and easy-to-read format
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact readability
and articulation of main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent understanding of
ideas
4
Earned Total 100%