Journal of Information Technology Education: Volume 11, 2012
Innovations in Practice
Disaster at a University:
A Case Study in Information Security
Ramakrishna Ayyagari and Jonathan Tyks
University of Massachusetts-Boston, Boston, MA, USA
[email protected]; [email protected]
Executive Summary
Security and disaster training is identified as a top Information Technology (IT) required skill that
needs to be taught in Information Systems (IS) curriculums. Accordingly, information security
and privacy have become core concepts in information system education. Providing IT security
on a shoestring budget is always difficult and many small universities are challenged with balanc-
ing cost and effectiveness. Many colleges and universities have additional security challenges,
such as relaxed working environments, less formalized policies and procedures, and employees
that “wear many hats.” Therefore, it is not surprising to note that majority of data breaches since
2005 occur in educational settings. So, it is imperative that this segment (i.e., educational set-
tings) be represented in classroom discussions to prepare future employees.
To this end, we present a case that addresses a data breach at a university caused by lax security
policies and includes an element of social engineering. The data breach at the university resulted
in a number of students’ losing personally identifiable information. The resulting aftermath
placed a significant financial burden on the university as it was not prepared to handle an infor-
mation security disaster. This case can be used as a pedagogical tool as it uniquely captured a data
breach in a university setting. Readers of the case will identify that at the management level the
case raised a number of issues regarding the security culture at the university and management of
security function. The case also highlights the issues of lack of training and access control.
Keywords: Information Security, Disaster Recovery, Data Breach.
Introduction
Security and disaster training is identified as the top IT required skill that needs to be taught in IS
curriculums (Kim, Hsu, & Stern, 2006). Accordingly, information security and privacy have be-
come core concepts in information system education (Hentea, Dhillon, & Dhillon, 2006; Kro-
enke, 2012; Laudon & Laudon, 2010). Instructors have several approaches to teach security and
privacy concepts. One can take a more traditional lecture based approach or a more hands-on ap-
proach that utilizes labs, case studies, etc. (Gregg, 2008). It is important to note that advances in
pedagogical research place emphasis on
hands-on or active learning. Imparting
knowledge based solely on lectures is
criticized as there is less opportunity for
students to be actively engaged (Bok,
1986).
Accordingly, active learning has gained
prominence among educators and re-
searchers (Meyers & Jones, 1993). Stu-
dents are eager and seek opportunities to
M ...
Journal of Information Technology Education/tutorialoutletdotcomwilliamtrumpz5m
This document presents a case study about a data breach at a university caused by lax security policies. The breach resulted in students' personally identifiable information being lost. It placed a significant financial burden on the university as it was unprepared to handle an information security disaster. The case highlights issues with the university's security culture, management of security functions, lack of training, and access controls. It is intended to be used as a pedagogical tool to teach students about information security challenges faced by educational institutions.
According to Analysts, the Higher Education sector is the most breached of any industry. This white paper outlines key reasons why universities are more affected by security issues and how they can better prepare themselves to address IT security and vulnerability management challenges.
This document reports on a study that uses a twin design to examine the genetic basis of behavioral security. The study found that behavioral security has an estimated heritability of up to 36%, meaning genetic factors may explain up to 36% of the variation in individual's behavioral security. Both shared environmental influences (such as parenting) and non-shared environmental influences (unique to each twin) also contributed to behavioral security. The results suggest behavioral security is influenced by both genetic and environmental factors.
Running head: STUDENT TRANSFER 1
STUDENT TRANSFER 3
Student transfer
Tangela Jones
Walden University
5/20/18
The above stakeholders all play important roles to ensure there are no significant gaps during the transfer enrollment processes. Rhine et al. (2000), asserts that both 4-year institutions and community college should work together for smooth student transitioning. Unfortunately, there is the theta of state cuts which affects transfer students in community colleges such as in California (Keller, 2009).
References
Keller, J. (2009). At transfer time in California, thousands of students hit a dead end. Chronicle of Higher Education, 56(7), A1-A20.
Rhine, T., Milligan, D., & Nelson, L. (2000). Alleviating transfer shock: Creating an environment for more successful transfer students. Community College Journal of Research and Practice, 24(6), 443-453.
Administrator
The Office of Admissions and registrar
Roles:
Maintenance and supervision of university
Professors
Department of Dean of Studies
Role:
To offer guidance to students on the metrics to consider when transferring.
Lecturers
Department of undergraduate and postgraduate studies
Role:
To develop and implement learning courses that help students transition from one major to another.
Researchers
Department of academic research
Role:
To provide comprehensive and free resources that guide students on enrolling on the best transfer programs and academic majors
Students
School of undergraduate and graduate studies
Role:
To fully engage with all the stakeholders involved in the transfer enrollment processes in order to fully meet their academic and career needs.
Week 14 - Ethics and Information Management
Discussion Question
Using Campbellsville University library and/or other sources such as Google Scholar, read at least four (4) academically reviewed articles on the ethical issues that may arise in information management.
Please note that Wikipedia or other internet articles or books will not be accepted for this discussion.Students must support their discussion with at least 4 academically reviewed articles. (Wikipedia, Smallbusinesschron.com and other internet articles are not acceptable. Professor reviews the originality of all postings). Do not copy and paste.
1. Write a comparative analysis of the articles noting the similarities and differences.
2. Compare the information in those articles to the materials in Chapter 14 of your textbook. Does the premise of those articles support the overall theme of the materials in Chapter 14 of your textbook? Why or why not?
3. Discuss what you learned from those articles. In your discussion, give example(s) of your organization handles ethic concerns as they relate to information man ...
Hello dr. aguiar and classmates,for this week’s forum we were assimba35
The document discusses three potential capstone project topics related to security management. Topic 1 examines the positive and negative effects of implementing Crime Prevention Through Environmental Design (CPTED) at public schools. Topic 2 focuses on the essential need for U.S. maritime port security and the importance of compatibility between private and government security functions. Topic 3 addresses the required need for adequate training of private security professionals and how integrated training with law enforcement could advance security.
A Conceptual Review Of Interprofessional Expertise In Child SafeguardingSimar Neasy
1. The document discusses the concept of interprofessional expertise in child safeguarding. It argues that effective safeguarding requires expertise in collaborating across professions, which is difficult to develop through traditional mono-professional models.
2. Interprofessional expertise involves both formal knowledge gained through education and tacit knowledge acquired through experience working with other professions. It develops over time, from novice to expert levels, as practitioners learn to perceive situations holistically and apply analytical and intuitive approaches.
3. The development of interprofessional expertise involves early exposure to other professions, immersive experiences collaborating in complex cases, and ultimately mastery of advanced collaborative skills through reflection and practice. Formal education and training help establish
Running head: RESEARCH PROPOSAL
Introduction
This paper intends to investigate the measures of enhancing security in learning institutions. In the previous decades, most universities and colleges have appeared much unique environmental position in terms of security provisions. The security provisions are mainly based significant features which are mainly changing. The university hence can be held accountable for individual functions it is committed as an autonomous body concerning the rules and regulation. Public learning institutions have a supreme equivalence of any other government parastatals that has a duty to protect its clients and employees
Thesis Statement
This paper seeks to discuss the current statistics which indicates clearly that there is upsurging of numerous crimes which happen in colleges and universities on a continuous basis. It has been discovered that, in the year 2001, there were 11,659 robberies reported from the universities and colleges. Additionally, there have also been 610 murders. Similarly, more than 10,000 compulsory sexual assaults were also described in the college campuses over this same period.
Hypothesis
Security enhancement leads to a reduction in crimes in Learning Institutions.
The universities and schools in this country are prone to the violence. If the plight of violence in this country is not sufficiently addressed, it will lead to a rise in a number of the casualties and victims of murder in the learning institutions (Prenzler, 2012). This is considered to be evident of the challenges that take place in Virginia Tech. Even after the perilous and hazardous occurrence, the country ends up going to normal business, this must not be the case.
The federal government and other stakeholders have made the decision to take a stand and commit itself on just what it takes to ensure there is safety in the learning institutions.
The first step is to file the bill of installing security measures in learning institutions. Last year the report indicated that over 450 bills were filed but they have never been debated. Based on that, it should be noted that the university and school management do not have an obligation to be blamed with the government on certain aspects of safety and security measures.
The second step is to involve all learning institutions stakeholders in the decision making. This requires all teachers, the college management, the parents, board of governors and local communities to come up with diverse and practical strategies to put in place so as to save the students.
The third and final step is implementation. Since it has been noted that safe environment is basic to the success of the institution, and it is part and parcel of the school management. The management must execute all strategies discussed including all the bills regarding security. The much-required quality education hence ought to be stressed in all possible situations with the same enthusiasm that is bestowed .
This document discusses teaching ethical hacking skills as part of computer security education programs. It acknowledges that while hands-on labs teaching offensive techniques are important for developing security professionals, they also carry risks of inappropriate student behavior. The paper analyzes student behavior data and surveys to examine these risks. It recommends that computer security programs include both defensive and offensive hands-on labs, alongside lectures, but take steps to minimize risks and reduce liability, such as providing ethical guidelines for students and monitoring their online activities. The goal is to produce skilled security professionals while preventing illegal or unethical student conduct.
Journal of Information Technology Education/tutorialoutletdotcomwilliamtrumpz5m
This document presents a case study about a data breach at a university caused by lax security policies. The breach resulted in students' personally identifiable information being lost. It placed a significant financial burden on the university as it was unprepared to handle an information security disaster. The case highlights issues with the university's security culture, management of security functions, lack of training, and access controls. It is intended to be used as a pedagogical tool to teach students about information security challenges faced by educational institutions.
According to Analysts, the Higher Education sector is the most breached of any industry. This white paper outlines key reasons why universities are more affected by security issues and how they can better prepare themselves to address IT security and vulnerability management challenges.
This document reports on a study that uses a twin design to examine the genetic basis of behavioral security. The study found that behavioral security has an estimated heritability of up to 36%, meaning genetic factors may explain up to 36% of the variation in individual's behavioral security. Both shared environmental influences (such as parenting) and non-shared environmental influences (unique to each twin) also contributed to behavioral security. The results suggest behavioral security is influenced by both genetic and environmental factors.
Running head: STUDENT TRANSFER 1
STUDENT TRANSFER 3
Student transfer
Tangela Jones
Walden University
5/20/18
The above stakeholders all play important roles to ensure there are no significant gaps during the transfer enrollment processes. Rhine et al. (2000), asserts that both 4-year institutions and community college should work together for smooth student transitioning. Unfortunately, there is the theta of state cuts which affects transfer students in community colleges such as in California (Keller, 2009).
References
Keller, J. (2009). At transfer time in California, thousands of students hit a dead end. Chronicle of Higher Education, 56(7), A1-A20.
Rhine, T., Milligan, D., & Nelson, L. (2000). Alleviating transfer shock: Creating an environment for more successful transfer students. Community College Journal of Research and Practice, 24(6), 443-453.
Administrator
The Office of Admissions and registrar
Roles:
Maintenance and supervision of university
Professors
Department of Dean of Studies
Role:
To offer guidance to students on the metrics to consider when transferring.
Lecturers
Department of undergraduate and postgraduate studies
Role:
To develop and implement learning courses that help students transition from one major to another.
Researchers
Department of academic research
Role:
To provide comprehensive and free resources that guide students on enrolling on the best transfer programs and academic majors
Students
School of undergraduate and graduate studies
Role:
To fully engage with all the stakeholders involved in the transfer enrollment processes in order to fully meet their academic and career needs.
Week 14 - Ethics and Information Management
Discussion Question
Using Campbellsville University library and/or other sources such as Google Scholar, read at least four (4) academically reviewed articles on the ethical issues that may arise in information management.
Please note that Wikipedia or other internet articles or books will not be accepted for this discussion.Students must support their discussion with at least 4 academically reviewed articles. (Wikipedia, Smallbusinesschron.com and other internet articles are not acceptable. Professor reviews the originality of all postings). Do not copy and paste.
1. Write a comparative analysis of the articles noting the similarities and differences.
2. Compare the information in those articles to the materials in Chapter 14 of your textbook. Does the premise of those articles support the overall theme of the materials in Chapter 14 of your textbook? Why or why not?
3. Discuss what you learned from those articles. In your discussion, give example(s) of your organization handles ethic concerns as they relate to information man ...
Hello dr. aguiar and classmates,for this week’s forum we were assimba35
The document discusses three potential capstone project topics related to security management. Topic 1 examines the positive and negative effects of implementing Crime Prevention Through Environmental Design (CPTED) at public schools. Topic 2 focuses on the essential need for U.S. maritime port security and the importance of compatibility between private and government security functions. Topic 3 addresses the required need for adequate training of private security professionals and how integrated training with law enforcement could advance security.
A Conceptual Review Of Interprofessional Expertise In Child SafeguardingSimar Neasy
1. The document discusses the concept of interprofessional expertise in child safeguarding. It argues that effective safeguarding requires expertise in collaborating across professions, which is difficult to develop through traditional mono-professional models.
2. Interprofessional expertise involves both formal knowledge gained through education and tacit knowledge acquired through experience working with other professions. It develops over time, from novice to expert levels, as practitioners learn to perceive situations holistically and apply analytical and intuitive approaches.
3. The development of interprofessional expertise involves early exposure to other professions, immersive experiences collaborating in complex cases, and ultimately mastery of advanced collaborative skills through reflection and practice. Formal education and training help establish
Running head: RESEARCH PROPOSAL
Introduction
This paper intends to investigate the measures of enhancing security in learning institutions. In the previous decades, most universities and colleges have appeared much unique environmental position in terms of security provisions. The security provisions are mainly based significant features which are mainly changing. The university hence can be held accountable for individual functions it is committed as an autonomous body concerning the rules and regulation. Public learning institutions have a supreme equivalence of any other government parastatals that has a duty to protect its clients and employees
Thesis Statement
This paper seeks to discuss the current statistics which indicates clearly that there is upsurging of numerous crimes which happen in colleges and universities on a continuous basis. It has been discovered that, in the year 2001, there were 11,659 robberies reported from the universities and colleges. Additionally, there have also been 610 murders. Similarly, more than 10,000 compulsory sexual assaults were also described in the college campuses over this same period.
Hypothesis
Security enhancement leads to a reduction in crimes in Learning Institutions.
The universities and schools in this country are prone to the violence. If the plight of violence in this country is not sufficiently addressed, it will lead to a rise in a number of the casualties and victims of murder in the learning institutions (Prenzler, 2012). This is considered to be evident of the challenges that take place in Virginia Tech. Even after the perilous and hazardous occurrence, the country ends up going to normal business, this must not be the case.
The federal government and other stakeholders have made the decision to take a stand and commit itself on just what it takes to ensure there is safety in the learning institutions.
The first step is to file the bill of installing security measures in learning institutions. Last year the report indicated that over 450 bills were filed but they have never been debated. Based on that, it should be noted that the university and school management do not have an obligation to be blamed with the government on certain aspects of safety and security measures.
The second step is to involve all learning institutions stakeholders in the decision making. This requires all teachers, the college management, the parents, board of governors and local communities to come up with diverse and practical strategies to put in place so as to save the students.
The third and final step is implementation. Since it has been noted that safe environment is basic to the success of the institution, and it is part and parcel of the school management. The management must execute all strategies discussed including all the bills regarding security. The much-required quality education hence ought to be stressed in all possible situations with the same enthusiasm that is bestowed .
This document discusses teaching ethical hacking skills as part of computer security education programs. It acknowledges that while hands-on labs teaching offensive techniques are important for developing security professionals, they also carry risks of inappropriate student behavior. The paper analyzes student behavior data and surveys to examine these risks. It recommends that computer security programs include both defensive and offensive hands-on labs, alongside lectures, but take steps to minimize risks and reduce liability, such as providing ethical guidelines for students and monitoring their online activities. The goal is to produce skilled security professionals while preventing illegal or unethical student conduct.
This document discusses cybersecurity issues facing universities and how to encourage safe online behavior among students. It covers how students are more vulnerable due to lack of experience but also examines internal and external threats universities face. Protection Motivation Theory is discussed as a framework for understanding how to motivate protective behaviors through threat and coping appraisals. While warnings can be effective in moderation, too little or too much fear may not inspire change. Developing a personalized safety plan and accountability can encourage habitual safe online practices over time.
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
"This study aim sat identifying the current countermeasures used in protecting the Electronic Healthcare Record and how employees share their knowledge about the existence Electronic Healthcare Record security as well as countermeasures used in mitigating the threats and data breaches in healthcare organizations. A case study of Aminu Kano Teaching Hospital, Nigeria was used and qualitative research method was adopted where purposive and stratified random sampling was used. This led to construction of eleven relevant questions to four categories of staff. A conceptual frame work was proposed to quid the study and the findings we reevaluated using the proposed frame work. There sults revealed that there is lack of knowledge sharing among employees and some factors were found to be the resistance factors, this include educational background, behavior, low security awareness, personality differences and lack of management commitment. On the other hand, deterrent, preventive and organizational actions were partially practiced as countermeasures used to mitigate the threats and vulnerability of data breaches of Electronic Healthcare Records in Aminu Kano Teaching Hospital in Nigeria. Attahiru Saminu, CLN ""Electronic Healthcare Record Security and Management in Healthcare Organizations"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19124.pdf
Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/19124/electronic-healthcare-record-security-and-management-in-healthcare-organizations/attahiru-saminu-cln"
This document discusses several global ethics issues in higher education. It addresses challenges related to digital ethics with the rise of technologies like artificial intelligence. It also discusses how higher education institutions can promote academic integrity on a global scale. Additionally, it examines ethical considerations around recruiting and supporting international students, such as potential exploitation. Finally, it outlines the four pillars of medical ethics and how they are implemented globally in higher education.
This document summarizes key aspects of data privacy protection based on a journal article. It discusses how data privacy can be achieved through technical and social solutions, as well as complying with relevant laws and regulations. International Data Privacy Principles are proposed that draw from standards in Asia, Europe, the US and internationally. Hong Kong's Personal Data Privacy Ordinance is used as an example, outlining its six data protection principles. Protecting data privacy is seen as urgent and complex due to issues like socio-techno risks from technology use and the need to balance various parameters in contractual agreements regarding data use.
The frequency, intensity and repercussions of information security breaches in higher education has prompted colleges and universities around the world to devote more resources to enhance technical and human controls capabilities. Research has repeatedly found that technical solutions to cybercrime are insufficient in preventing incidents. The present analysis utilizes the Health Belief Model (HBM) to explain users' computer security behavior by replicating an earlier research study. The study, however, applies the HBM model to a new context, higher education, and college students serve as the sample for this research. A validated questionnaire was employed to collect responses from 263 students attending a public state Midwestern university in the United States. Multiple Linear Regression mathematical analysis was conducted on the dataset collected to measure constructs of the information security of college students. Findings of this research suggest that perceived susceptibility, perceived benefits and self-efficacy are good determinants of information security behavior for college students at least on the sample observations. Further, the analysis supported the moderating logic of perceived severity on the effects of susceptibility, benefits, general security orientation, self-efficacy and cues to action. Findings of this research call upon higher education security administrators to enact more effective awareness and training programs based on real-work security incidents simulations and incorporating information security into the general education curricula.
INVESTIGATING THE DETERMINANTS OF COLLEGE STUDENTS INFORMATION SECURITY BEHAV...ijcsit
This document summarizes a research study that investigated determinants of college students' information security behavior using a validated multiple regression model. The study applied the Health Belief Model (HBM) to explain how perceptions of susceptibility, benefits, barriers, cues to action, self-efficacy, and general security orientation predict students' computer security behavior. A questionnaire was administered to 263 students, and multiple linear regression analysis found that perceived susceptibility, benefits, and self-efficacy were good predictors of security behavior. The analysis also supported the moderating effect of perceived severity on other predictors. The findings suggest awareness and training programs should incorporate real-world security simulations and information security education.
Social navigation can be considered as an effective approach for supporting information management issues particularly privacy and security concern that prevail in the management of information systems. Any of these management information system security issues are a matter of critical acknowledgement for knowledge management systems as well. This paper outlines multiple privacy and security risks that can be applied to information systems in general. Including examples from different sectors such as health care, public information, and e-commerce, these management information issues provide an outline of the present situation. It also observes the key concerns of information system executive in these areas, highlighting the identification and explanation of regional differences and similarities. Selecting on a current issue in management information system the paper provides a detailed amount of knowledge on the possible reasons for the issues such as factors of economic development, technological status, and political/legal environment. The paper concludes by providing a revised framework for the management information issues formulated with effective literature searches. This is going to be effective enough for the studies that will more likely support such reasoning in the future.
Running Head THE BACKGROUND QUESTION 1THE BACKGROUND QUESTION.docxtodd521
Running Head: THE BACKGROUND QUESTION 1
THE BACKGROUND QUESTION 3
https://southu-nur.meduapp.com/users/sign_in
The Background Question
Name
Institution
Course
Instructor’s Name
Date
The Background Question
Obesity is defined as a BMI at or above the 95th percentile for children and teens of the same age and sex (Liu, Li, Li, Li, Wang & Li, 2018). Liu et al. (2018) argue that childhood obesity lead to such health problems as type 2 diabetes and cardiovascular disease. These could either occur at a young age, or even during adulthood. Children are also at risk of psychological problems like anxiety and depression. In addition, obesity causes significant economic challenges. These include for both the society and the family.
Obesity has emerged as a significant public health concern across the globe; the importance of early prevention and treatment cannot be exaggerated. Pediatric primary care is a promising setting for behavioral obesity prevention and treatment interventions. Primary care doctors provide a wide source of health information and interventions to the help the children and their families how to manage obesity. Primary care provides a multidisciplinary team approach where the children and their families are taught how to follow a healthy diet, the importance to practice physical exercises at least three times per week, the appropriate portion sizes and to limit the sweetened beverages (Byrne, Brown, Ball, Wild, Maximova, Holt, Cave, Martz, & Ellendt, 2018).
According to Byrne et al. (2018), obesity results from a combination of factors. They include behavioral, dietary, social, physical, genetic, and psychological factors. Nutrition during pregnancy as well as during early life are also thought of as causal factors (Byrne et al., 2018; Park & Cormier, 2018). Since a significant number of factors are known, it seems likely that effective solutions would be found. Nevertheless, this has not been the case so far. Indeed, the prevalence rate continues to rise.
The proposed study is, therefore, aimed at uncovering how childhood obesity develops, and how it could be prevented. The presumption is that changes should come from above. Working on policy changes would bring about timely solutions as the entire society would rallied towards a single aim (Liu et al., 2018). It is on this basis that the background question for the proposed research is “What policy changes are needed to address childhood obesity in an effective manner?”. Other questions to add for research that may help to build better my background question are:
How is Childhood obesity defined and how is it diagnosed in primary care?
What population is at the most risk for Childhood obesity?
What are some of the causes of Childhood obesity?
How is Childhood obesity identified and treated?
References
Byrne, J.L.S., Browne, N.E., Ball, G.D.C., Wild, C.T., Maximova, K., Holt, N.L., Cave, A.J., Martz, P., & Ellendt, C. (2018). A brief eHealth tool delivered in pri.
This document provides an in-depth analysis of security and safety procedures at community colleges. It explores the history of security at community colleges, pressing issues around mental health and crime, improvements made since 9/11 and Virginia Tech, and new certificate programs focused on security. The author analyzes several articles on the topic and concludes more financial resources are needed for counseling services and security staff as well as better communication systems like Facebook to enhance campus safety.
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?IJCNCJournal
Due to the increasingly online nature of business (e-commerce), it is essential to understand how end-users can be protected from malicious online activities such as malware. Several factors have been examined in the research on this topic. Digital native status was identified as a factor that has not been investigated thoroughly. This study examined how the security decision-making process is impacted by digital native status by looking at Protection Motivation Theory. Digital Native Status was investigated as a mediating factor in the PMT model. Intent to use antivirus was utilized as the protective measure. The findings indicate that digital native status does not mediate Fear. However, other factors, such as Fear, selfefficacy, and response efficacy, play a part in the intent to use antivirus. Conversely, the other constructs in the model, response-costs and maladaptive rewards, did not have a relationship with antivirus usage. Practically speaking, employers and eCommerce businesses could use these findings to identify factors that play into their end-user behaviors. These findings can be utilized to help guide training programs and professionals researching end-user behavior. These findings also suggest that future research should focus on factors other than age.
This document discusses how information technology is used in veterinary medicine. It describes how veterinary clinics now utilize information technology tools like digital records, digital imaging, and networked databases. It also discusses the educational requirements to become a veterinarian, including gaining hands-on experience working in animal clinics and maintaining a high GPA in science-heavy undergraduate coursework like biology, chemistry, physics, and genetics.
A Study On Academic Dishonesty And Moral ReasoningWhitney Anderson
This study examined the relationships between pressure, opportunity, rationalization, and academic dishonesty, and investigated whether these relationships were moderated by moral reasoning. The study surveyed 178 undergraduate accounting students in Indonesia. Structural equation modeling revealed that pressure, opportunity, and rationalization directly and positively predicted academic dishonesty. The relationships between these factors and academic dishonesty remained consistent between groups with low and high moral reasoning, indicating moral reasoning did not moderate these relationships. The results suggest universities should create environments where academic dishonesty is unacceptable and reduce opportunities to commit dishonest acts, as all students may be susceptible regardless of morality.
IRJET- Deterrence Theory for Evaluating Information Security Factors in E-Hea...IRJET Journal
This document analyzes factors affecting the adoption of electronic health (e-health) systems using deterrence theory. It introduces e-health systems and proposes a theoretical model to test the impact of organizational factors like deterrent efforts, severity of consequences, and preventive efforts as well as individual factors like perceived security threats and awareness on intentions to proactively use e-health. An empirical study found that deterrent efforts and severity had no significant influence while preventive efforts were important. The document thus suggests organizations focus on preventive efforts like security solutions and awareness while reducing perceived threats.
Article 1 currently, smartphone, web, and social networking technohoney690131
The document discusses several articles and papers related to ethics and privacy issues with new technologies. It covers concerns around obtaining private patient data online and vulnerabilities of electronic health records. It also discusses increased government surveillance impacting human rights and national security. Additional topics covered include privacy of patient information shared with healthcare providers and ethical challenges of data security, anonymity, and intellectual property with information technology.
Security of Health Care RecordsWith the increase of health informa.docxkaylee7wsfdubill
Security of Health Care Records
With the increase of health information technology used to store and access patient information, the likelihood of security breaches has also risen. In fact, according to the
Canadian Medical Association Journal
(CMAJ):
In the United States, there was a whopping 97% increase in the number of health records breached from 2010 to 2011… The number of patient records accessed in each breach has also increased substantially, from 26,968 (in 2010) to 49,394 (in 2011). Since August 2009, when the US government regulated that any breach affecting more than 500 patients be publicly disclosed, a total of 385 breaches, involving more than 19 million records, have been reported to the Department of Health and Human Services.
A large portion of those breaches, 39%, occurred because of a lost, stolen, or otherwise compromised portable electronic device—a problem that will likely only get worse as iPads, smartphones, and other gadgets become more common in hospitals. (CMAJ, 2012, p. E215).
Consider your own experiences. Does your organization use portable electronic devices? What safeguards are in place to ensure the security of data and patient information? For this Discussion you consider ethical and security issues surrounding the protection of digital health information.
To prepare:
·
Review the Learning Resources dealing with the security of digital health care information. Reflect on your own organization or one with which you are familiar, and think about how health information stored electronically is protected.
·
Consider the nurse’s responsibility to ensure the protection of patient information. What strategies can you use?
·
Reflect on ethical issues that are likely to arise with the increased access to newer, smaller, and more powerful technology tools.
·
Consider strategies that can be implemented to ensure that the use of HIT contributes to an overall culture of safety.
Post 1 page response APA format ( at least 3 references)
1.
an analysis of the nurse’s responsibility to protect patient information and the extent that HIT has made it easier or more difficult to protect patient privacy.
2.
Comment on any security or ethical issues related to the use of portable devices to store information.
3.
Assess the strategies your organization uses to safeguard patient information and how these promote a culture of safety.
4.
Describe an area where improvement is needed and one strategy that could address the situation.
Course Readings
·
McGonigle, D., & Mastrian, K. G. (2012).
Nursing informatics and the foundation of knowledge
(Laureate Education, Inc., custom ed.). Burlington, MA: Jones and Bartlett Learning.
o
Chapter 5, “Ethical Applications of Informatics”
This chapter examines the ethical dilemmas that arise in nursing informatics. The authors explore the responsibilities for the ethical use of health information technology.
o
Chapter 15, “Information Copyright and Fair Use and Network Securit.
Implementing The Affordable Care Act EssayMichelle Love
The document discusses the benefits of implementing electronic health record (EHR) systems. It provides perspectives from a physician who was an early adopter of EHR technology. The physician found that the EHR system improved clinical quality measures through automated feedback on adherence to evidence-based standards of care. It also reduced administrative burdens on physicians and staff, improving productivity and income. Additional benefits discussed include increased patient engagement through access to health records online and fewer calls and visits to medical records offices. Keeping EHRs error-free is also important to maintain integrity of patient information.
Towards a Structured Information Security Awareness Programmetulipbiru64
Paper presented by Mohd Nabil Zulhemay, Rohama Mohamad Rashid and Omar Zakaria at the 4th PERPUN International Conference 2015: Information Revolution, 11-12th August 2015 at Avillion Legacy Hotel, Melaka.
This document discusses a study analyzing student satisfaction with various instructional technology techniques. The study surveyed 215 students enrolled in 4 undergraduate business courses about their satisfaction with commonly used IT tools like presentation software, email/discussion lists, word processing, web search engines, online libraries, and web development applications. The study aimed to determine the relationship between different types and degrees of IT used and student satisfaction, as well as the impact of IT techniques on student perceptions of enhanced classroom behaviors like student-student and student-instructor interaction, increased information and quality of instruction, and improved course organization. The sample was predominantly male (68%), aged 19-26, and majoring in general business (75%).
•Reflective Log•Your reflective log should include the.docxtawnyataylor528
•
Reflective Log
•
Your
reflective
log
should include the following
•
What was your role within the business simulation company?
Demonstrate how you used the resources critically to make decisions
while you were running the company.
.
•The philosophers Thomas Hobbes and John Locke disagreed on the un.docxtawnyataylor528
•The philosophers Thomas Hobbes and John Locke disagreed on the understanding of political authority, with Locke taking what is commonly called the “liberal” view. Choose a side (be brave perhaps; take a side you actually disagree with). Using the writings of each given in our class text or at the Websites below, make your case for the side you chose and against the other side. Identify one (1) modern situation in the world where these issues are significant.
Philosophers Debate Politics
•Chapter 24 (pp. 768-9)
•Hobbes: text at
http://oregonstate.edu/instruct/phl302/texts/hobbes/leviathan-contents.html
;
Summary at http://plato.stanford.edu/entries/hobbes-moral/; also
http://jim.com/hobbes.htm
•Locke: text at http://www.thenagain.info/Classes/Sources/Locke-2ndTreatise.html; General
background of the concept at
http://www.digitalhistory.uh.edu/teachers/lesson_plans/pdfs/unit1_12.pdf
.
More Related Content
Similar to Journal of Information Technology Education Volume 11, 2012 .docx
This document discusses cybersecurity issues facing universities and how to encourage safe online behavior among students. It covers how students are more vulnerable due to lack of experience but also examines internal and external threats universities face. Protection Motivation Theory is discussed as a framework for understanding how to motivate protective behaviors through threat and coping appraisals. While warnings can be effective in moderation, too little or too much fear may not inspire change. Developing a personalized safety plan and accountability can encourage habitual safe online practices over time.
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
"This study aim sat identifying the current countermeasures used in protecting the Electronic Healthcare Record and how employees share their knowledge about the existence Electronic Healthcare Record security as well as countermeasures used in mitigating the threats and data breaches in healthcare organizations. A case study of Aminu Kano Teaching Hospital, Nigeria was used and qualitative research method was adopted where purposive and stratified random sampling was used. This led to construction of eleven relevant questions to four categories of staff. A conceptual frame work was proposed to quid the study and the findings we reevaluated using the proposed frame work. There sults revealed that there is lack of knowledge sharing among employees and some factors were found to be the resistance factors, this include educational background, behavior, low security awareness, personality differences and lack of management commitment. On the other hand, deterrent, preventive and organizational actions were partially practiced as countermeasures used to mitigate the threats and vulnerability of data breaches of Electronic Healthcare Records in Aminu Kano Teaching Hospital in Nigeria. Attahiru Saminu, CLN ""Electronic Healthcare Record Security and Management in Healthcare Organizations"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19124.pdf
Paper URL: https://www.ijtsrd.com/other-scientific-research-area/other/19124/electronic-healthcare-record-security-and-management-in-healthcare-organizations/attahiru-saminu-cln"
This document discusses several global ethics issues in higher education. It addresses challenges related to digital ethics with the rise of technologies like artificial intelligence. It also discusses how higher education institutions can promote academic integrity on a global scale. Additionally, it examines ethical considerations around recruiting and supporting international students, such as potential exploitation. Finally, it outlines the four pillars of medical ethics and how they are implemented globally in higher education.
This document summarizes key aspects of data privacy protection based on a journal article. It discusses how data privacy can be achieved through technical and social solutions, as well as complying with relevant laws and regulations. International Data Privacy Principles are proposed that draw from standards in Asia, Europe, the US and internationally. Hong Kong's Personal Data Privacy Ordinance is used as an example, outlining its six data protection principles. Protecting data privacy is seen as urgent and complex due to issues like socio-techno risks from technology use and the need to balance various parameters in contractual agreements regarding data use.
The frequency, intensity and repercussions of information security breaches in higher education has prompted colleges and universities around the world to devote more resources to enhance technical and human controls capabilities. Research has repeatedly found that technical solutions to cybercrime are insufficient in preventing incidents. The present analysis utilizes the Health Belief Model (HBM) to explain users' computer security behavior by replicating an earlier research study. The study, however, applies the HBM model to a new context, higher education, and college students serve as the sample for this research. A validated questionnaire was employed to collect responses from 263 students attending a public state Midwestern university in the United States. Multiple Linear Regression mathematical analysis was conducted on the dataset collected to measure constructs of the information security of college students. Findings of this research suggest that perceived susceptibility, perceived benefits and self-efficacy are good determinants of information security behavior for college students at least on the sample observations. Further, the analysis supported the moderating logic of perceived severity on the effects of susceptibility, benefits, general security orientation, self-efficacy and cues to action. Findings of this research call upon higher education security administrators to enact more effective awareness and training programs based on real-work security incidents simulations and incorporating information security into the general education curricula.
INVESTIGATING THE DETERMINANTS OF COLLEGE STUDENTS INFORMATION SECURITY BEHAV...ijcsit
This document summarizes a research study that investigated determinants of college students' information security behavior using a validated multiple regression model. The study applied the Health Belief Model (HBM) to explain how perceptions of susceptibility, benefits, barriers, cues to action, self-efficacy, and general security orientation predict students' computer security behavior. A questionnaire was administered to 263 students, and multiple linear regression analysis found that perceived susceptibility, benefits, and self-efficacy were good predictors of security behavior. The analysis also supported the moderating effect of perceived severity on other predictors. The findings suggest awareness and training programs should incorporate real-world security simulations and information security education.
Social navigation can be considered as an effective approach for supporting information management issues particularly privacy and security concern that prevail in the management of information systems. Any of these management information system security issues are a matter of critical acknowledgement for knowledge management systems as well. This paper outlines multiple privacy and security risks that can be applied to information systems in general. Including examples from different sectors such as health care, public information, and e-commerce, these management information issues provide an outline of the present situation. It also observes the key concerns of information system executive in these areas, highlighting the identification and explanation of regional differences and similarities. Selecting on a current issue in management information system the paper provides a detailed amount of knowledge on the possible reasons for the issues such as factors of economic development, technological status, and political/legal environment. The paper concludes by providing a revised framework for the management information issues formulated with effective literature searches. This is going to be effective enough for the studies that will more likely support such reasoning in the future.
Running Head THE BACKGROUND QUESTION 1THE BACKGROUND QUESTION.docxtodd521
Running Head: THE BACKGROUND QUESTION 1
THE BACKGROUND QUESTION 3
https://southu-nur.meduapp.com/users/sign_in
The Background Question
Name
Institution
Course
Instructor’s Name
Date
The Background Question
Obesity is defined as a BMI at or above the 95th percentile for children and teens of the same age and sex (Liu, Li, Li, Li, Wang & Li, 2018). Liu et al. (2018) argue that childhood obesity lead to such health problems as type 2 diabetes and cardiovascular disease. These could either occur at a young age, or even during adulthood. Children are also at risk of psychological problems like anxiety and depression. In addition, obesity causes significant economic challenges. These include for both the society and the family.
Obesity has emerged as a significant public health concern across the globe; the importance of early prevention and treatment cannot be exaggerated. Pediatric primary care is a promising setting for behavioral obesity prevention and treatment interventions. Primary care doctors provide a wide source of health information and interventions to the help the children and their families how to manage obesity. Primary care provides a multidisciplinary team approach where the children and their families are taught how to follow a healthy diet, the importance to practice physical exercises at least three times per week, the appropriate portion sizes and to limit the sweetened beverages (Byrne, Brown, Ball, Wild, Maximova, Holt, Cave, Martz, & Ellendt, 2018).
According to Byrne et al. (2018), obesity results from a combination of factors. They include behavioral, dietary, social, physical, genetic, and psychological factors. Nutrition during pregnancy as well as during early life are also thought of as causal factors (Byrne et al., 2018; Park & Cormier, 2018). Since a significant number of factors are known, it seems likely that effective solutions would be found. Nevertheless, this has not been the case so far. Indeed, the prevalence rate continues to rise.
The proposed study is, therefore, aimed at uncovering how childhood obesity develops, and how it could be prevented. The presumption is that changes should come from above. Working on policy changes would bring about timely solutions as the entire society would rallied towards a single aim (Liu et al., 2018). It is on this basis that the background question for the proposed research is “What policy changes are needed to address childhood obesity in an effective manner?”. Other questions to add for research that may help to build better my background question are:
How is Childhood obesity defined and how is it diagnosed in primary care?
What population is at the most risk for Childhood obesity?
What are some of the causes of Childhood obesity?
How is Childhood obesity identified and treated?
References
Byrne, J.L.S., Browne, N.E., Ball, G.D.C., Wild, C.T., Maximova, K., Holt, N.L., Cave, A.J., Martz, P., & Ellendt, C. (2018). A brief eHealth tool delivered in pri.
This document provides an in-depth analysis of security and safety procedures at community colleges. It explores the history of security at community colleges, pressing issues around mental health and crime, improvements made since 9/11 and Virginia Tech, and new certificate programs focused on security. The author analyzes several articles on the topic and concludes more financial resources are needed for counseling services and security staff as well as better communication systems like Facebook to enhance campus safety.
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?IJCNCJournal
Due to the increasingly online nature of business (e-commerce), it is essential to understand how end-users can be protected from malicious online activities such as malware. Several factors have been examined in the research on this topic. Digital native status was identified as a factor that has not been investigated thoroughly. This study examined how the security decision-making process is impacted by digital native status by looking at Protection Motivation Theory. Digital Native Status was investigated as a mediating factor in the PMT model. Intent to use antivirus was utilized as the protective measure. The findings indicate that digital native status does not mediate Fear. However, other factors, such as Fear, selfefficacy, and response efficacy, play a part in the intent to use antivirus. Conversely, the other constructs in the model, response-costs and maladaptive rewards, did not have a relationship with antivirus usage. Practically speaking, employers and eCommerce businesses could use these findings to identify factors that play into their end-user behaviors. These findings can be utilized to help guide training programs and professionals researching end-user behavior. These findings also suggest that future research should focus on factors other than age.
This document discusses how information technology is used in veterinary medicine. It describes how veterinary clinics now utilize information technology tools like digital records, digital imaging, and networked databases. It also discusses the educational requirements to become a veterinarian, including gaining hands-on experience working in animal clinics and maintaining a high GPA in science-heavy undergraduate coursework like biology, chemistry, physics, and genetics.
A Study On Academic Dishonesty And Moral ReasoningWhitney Anderson
This study examined the relationships between pressure, opportunity, rationalization, and academic dishonesty, and investigated whether these relationships were moderated by moral reasoning. The study surveyed 178 undergraduate accounting students in Indonesia. Structural equation modeling revealed that pressure, opportunity, and rationalization directly and positively predicted academic dishonesty. The relationships between these factors and academic dishonesty remained consistent between groups with low and high moral reasoning, indicating moral reasoning did not moderate these relationships. The results suggest universities should create environments where academic dishonesty is unacceptable and reduce opportunities to commit dishonest acts, as all students may be susceptible regardless of morality.
IRJET- Deterrence Theory for Evaluating Information Security Factors in E-Hea...IRJET Journal
This document analyzes factors affecting the adoption of electronic health (e-health) systems using deterrence theory. It introduces e-health systems and proposes a theoretical model to test the impact of organizational factors like deterrent efforts, severity of consequences, and preventive efforts as well as individual factors like perceived security threats and awareness on intentions to proactively use e-health. An empirical study found that deterrent efforts and severity had no significant influence while preventive efforts were important. The document thus suggests organizations focus on preventive efforts like security solutions and awareness while reducing perceived threats.
Article 1 currently, smartphone, web, and social networking technohoney690131
The document discusses several articles and papers related to ethics and privacy issues with new technologies. It covers concerns around obtaining private patient data online and vulnerabilities of electronic health records. It also discusses increased government surveillance impacting human rights and national security. Additional topics covered include privacy of patient information shared with healthcare providers and ethical challenges of data security, anonymity, and intellectual property with information technology.
Security of Health Care RecordsWith the increase of health informa.docxkaylee7wsfdubill
Security of Health Care Records
With the increase of health information technology used to store and access patient information, the likelihood of security breaches has also risen. In fact, according to the
Canadian Medical Association Journal
(CMAJ):
In the United States, there was a whopping 97% increase in the number of health records breached from 2010 to 2011… The number of patient records accessed in each breach has also increased substantially, from 26,968 (in 2010) to 49,394 (in 2011). Since August 2009, when the US government regulated that any breach affecting more than 500 patients be publicly disclosed, a total of 385 breaches, involving more than 19 million records, have been reported to the Department of Health and Human Services.
A large portion of those breaches, 39%, occurred because of a lost, stolen, or otherwise compromised portable electronic device—a problem that will likely only get worse as iPads, smartphones, and other gadgets become more common in hospitals. (CMAJ, 2012, p. E215).
Consider your own experiences. Does your organization use portable electronic devices? What safeguards are in place to ensure the security of data and patient information? For this Discussion you consider ethical and security issues surrounding the protection of digital health information.
To prepare:
·
Review the Learning Resources dealing with the security of digital health care information. Reflect on your own organization or one with which you are familiar, and think about how health information stored electronically is protected.
·
Consider the nurse’s responsibility to ensure the protection of patient information. What strategies can you use?
·
Reflect on ethical issues that are likely to arise with the increased access to newer, smaller, and more powerful technology tools.
·
Consider strategies that can be implemented to ensure that the use of HIT contributes to an overall culture of safety.
Post 1 page response APA format ( at least 3 references)
1.
an analysis of the nurse’s responsibility to protect patient information and the extent that HIT has made it easier or more difficult to protect patient privacy.
2.
Comment on any security or ethical issues related to the use of portable devices to store information.
3.
Assess the strategies your organization uses to safeguard patient information and how these promote a culture of safety.
4.
Describe an area where improvement is needed and one strategy that could address the situation.
Course Readings
·
McGonigle, D., & Mastrian, K. G. (2012).
Nursing informatics and the foundation of knowledge
(Laureate Education, Inc., custom ed.). Burlington, MA: Jones and Bartlett Learning.
o
Chapter 5, “Ethical Applications of Informatics”
This chapter examines the ethical dilemmas that arise in nursing informatics. The authors explore the responsibilities for the ethical use of health information technology.
o
Chapter 15, “Information Copyright and Fair Use and Network Securit.
Implementing The Affordable Care Act EssayMichelle Love
The document discusses the benefits of implementing electronic health record (EHR) systems. It provides perspectives from a physician who was an early adopter of EHR technology. The physician found that the EHR system improved clinical quality measures through automated feedback on adherence to evidence-based standards of care. It also reduced administrative burdens on physicians and staff, improving productivity and income. Additional benefits discussed include increased patient engagement through access to health records online and fewer calls and visits to medical records offices. Keeping EHRs error-free is also important to maintain integrity of patient information.
Towards a Structured Information Security Awareness Programmetulipbiru64
Paper presented by Mohd Nabil Zulhemay, Rohama Mohamad Rashid and Omar Zakaria at the 4th PERPUN International Conference 2015: Information Revolution, 11-12th August 2015 at Avillion Legacy Hotel, Melaka.
This document discusses a study analyzing student satisfaction with various instructional technology techniques. The study surveyed 215 students enrolled in 4 undergraduate business courses about their satisfaction with commonly used IT tools like presentation software, email/discussion lists, word processing, web search engines, online libraries, and web development applications. The study aimed to determine the relationship between different types and degrees of IT used and student satisfaction, as well as the impact of IT techniques on student perceptions of enhanced classroom behaviors like student-student and student-instructor interaction, increased information and quality of instruction, and improved course organization. The sample was predominantly male (68%), aged 19-26, and majoring in general business (75%).
Similar to Journal of Information Technology Education Volume 11, 2012 .docx (20)
•Reflective Log•Your reflective log should include the.docxtawnyataylor528
•
Reflective Log
•
Your
reflective
log
should include the following
•
What was your role within the business simulation company?
Demonstrate how you used the resources critically to make decisions
while you were running the company.
.
•The philosophers Thomas Hobbes and John Locke disagreed on the un.docxtawnyataylor528
•The philosophers Thomas Hobbes and John Locke disagreed on the understanding of political authority, with Locke taking what is commonly called the “liberal” view. Choose a side (be brave perhaps; take a side you actually disagree with). Using the writings of each given in our class text or at the Websites below, make your case for the side you chose and against the other side. Identify one (1) modern situation in the world where these issues are significant.
Philosophers Debate Politics
•Chapter 24 (pp. 768-9)
•Hobbes: text at
http://oregonstate.edu/instruct/phl302/texts/hobbes/leviathan-contents.html
;
Summary at http://plato.stanford.edu/entries/hobbes-moral/; also
http://jim.com/hobbes.htm
•Locke: text at http://www.thenagain.info/Classes/Sources/Locke-2ndTreatise.html; General
background of the concept at
http://www.digitalhistory.uh.edu/teachers/lesson_plans/pdfs/unit1_12.pdf
.
•From the first e-Activity, examine two (2) economic effects that yo.docxtawnyataylor528
•From the first e-Activity, examine two (2) economic effects that you believe the Iranian elections have on other countries that are currently allies with this nation. Provide a rationale for your response.
•Suggest two (2) factors that make the United States, Saudi Arabia, and the European Union allies on the world stage of politics. Provide two (2) pieces of evidence to support your rationale.
.
• What are the NYS Physical Education Standards, and how do they ali.docxtawnyataylor528
• What are the NYS Physical Education Standards, and how do they align with the National PE standards?.
• What is adaptive physical education? Are there a set of standards? If so, what are they?
• Create a chart or table listing each set of standards, and show their alignment.
.
• Choose a health problem in the human population. Some examples i.docxtawnyataylor528
• Choose a health problem in the human population. Some examples include cardiovascular disease, diabetes, cancer of a specific organ, an infectious disease, etc.
• Describe the biological and physiological aspects of the health problem and potential chemical treatments or pathways that are affected.
• Discuss the natural progression of chronic diseases, or the natural history of infectious or exposure-related illnesses.
• What are the potential outcomes of the disease (recovery or death), and what leads to those potential outcome(s)?
• The paper should be at least 975 words in length.
• Include a list of references in APA format, including the information used from the modules.
.
•Key elements to GE’s learning culture include active experimentat.docxtawnyataylor528
•Key elements to GE’s learning culture include active experimentation and action-based learning, as the talented people GE attracts and recruits apply themselves to unravel the most challenging problems of the future. GE leaders are evaluated on how well they guide the professional growth of their people, providing counsel and goal setting. Leaders are responsible for ensuring functional competence and overall business excellence of their teams, in an operating climate that emphasizes unyielding integrity.
•Use GE’s website write a 3-4 page (body of the paper should be 3-4 pages) paper discussing how training, development, and learning programs have contributed to GE’s success Review the following information about GE’s Training and Development to help get you started:
Leadership and Learning Programs – to go to the website click on the links below
•Entry-level Leadership Programs:
GE's Corporate Entry-level Leadership Programs offer recent college graduates prized development opportunities that combine real-world experience with formal classroom study. Through a series of rotating assignments — typically over a period of two years — young professionals receive accelerated professional development, world-class mentors, and global networking that cuts across GE's businesses.
•Experienced Leadership Programs:
Experienced professionals who wish to accelerate their careers find fitting opportunity in our Experienced Leadership Programs. The programs position high-potential talent in collaboration with some of the top innovators in their fields, offering intensive on-the-job development in the areas of Corporate Audit, Human Resources and Sales and Marketing.
•John F. Welch Leadership Development Center:
At GE, learning is a cultural force and Crotonville is its epicenter. For more than 50 years, the legendary John F. Welch Leadership Center has been at the forefront of real-world application for cutting-edge thinking in organizational development, leadership, innovation and change. Established in 1956, the 53-acre corporate learning campus was the first of its kind in the world.
The Crotonville campus attracts the world's brightest and most influential minds in academia and business. Every year, for thousands of our people from entry-level employees to our highest-performing executives, a journey to Crotonville is something of a pilgrimage — a transformative learning experience that, for many, becomes a defining career event.
.
• This summative assessment can be completed in class or at any .docxtawnyataylor528
• This summative assessment can be completed in class or at any other convenient location.
• Students are required to complete this task using digital tools and ensure to submit in an acceptable format, e.g. .docx, .pdf, .pptx, or as advised by your assessor.
• Please use the following formatting guidelines to complete this assessment task:
• Font Size: 12; Line Spacing: Double; Font Style: Times New Roman
• Assessment activities can be completed either in real workplace environment or in a simulated environment such as your classroom. In both cases, appropriate evidence of the assessment activities must be provided.
Instruction to Assessors:
https://zealtutors.com/2021/05/11/assuming-your-organization-was-awarded-the-following-tender-atm-id-naa-rft-20xx-105/
• You must assess student’s assessment according to the provided Marking Criteria.
• You must complete and record any evidence related to assessment activities including role-plays and presentations using appropriate forms which must be attached with student assessment submission.
• You must provide students with detailed feedback within 10 working days from submission.
Assuming your organization was awarded the following tender:
ATM ID: NAA RFT 20xx/1058
Agency: National Archives of Australia
Category: 81110000 – Computer services
Close Date & Time: 15-Aug-20xx 2:00 pm (ACT Local Time)
Publish Date: 15-Jul-20xx
Location: ACT Canberra
ATM Type: Request for Tender
APP Reference: NAA20XX-1
Multi Agency Access: No
Panel Arrangement: No
Description:
A service provider is being sought for the technical upgrade of the Archives’ website Destination: Australia. In order to ensure the best value for money and optimal functionality (for the website and related exhibition interactive) going forward, it is necessary for the website to be transferred from a proprietary CMS to a commonly available CMS (including, but not limited to, an Open Source CMS).
https://4assignmenthelpers.com/assuming-your-organization-was-awarded-the-following-tender-atm-id-naa-rft-20xx-105/
The website will enable the National Archives of Australia to collect user contributed data about the photographic collection featured on the site. The interface must be modern, engaging and user-friendly, designed to meet the needs of people of all ages, and differing levels of computer and English literacy. The website must interact successfully with an exhibition interactive via an existing API. There is an option for hosting, maintenance and support services to be provided from contract execution until 31 December 2019.
Timeframe for Delivery: November/December 20XX with a possible extension of up to 3 years for hosting and maintenance.
http://assignmenthelp4u.com/assuming-your-organization-was-awarded-the-following-tender-atm-id-naa-rft-20xx-105/
The Requirement
The National Archives of Australia (Archives) (the Customer) is responsible under the Archives Act 1983 (Cth) for the preservation and storage of .
• 2 pages• APA• how the airport uses sustainability at the o.docxtawnyataylor528
• 2 pages
• APA
•
h
ow the airport uses sustainability at the operational side/airside (everything behind the gate and basically where the airplanes are) at an airport
• e.g. use of electric cars at the airfield, like buses for passengers etc.
• Due 6 PM (NY Time)
Thank you so much!
.
¿Lógico o ilógicoIndicate whether each of the doctors statemen.docxtawnyataylor528
¿Lógico o ilógico?
Indicate whether each of the doctor's statements is
lógico
or
ilógico
.
"En este hospital se prohíben exámenes médicos."
"Esta mañana se me rompió la mano; tuve que cancelar todas las citas de esta semana."
"Se necesitan medicinas porque hay pacientes enfermos."
"En mi consultorio se regalan radiografías."
"A un enfermero se le cayeron unas botellas; por eso el paciente se quitó los zapatos."
Oraciones con
se
Rewrite the sentences using
se
.
Modelo
Buscamos médicos bilingües.
Se buscan médicos bilingües.
No pueden hablar por teléfono.
Mariela sufre muchos dolores de cabeza. Debe trabajar más.
Fiebre
se escribe así: efe - i - e - be - ere - e.
A Felipe no le gustan mucho las películas; va al cine constantemente.
Conversaciones
Choose the correct adverbs to complete the conversations.
—Éstas son las pastillas que usted debe tomar. Recuerde, son cuatro pastillas al día; debe tomarlas...
—Perdone, doctora, ¿puede hablar más ? Es que con este dolor de cabeza escucho.
—¿Te enfermas ?
— , me enfermo una vez al año.
—¿Qué te dijo el médico?
—Que debo nadar una hora, tres veces por semana porque siento dolor en los huesos. La natación es muy buena para la circulación y no lastima los huesos.
Adverbios
Fill in the blanks with words from the list. Two words will not be used.
a tiempo
casi
muchas veces
poco
rápido
tarde
Mi amigo Onofre y yo estudiamos medicina. A nuestra profesora de biología le importa mucho la puntualidad. Si los estudiantes llegan
(1) [removed],
ella está de buen humor; pero si no, ¡ojo (
watch out
)!
(2) [removed]
Onofre y yo llegamos
(3) [removed]
a clase, y ahora bajaron nuestras notas (
grades
). ¡Vamos a tener que caminar
(4) [removed]
a clase!
.
·Which of the following is considered a hybrid organizational fo.docxtawnyataylor528
·
Which of the following is considered a hybrid organizational form?
·
sole proprietorship
·
corporation
·
limited liability partnership
·
partnership
.
·Write aresearch paper of three (3) body pages on a narrow aspec.docxtawnyataylor528
·
Write aresearch paper of three (3) body pages on a narrow aspect of the topic
“
how a specific innovation or discovery from the past has impacted or changed some aspect of human history.”
The paper may be either an argumentative or analytical essay. Utiliz
e
at least three
high-quality academic references that you access through FDU on-line or physical libraries.
At least one must be a scholarly/peer reviewed article.
Use of Wikipedia, blogs, .com websites of people not known as experts in their fields, and similar sources do
not
meet this “high-quality” requirement.
·
Develop a clear thesis statement that you will support in your paper. This requires researching, analyzing, appropriately quoting, paraphrasing and summarizing the resources as well as synthesizing material. Utilize information from your resources to draw implications that support your thesis. Be SPECIFIC and EXPLICIT in providing data and in drawing conclusions
·
Your paper will be written in APA format and must include:
·
Title page
·
Abstract
·
Fully researched body with appropriate in text citations
·
References
·
Appendices (if appropriate)
Cover, Abstract/Prefatory Information, References, Appendix, Illustrations and other support materials
are in addition
to the three body pages noted above.
Your paper
must
be double space, 12 pt. Times New Roman, with paragraph indents, no extra spaces between paragraphs, on US letter paper. Margins must be 1 inch top, bottom and
both sides, with alignment flush left and uneven, or
ragged
, on right.
·
In-text citations (including secondary source citations) and references must follow APA guidelines as covered in class and in handouts that are distributed to you.
Your OUTLINE/graphic organizer will be graded separately and will be worth 10 points. Your paper will be worth 90 points, for a total of 100 points on this assignment.
.
·InterviewConduct an interview and document it.During this c.docxtawnyataylor528
·
Interview
Conduct an interview and document it.
During this course we have learned about organizational culture and structure, we have spoken of feedback and job types. As project that pulls together all concepts from this course you will conduct an interview. Document the interview and draw a conclusion in a short four to five sentence summary of the experience.
1.
create 8 to 10 professional and quality interview questions
2.
decide how you are going to document the interview (audio, video or type)
3.
conduct the interview
4.
confirm that the interview was documented
5.
write the summary paragraph
6.
submit your assignment
The topic and interviewee are to be of your choice and should allow you to learn something that will help in pursuit of your career.
.
·Submit a 50- to 100-word response to each of the followin.docxtawnyataylor528
·
Submit
a 50- to 100-word response to
each of
the following questions:
o
Understanding a Will
1.
What is
a will and what is
the benefit of having
one
?
2.
Why is it important to also have a living revocable trust with a will?
o
Creating a Durable Power of Attorney for Health Care
What is a Durable Power of Attorney for Healthcare? What information does the document provide? How is this document related to an advance directive (aka living will)?
o
Understanding the Purpose of the Must-Have Documents
4.
Why might these forms need to be
updated?
How would you go about making these updates to ensure they are valid?
5.
In what ways did you find any of these forms to be difficult to complete? What did you learn as a result of completing these forms?
.
·Section 3·Financial management, quality and marketing asp.docxtawnyataylor528
·
Section 3
·
Financial management, quality and marketing aspects of the organization
·
Financial
·
Analysis of the service reimbursement for the organization (State, Federal, Insurance and Private Pay)
·
Methods of funding
·
Research issues
·
Quality and Ethics
·
Accreditation
·
Awards
·
Regulation
·
Ethical issues regarding who receives care at the organization
·
Marketing
·
Strategies
·
Branding
·
Community and employee involvement
·
Section 4
·
Impact of economic and outside influences to the organization
·
National and world economy impact
·
Explanation of the sustainability of this organizational care model
·
Healthcare reform
·
Regulations
·
Section 5
·
Conclusion for your paper and combine all the sections into a project paper
·
Recap the info regarding organization
·
Glimpse into the future for the organization based on your learning
·
Combine all parts into a APA formatted product
.
·Why is the effort to standardize the language used in reporti.docxtawnyataylor528
Standardizing the language used in reporting clinical trials through MedDRA is important for harmonization worldwide because it allows for consistent interpretation of data across all clinical trials and countries. Using a common language and terminology in MedDRA ensures that adverse events, medical conditions, and other outcomes are classified and coded in the same way. This consistency and harmonization facilitates the sharing and comparison of data from different clinical trials and populations.
·Humans belong to the genus Homo and chimpanzees to the genus .docxtawnyataylor528
·
Humans belong to the genus Homo and chimpanzees to the genus Pan, yet studies of primate genes show that chimpanzees and humans are more closely related to one another than each is to any other animals. In light of this result, some researchers suggest that chimpanzees should be renamed as members of the genus Homo. Discuss at least three (3) practical, scientific, and / or ethical issues that might be raised by such a change in naming. aleast 400 words.
.
·Crash House II and add resources and costs—remember, only crash.docxtawnyataylor528
·
Crash House II and add resources and costs—remember, only crash tasks on the critical path and start with the lowest cost.
•
Perform resource allocation and crash House II for House III homework.
I need an Email address to send the attachment I can't uploade it here.
.
·What is the main difference between the approaches of CONFLICT .docxtawnyataylor528
Conflict theory views crime as a product of social and economic forces that promote inequality and competition, while functionalist theory sees crime as inevitable and even somewhat beneficial to society. The media is often criticized for portraying women as sexual objects rather than as complete human beings, and some think boundaries should restrict overly sexualized or degrading portrayals out of respect for human dignity.
·What is the work of art’s historical and cultural context·.docxtawnyataylor528
·
What is the work of art’s historical and cultural context?
·
Does the work adhere to the conventions of the style movement / artistic period, or does it go against those conventions?
·
How are the two works of art similar? How are they different?
o
What can we conclude from those similarities and differences?
Your draft should be 2 – 3 pages long and include at least
four
scholarly sources (two for each work of art). Check out these databases from the
Shapiro Library website
to help you get started:
·
JSTOR: you can search by subject; “Art & Art History” is your best bet here
·
Project MUSE: you can search for articles by subject here as well; look for articles under “Art and Architecture”
.
·Review the steps of the SDLC. Explain why quality service deliv.docxtawnyataylor528
·
Review the steps of the SDLC. Explain why quality service delivery depends on the execution of the service delivery life cycle. Discuss the aspects of the SDLC that are critical to quality service management. Explain your answer.
·
From the e-Activity, explain how the service delivery model used within an organization impacts an IT organization at the enterprise level.
.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
Physiology and chemistry of skin and pigmentation, hairs, scalp, lips and nail, Cleansing cream, Lotions, Face powders, Face packs, Lipsticks, Bath products, soaps and baby product,
Preparation and standardization of the following : Tonic, Bleaches, Dentifrices and Mouth washes & Tooth Pastes, Cosmetics for Nails.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
Journal of Information Technology Education Volume 11, 2012 .docx
1. Journal of Information Technology Education: Volume 11, 2012
Innovations in Practice
Disaster at a University:
A Case Study in Information Security
Ramakrishna Ayyagari and Jonathan Tyks
University of Massachusetts-Boston, Boston, MA, USA
[email protected]; [email protected]
Executive Summary
Security and disaster training is identified as a top Information
Technology (IT) required skill that
needs to be taught in Information Systems (IS) curriculums.
Accordingly, information security
and privacy have become core concepts in information system
education. Providing IT security
on a shoestring budget is always difficult and many small
universities are challenged with balanc-
ing cost and effectiveness. Many colleges and universities have
additional security challenges,
such as relaxed working environments, less formalized policies
and procedures, and employees
that “wear many hats.” Therefore, it is not surprising to note
that majority of data breaches since
2005 occur in educational settings. So, it is imperative that this
segment (i.e., educational set-
tings) be represented in classroom discussions to prepare future
employees.
To this end, we present a case that addresses a data breach at a
university caused by lax security
2. policies and includes an element of social engineering. The data
breach at the university resulted
in a number of students’ losing personally identifiable
information. The resulting aftermath
placed a significant financial burden on the university as it was
not prepared to handle an infor-
mation security disaster. This case can be used as a pedagogical
tool as it uniquely captured a data
breach in a university setting. Readers of the case will identify
that at the management level the
case raised a number of issues regarding the security culture at
the university and management of
security function. The case also highlights the issues of lack of
training and access control.
Keywords: Information Security, Disaster Recovery, Data
Breach.
Introduction
Security and disaster training is identified as the top IT required
skill that needs to be taught in IS
curriculums (Kim, Hsu, & Stern, 2006). Accordingly,
information security and privacy have be-
come core concepts in information system education (Hentea,
Dhillon, & Dhillon, 2006; Kro-
enke, 2012; Laudon & Laudon, 2010). Instructors have several
approaches to teach security and
privacy concepts. One can take a more traditional lecture based
approach or a more hands-on ap-
proach that utilizes labs, case studies, etc. (Gregg, 2008). It is
important to note that advances in
pedagogical research place emphasis on
hands-on or active learning. Imparting
knowledge based solely on lectures is
criticized as there is less opportunity for
3. students to be actively engaged (Bok,
1986).
Accordingly, active learning has gained
prominence among educators and re-
searchers (Meyers & Jones, 1993). Stu-
dents are eager and seek opportunities to
Material published as part of this publication, either on-line or
in print, is copyrighted by the Informing Science Institute.
Permission to make digital or paper copy of part or all of these
works for personal or classroom use is granted without fee
provided that the copies are not made or distributed for profit
or commercial advantage AND that copies 1) bear this notice
in full and 2) give the full citation on the first page. It is per-
missible to abstract these works so long as credit is given. To
copy in all other cases or to republish or to post on a server or
to redistribute to lists requires specific permission and payment
of a fee. Contact [email protected] to request
redistribution permission.
Editor: Uolevi Nikula
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
Information Security Disaster
apply their knowledge to simulate realistic situations (Auster &
Wylie, 2006). Research shows
that students find learning achieved through active participation
to be more meaningful and valu-
able (Mitchell, 2004; Pariseau & Kezim, 2007; Wingfield &
Black, 2005). One of the ways in
4. which students can be engaged is through case studies (Bradford
& Peck, 1997; Shapiro, 1984;
Pariseau & Kezim, 2007). Case studies provide the students a
unique opportunity to assume the
roles of participants in the cases (Richards, Gorman, Scherer, &
Landel, 1995). This provides an
opportunity for students to reflect on their learning and apply it
to crystallize their thoughts and
arguments. Students are put into situations that can be
ambiguous and force students to make de-
cisions dealing with uncertainties (Richards et al., 1995). In
fact, a recent study about learning
preferences indicates that students place high value for case
studies (Goorha & Mohan, 2009).
Raising awareness regarding security issues faced by
educational institutions is important because
the majority of reported breaches occur in educational settings.
An analysis of all the data breach-
es from 2005 indicates that 21% of breaches occur in academic
settings resulting in more than 8
million individual records being compromised (Privacy Rights
Clearinghouse, 2011). It should be
noted that the ‘education’ industry has the most number of
breaches compared to any other indus-
try category including medical, businesses, and government
agencies (Privacy Rights Clearing-
house, 2011). Further, fundamental differences exist between
academic and business settings. It is
common practice in businesses to protect trade secrets,
intellectual property, etc. However, educa-
tional settings are based on values of information sharing. As
Qayoumi and Woody (2005, page
8) point out, “…the concept of information security runs
counter to the open culture of informa-
tion sharing – a deeply held value in academe.” Therefore, it is
5. important to raise awareness about
the severity of security issues facing university settings.
However, a brief review of published
cases in prominent outlets reveals that typical cases are geared
towards business settings as pre-
sented below.
Literature Review of Security Case Studies
Most of the prominent security case studies focus on how
businesses deal with data breaches or
privacy issues. For example, McNulty (2007) discusses the
impact of a data breach on customers
in a retail electronics setting. The case deals with issues of the
best way to communicate the
breach with customers and, overall, forces the participants to
consider disaster response strategy
before a disaster occurs. Similarly, Haggerty and Chandrasekhar
(2008) highlight the events lead-
ing to and the fallout due to a data breach at TJX. These cases
highlight the issues of enormous
amount of data that retailers generate and the onus on firms to
protect the sensitive information.
Eisenmann’s (2009) case addresses the severity of growing
dependence on technology in the
medical industry. The case setting is a hospital (medical
industry) where the access to medical
records is denied, putting numerous lives at risk. As the hackers
try to extort money, the case
raises ethical and legal questions and forces participants to
make tough decisions.
Coutu (2007) raises ethical questions about the growing issue of
lack of privacy in the networked
world. The case addresses whether the information found on
Internet about a person can become
6. a burden in advancing the person’s careers. Ethical and privacy
questions related to confidential-
ity of data and data reuse in business settings are also raised
(Davenport & Harris, 2007; Fusaro,
2004; Schenberger & Mark, 2001). Davenport and Harris (2007)
present a case that deals with the
issue of data reuse. It is a common practice for businesses to
share customer data with the busi-
nesses’ affiliates. The case in question asks at what stage is the
sharing of information detrimental
to customers? In a similar vein, Fusaro’s (2004) case asks at
what stage do the data collected for
customization cross the boundary and become invasion of
privacy? DoubleClick’s profiling is-
sues and breach of privacy are also well known (Schenberger &
Mark, 2001). Complaints filed
with the Federal Trade Commission had a severe impact on the
shares of DoubleClick and led to
the development of privacy policies (Schenberger & Mark,
2001).
86
Ayyagari & Tyks
As this review points out, security case studies generally focus
on business settings even though
educational institutions experience a fair share of security
incidents. We address this gap by first
presenting a case study of a security breach at a university. We
conclude by providing discussion
points and the lessons learned from this case study.
Disaster at a University – A Case Study
7. Turn Key University (TKU) is a medium sized public university
located in Idaho. The institution
is situated on a beautiful 25 acre campus, just north of a major
city. The University consists of
over 6,000 students mostly from the surrounding region. The
institution is a liberal arts college
that offers over 30 undergraduate majors and a dozen graduate
degrees. The school has a reputa-
tion for producing quality graduates for the surrounding
community. The University is a major
employer in the area, providing jobs for over 900 employees.
Organization Hierarchy
The institution was organized as a typical university
bureaucracy, with the President’s office
overseeing the Academic Affairs, Administrative Support
Services, Human Resources, Finance,
and Information Technology divisions as shown in Figure 1.
The IT, Finance, and Administrative
Support divisions are the primary focus of this case.
Academic
Affairs
Administrative
Support ser-
vices
Finance Human Re-
sources
Information
Technology
8. Figure 1: TKU’s Organizational Hierarchy
President’s
Office
As shown in Figure 2, the Information Technology division
consisted of six departments -- Insti-
tutional Projects, Media Services, Teaching Support, Computing
Systems, Web Services, and
Network & Telecom. Each of these departments was managed
by a Director who reported to the
Chief Information Officer (CIO). The Information Technology
Division managed all aspects of
computing on the University campus. The IT division employed
over 70 permanent members and
several temporary/student employees. The IT division required a
large server farm to manage a
transaction management system and other systems. TKU
centralized all server functions in the
Computing Systems department.
87
Information Security Disaster
Director
Institutional
Projects
Director
Media
Services
9. Director
Teaching
Support
Figure 2: IT Division Hierarchy
CIO
Director
Computing
Systems
Director
Web Services
Director
Network &
Telecom.
Administrative Support Services supported the ancillary
services offered by the college. Among
other things, this division managed relationships between the
on-campus and off-campus vendors.
On-campus vendors include the post office, GoodFood (the
student meal plan provider), Col-
legeBooks (the bookstore operator), and FastSnack (the snack
machine provider). The snack ma-
chines were an important part of students’ life as many students
relied on late night RedBull®
runs to make it through a last minute cram session. Off-campus
vendors include restaurants, tan-
ning parlors, and gas stations. Compared to the IT division,
Administrative Support Services was
10. relatively small, with approximately one-fifth the numbers of
personnel in the IT division.
The Finance Division was responsible for managing and
reporting the financial state of the Uni-
versity. The division was made up of five departments:
Financial Affairs, the Budget Office, Ac-
counts Receivable, Accounts Payable, and Student Services. All
financial information reporting
was overseen by the Financial Affairs department. Overall, the
Finance division employed 30
permanent employees and several part-time members on a need
basis.
System Description
Since 2000, TKU used a transaction management system for
student meal plans. There were three
different meal plan tiers: a lower volume plan that was aimed
towards commuters, a middle vol-
ume plan that was targeted for full time students who leave on
the weekends, and a high volume
plan that was designed for students who eat all meals on
campus. Out of the three plans, the mid-
dle volume plan was the most popular among students and
responsible for the majority share of
the transactions.
In addition to the meal plans, the transaction management
system handled virtual dollars. Virtual
dollars can be thought of as a prepaid credit card. At the
beginning of the semester students were
given a balance based on their meal plan, and students drew
down the balance by purchasing
items from vendors. Students and parents were also able to add
additional funds on the card
through an online portal. Students paid for items using virtual
11. dollars at a variety of vendors –
they spent it on books from the bookstore, stamps from the post
office, drinks from the snack ma-
88
Ayyagari & Tyks
chines, and on food from neighborhood restaurants. Virtual
dollars were a hit with students as
they enjoyed having the freedom and convenience to pick what
they wanted, when they wanted.
The transaction management system was more than a way for
students to purchase food; it was
also a profit center for the college. From a fiscal perspective,
the system was able to generate an-
nual profits of $600,000 for TKU. Most of the revenues were
from commissions on sales to ven-
dors. Due to corporate cultural issues (as discussed below), the
control of the system spanned
across the IT, Administrative Support Services, and Finance
divisions, although none of the divi-
sions received commissions. All the money generated from the
system went into a central fund
managed by the President’s Office.
History of the System: Reflection of Corporate Culture
The Transaction Management System (TMS) had been in place
for over ten years at the writing
of this case and within that time frame it had changed hands
multiple times. Initially the system
was handled by the Computing Systems department in the
Information Technology Division. The
12. typical system administrator learned about the system on-the-
job in an informal fashion, and there
was a lack of process or steps that could be reproduced when
system administrators changed. Fur-
ther, when the system was implemented, security was an
afterthought and security responsibilities
played a minor role in system administrators’ job duties. As a
result, the current state of the sys-
tem was that (1) there was a lack of formal process in managing
the system and (2) the system
was never secured. At the time of writing, the system was
managed by two administrators – Gary
and Tom from the Computing Systems department. They had
been in their roles for a little over a
year.
Although the TMS system depended on multiple divisions (IT,
Finance, etc.,) for effective opera-
tion, the incentives in place were conducive to reinforcing the
functional boundaries among vari-
ous divisions (see Figure 1), thus resulting in friction among
divisions. As the TMS grew in stat-
ure, the logical solution to reduce the political tensions among
divisions was to split the system
responsibilities among the divisions. In this arrangement, IT
continued to manage the servers with
Gary as the primary administrator and Tom as the backup. The
Finance division took over the
administration and user access portion of the system. The
responsibilities for system administra-
tor fell on Don who had some technical background and was
seen as a ‘tech geek’ in the Finance
division. At the time of this case study, Don had been in the
system administrator role for three
months. When Don inherited the system, he received no formal
system administration or security
13. training and found that there were no formal policies or
business rules in place. As he learned the
system, he realized it housed a large amount of personally
identifiable information (PII). There
were student social security numbers (which acted as a students’
primary ID in the university sys-
tem), addresses, phone numbers, birthdates and meal plan
information.
The Security Structure: Technical Safeguards
The security structure was handled in two different ways. The
first was by ensuring only author-
ized people had access to the system. The second was by
viewing events in the log files. The sys-
tem was set up in a typical hierarchical structure, comparable to
Windows Active Directory.
There were user accounts that branched into user groups. People
could access the system by log-
ging in with a username and password, similar to how a person
would access their home com-
puter. When a user needed an account, the system administrator
would assign a username and
password. Once a user had a username, the system administrator
placed the user in the appropri-
ate user group, which determined what functions the user could
perform. The administrator group
had full permissions and consequently had free reign of the
system. Among other things, the ad-
ministrator could run reports, change meal plan settings, upload
data and export data from the
system.
89
14. Information Security Disaster
The next method of managing system security was through the
log files. The transaction man-
agement system created system logs whenever an event
occurred. This feature was very useful for
showing what happened within a system. The logging feature
showed the time, the user group,
and the event that occurred. While the logs were useful, the
primary drawback was that they only
showed what group created an event. As a result, events could
only be seen at the group level.
This means if a user logged into the system and made a change
and was a member of the adminis-
trator group, the log would only show that someone in that
group made a change. It didn’t show
which user made the change.
The Issue: Data Breach
Early one morning, Don was ushered into a closed door meeting
with the Chief Finance Officer,
the CIO, and an external security auditor he hadn’t met before.
In the meeting Don learned that
large amount of data, including the PII, was exported from the
system. The previous day Gary
was going through the logs to see if the patch he applied worked
correctly, and he noticed that
someone in the administrator group had exported a large amount
of data at an odd time. Gary rea-
soned that no one should be accessing the system at 2am, and he
was concerned because a large
amount of data was exported. After bringing up the issue to
management, it was decided that the
Finance division would investigate the issue. Therefore, the
responsibility to figure out exactly
what happened fell on Don. He was asked to work with an
15. auditor to find out exactly what hap-
pened. Don left the meeting feeling overwhelmed and
disconcerted; he knew nothing about secu-
rity practices and he wasn’t happy about working with the
auditor. He had recently inherited the
system and didn’t know much about it. He did know that he had
to find the source of the leak be-
fore more student information was lost and he knew his job
might be on the line.
The Investigation: Lax Security Policies and Culture
The auditor decided to interview the users of each business unit.
At a basic level, he wanted to
figure out if the leak was an internal job or if TKU had fallen
victim to a hacker. So, he wanted to
see the different entry points that a potential hacker could get
access to the system. Further, the
auditor felt it necessary to check the user account structure, the
business rules, and department
norms. By doing this, the auditor felt confident that he could
determine which user in the admin-
istrator group was responsible for the data leak, if it was an
internal job. Throughout the investi-
gation, Don was going to support the auditor and would provide
the required information.
The auditor and Don started the audit process by going through
the system. They checked the us-
er accounts and found multiple points where a hacker could
have entered the system. They found
over 50 orphan accounts, which are accounts that had been set
up but never used. When an ac-
count is set up, the policy is for the system administrator to
provide the same generic password.
Once a user logs into the system, they are prompted to enter a
new password. Since none of these
16. accounts were used, all of the accounts had the same password.
A hacker could have easily
cracked the generic password and gotten access to the system.
Another area of concern was with password complexity. The
system didn’t require users to have
strong passwords. Passwords could be as short as three
characters long and didn’t need to include
numbers or special characters. The passwords could be kept
forever and most had never been
changed. With the current sophisticated password cracking
programs available on the Internet,
hackers could break into the system in seconds. This seemed
very likely as figuring out the sys-
tem usernames was very easy. The usernames were based on the
name of the user. The first letter
of the username was the first letter of the person’s first name.
The last part of the username was
the person’s last name. For example, Gary Tolman’s username
was gtolman. This type of user-
name assignment is very common, but it can also pose a threat.
Each employee’s name was listed
on the TKU website, so a hacker could easily find a username.
90
Ayyagari & Tyks
Lastly, the system was accessed by a variety of users. They
were spread out between Information
Technology, Finance, and the Administrative Support Divisions,
so finding the exact users would
be difficult. Anyone in these divisions could be the source of
the leak. Don and the auditor didn’t
17. know how they were going to trace the culprit, but they knew
they had a daunting task. They
started off by interviewing people in the three divisions. The
Administrative Support Services
division used the transaction system to run reports, so the users
only had permissions to run re-
ports. Don and the auditor found that in addition to the
approved users, more people accessed the
system. Employees routinely gave out their login information to
student workers and temporary
employees to run reports when they were busy or on vacation.
The employees shared this login
information on Post-it® notes, over the phone, and in email.
The department did not have rules
explaining proper procedures, so employees thought these
practices were acceptable and the
norm.
Next, Don and the auditor interviewed people in the IT
Division. They focused on the Computing
Systems department, which handles the technical end of the
transaction management system. This
includes duties such as managing the server, setting up off-
campus merchants, maintaining on-
campus connections, and troubleshooting networking issues.
The transaction management system
from an IT perspective is a server with a simple front end that
users log into and a database that
holds the information. Don and the auditor found that there
were no formalized policies or proce-
dures detailing how to complete tasks. There were no business
rules and the department lacked
consistency in its approach to managing the system. In this
department, three administrators had
full administrative rights, so they had full access to the system,
allowing them to add user permis-
18. sions or initiate data exports. During the interview, Don and the
auditor also realized that in the
past when IT handled information security employees routinely
gave out initial passwords in
email or on the phone. There was only one clear written policy
and that was broken routinely.
The policy stipulated the Finance division was to extract the
required data to run reports from the
system. However, the IT division continued to extract data for
the majority of users. People pre-
ferred IT to extract the data because they were quicker than
Finance. Further, the auditor was in-
formed that there was a major upgrade to the campus
infrastructure recently, and during that time
outside contractors were on-site as technical advisors. The
contractors were supposed to have
given limited access, but by this point, the auditor was not
convinced if this exactly happened.
The following day, Don and the auditor looked at the Finance
division. The Finance division
handled the system administration and the access permissions
for the system. The department also
oversaw the functional components, such as crediting accounts
if a student was charged incor-
rectly for an item. The system was also used to run business
intelligence reports. Don was the
primary administrator for the system, so he had complete access
to it. He was able to perform
functions such as setting up user accounts and exporting data. It
was his responsibility to ensure
that correct people had access to the system.
At this point, Don took a back seat and the auditor interviewed
him. The auditor realized that Don
didn’t have much experience managing the system. Further, he
19. also gave out passwords to users
through email or on the phone. The auditor also found that Don
didn’t require users to have
strong passwords. Next, the auditor interviewed the accountants
that used the system. The ac-
countants had only limited access to the system. They could
post transactions and transfer funds,
but nothing to the extent of exporting data.
The Outcome: Victim of Social Engineering
Throughout the process, the auditor found countless examples
of lax information security
throughout the organization. There was a lack of a coordinated
security policy, and the policies in
place were not being followed. While reviewing the notes, the
auditor noticed that a contractor
requested the TMS server address over the phone. Further
follow up revealed that a system ad-
91
Information Security Disaster
ministrator gave out the server address to a contractor because
the contractors were in the middle
of upgrading servers. The administrator also mentioned that the
contractor requested the pass-
word, but the administrator didn’t feel comfortable sharing the
password on the phone and asked
the contractor to stop by the office – but the contractor was a no
show. From the description of
the events, the auditor felt it was a social engineering attempt.
Social engineering is when a hack-
er attempts to gain access to sensitive information by tricking a
20. person into giving it to them. The
immediate recommendation of the auditor was to focus on the
contractor’s activity in the organi-
zation.
Over the next few weeks the story unfolded and all the pieces of
the puzzle were put together. It
was eventually proven that the contractor stole the information.
The contractor was hired to over-
see the upgrade of servers on the storage network. While doing
this, she learned about the trans-
action management system. She knew PII could be sold on the
black market and thought the lax
security at TKU would enable her to get away with stealing data
without any repercussions. Her
only obstacle was access. Since she only had access to the
storage network, she needed a way to
get access to the transaction management server. That’s when
she called the system administrator
and got the IP address and tried to get his login credentials.
Once she got the IP address, she was
able to utilize the free tools available on the Internet to scan the
system and get the username and
password with administrative access. It took her only a matter
of minutes to get this information.
The password was only three characters long and didn’t use any
numbers or special characters.
With her new administrative permissions, she was able to export
the PII.
The Aftermath
TKU was very lucky with the outcome of the data breach. Only
five hundred students had their
information compromised. While any loss of PII is unfortunate,
high profile data breaches, such
as the ones at TJX, show how losing large amounts of data can
21. be very costly to an institution.
Like many businesses, the University attempted to keep the data
breach quiet, but the breach in-
formation was eventually released. The fear of student backlash
and the need to be compliant
with privacy breach laws forced the university to inform the
campus community of the breach.
Students were initially very angry and felt as though they could
not trust the university with their
private data. To help improve student morale, the president
offered reduced tuition for a semester
and a year of paid credit monitoring service to victims of data
breach. The University’s generous
response helped to calm the protests, but it came at a price.
TKU estimated that the tangible costs
associated with the breach amounted to over $600,000 dollars.
However, TKU will never know
how the breach affected the university’s reputation.
Discussion
This case is presented in an educational setting and raises
numerous issues that deserve attention.
People, Process and Technology are identified as essential
pillars of good security practices
(Merkow & Breithaupt, 2005). This case can be analyzed from
this perspective. The main lessons
learned from this case are presented in Table 1. The table
highlights the security themes sup-
ported by literature and the suggested improvements.
One of the main recurring themes in the case is that of lax
security policies. Strong leadership is
needed to develop a security program that changes the security
culture in the organization so that
security behaviors become second nature to employees
(Thomson, von Solms, & Louw, 2006).
22. Although developing a security program can be challenging, the
biggest challenge faced by man-
agement is justifying the cost. However, this shouldn’t act as a
deterrent as, with proper planning,
the program can be developed on a shoestring budget (Sridhar &
Bhasker, 2003). TKU can sig-
nificantly improve the security culture and strengthen its
security efforts by appointing a chief
security officer (Lowendahl, Zastrocky, & Harris,2006). Having
a dedicated figurehead for secu-
92
Ayyagari & Tyks
rity can also alleviate some of the tensions between departments
with respect to dealing with se-
curity incidents. Throughout this process, management should
realize that ‘complete security’ is a
myth and the university needs to be constantly prepared (Austin
& Darby, 2003).
Table 1: Lessons learned
Security Theme Practices Supported from
Literature
Practices Supported from
Literature
Top Management Support Top management support is
necessary to dedicate re-
sources, create policies, and
establish culture & norms
23. (Lowendahl et al., 2006;
Panko, 2009; Thomson et al.,
2006).
The lack of security figurehead
is a major drawback. The uni-
versity should consider ap-
pointing a chief security offi-
cer.
Constant communication is
needed to change the security
culture.
Access Control Strong access control (pass-
word) policies need to be im-
plemented (Merkow &
Breithaupt, 2005; Scarfone &
Souppaya, 2009). Access
should be based on the princi-
ple of least privilege to accom-
plish an individual’s task.
Access control policies need to
be formalized.
The cases of sharing and giv-
ing passwords over the phone,
writing them down are clear
violations of access control
best practices.
Since policies are good only to
the degree they are enforced,
violations should result in
some disciplinary action. This
24. would also enhance the secu-
rity culture.
Training / Awareness As security landscape changes
constantly, so does the need to
retool employees with latest
training (Hentea, 2005; Wilson
& Hash, 2003). For example,
training programs that are few
years old would not have in-
cluded the aspect of social net-
working sites.
The employees need to be con-
stantly reminded that they are
an integral part of security.
The training program needs to
be implemented and constantly
reviewed to keep up with the
changes.
TKU should invest significant resources in raising awareness
among its users. In a study of secu-
rity practices in university settings, Caruso (2003) reports that
the greatest barriers to security are
availability of resources and awareness. It is often the case that
to achieve effective security, fo-
cus should be on humans, not technology itself (Caruso, 2003).
Hentea et al. (2006) report that
“User awareness and education are the most critical elements
because many successful security
intrusions come from simple variations of the basics: social
engineering and user complacency”
(page 228). Therefore, TKU should also ensure that proper
25. training is provided for all employees
so that they become aware of security threats. Ideally, this
training program should be recurrent,
as new threats arise continuously (Medlin & Romaniello, 2007).
It is recommended that employ-
93
Information Security Disaster
ees take security training and, then, keep up-to-date with a
refresher course once a year. Further,
employees responsible for sensitive information need to be
properly trained with respect to regu-
latory compliance. For example, proper training in social
engineering aspects could have pro-
vided the employees with the tools needed to identify these type
of attacks and could have proba-
bly avoided the TKU’s breach. As Mitnick (2003) argues, the
weakest link in the security chain is
not technological, but it is the human element. He provides
simple examples about how even with
sound technical defenses, it is still possible for an attacker to
gain upper hand by using social en-
gineering. Such training could bolster the work force and can
make the employees cognizant and
cautious in their approach to security.
Another place in which the process and technology need to
improve is with respect to access con-
trol. Currently, TKU has a very weak password policy and it
should be improved. However, the
password issues faced by TKU are not uncommon. In a study of
health care workers, it was found
26. that passwords used to protect sensitive patient information had
significant problems (Medlin &
Romaniello, 2007). For example, it is reported that some users
had same or similar passwords as
their usernames. Another study of actual e-commerce passwords
revealed that one-third of users
used very weak passwords and the time it took to crack these
passwords was less than a minute
(Cazier & Medlin, 2006). A recent study studying users’
password practices found that users
don’t use strong passwords (Barra, McLeod, Savage, & Simkin,
2010). A typical strong password
consists of alpha numeric characters (upper and lowercase),
symbols, and is at least 8 characters
long. Also, studies have revealed that individuals (especially in
university settings) are willing to
give their own and their friends’ passwords for some token gifts
(Smith, 2004). Given the prob-
lems with remembering passwords and the simplicity of
passwords, it is proposed that users de-
velop and utilize passphrases to improve password security
(Keith, Shao, & Steinbart, 2009). Us-
ers should also be discouraged from sharing or mailing
passwords and principles of ‘least privi-
lege’ required to perform a job should be adopted (Merkow
&Breithaupt , 2005). Further, keeping
up with industry standards, TKU should consider moving away
from using social security num-
bers for identification.
Conclusion
This paper begins by discussing the importance of using case
studies as a pedagogical approach.
It is noted that the majority of data breaches since 2005 occur in
educational institutions. There-
fore, it is important to address this segment so that appropriate
27. protections are in place. To this
end, Gartner research recommends the use of case studies in
educational settings to improve the
security (Lowendahl et al., 2006). Accordingly, the case
presented here deals with the issue of
data breach at a university. The events leading up to the breach
and the subsequent analysis are
presented. In conclusion, the case demonstrates the security
problems and proposes possible solu-
tions in an educational setting.
References
Auster, E. R., & Wylie, K. K. (2006). Creating active learning
in the classroom: A Systematic Approach.
Journal of Management Education, 30(3), 333-353.
Austin, R. D., & Darby, C. A. R. (2003). The myth of secure
computing. Harvard Business Review, June,
120-126.
Barra, R., McLeod, A., Savage, A., & Simkin, M.G. (2010).
Passwords: Do user preferences and website
protocols differ from theory? Journal of Information Privacy
and Security, 6(4), 50-69.
Bok, D. (1986). Higher learning. Cambridge: Harvard Business
Press.
Bradford, B. M., & Peck, M. W. (1997). Achieving AECC
outcomes through the seven principles for good
practice in undergraduate education. Journal of Education for
Business, 72, 364-368.
94
28. Ayyagari & Tyks
Caruso, J. B. (2003). Information technology security:
Governance, strategy, and practice in higher educa-
tion. ECAR, 1-7.
Cazier, J. A., & Medlin, B. D. (2006). How secure is your
password? An analysis of e-commerce pass-
words and their crack time. Journal of Information Systems
Security, 2(3), 69-82.
Coutu, D. (2007). We googled you. Harvard Business Review,
2007, 37-42.
Davenport, T. H., & Harris, J. G. (2007). The dark side of
customer analytics. Harvard Business Review,
May, 37–41.
Eisenmann, C. (2009). When hackers turn to blackmail. Harvard
Business Review, October, 39–42.
Fusaro, R. A. (2004). None of our business? Harvard Business
Review, December, 33–38.
Goorha, P., & Mohan, V. (2009). Understanding learning
preferences in the business school curriculum.
Journal of Education for Business, 85(3), 145-152.
Gregg, M. (2008). Build your own security lab: A field guide to
network testing. Indianapolis: Wiley.
Haggerty, N. R. D., & Chandrasekhar, R. (2008). Security
breach at TJX. Ivey Publishing, 9B08E003.
29. Hentea, M. (2005). A perspective on achieving information
security awareness. Issues in Informing Science
and Information Technology, 2, 169-178.
Hentea, M., Dhillon, H.S., & Dhillon M. (2006). Towards
changes in information security education. Jour-
nal of Information Technology Education, 5, 221-233. Retrieved
from
http://www.jite.org/documents/Vol5/v5p221-233Hentea148.pdf
Keith, M., Shao, B., & Steinbart, P. (2009). A behavioral
analysis of passphrase design and effectiveness.
Journal of the Association for Information Systems, 10(2), 63-
89.
Kim, Y., Hsu, J., & Stern, M. (2006). An update on the IS/IT
Skills gap. Journal of Information Systems
Education, 17(4), 395-402.
Kroenke, D. M. (2012). Using MIS. New Jersey: Prentice Hall.
Laudon, K., & Laudon, J. (2010). Management information
systems. New Jersey: Prentice Hall.
Lowendahl, J-M., Zastrocky, M., & Harris, M. (2006). Best
practices for justifying and allocating higher-
education security resources. Gartner Research, G00137454.
McNulty, E. (2007). Boss, I think someone stole our customer
data. Harvard Business Review, September,
37-42.
Medlin, B. D. & Romaniello, A. (2007). An investigative study:
Health care workers as security threat sup-
pliers. Journal of Information Privacy and Security, 3(1), 30-46.
30. Merkow, M., & Breithaupt, J. (2005). Information security:
Principles and practices. New Jersey: Prentice
Hall.
Meyers, C., & Jones, T. (1993). Promoting active learning:
Strategies for the college classroom. San Fran-
cisco: Jossey-Bass.
Mitchell, R. C. (2004). Combining cases and computer
simulations in strategic management courses. Jour-
nal of Education for Business, 79(4), 198-204.
Mitnick, K. D. (2003). Are you the weak link? Harvard Business
Review, April, 18–20.
Panko, R. P. (2009). Corporate computer and network security.
New Jersey: Prentice Hall.
Pariseau, S. E., & Kezim, B. (2007). The effect of using case
studies in business statistics. Journal of Edu-
cation for Business, 83(1), 27-31.
Privacy Rights Clearinghouse. (2011).
http://www.privacyrights.org Retrieved August 18, 2011.
Qayoumi, M. H., & Woody, C. (2005). Addressing information
security risk. EDUCAUSE Quarterly,
28(4), 7-11.
95
http://www.jite.org/documents/Vol5/v5p221-233Hentea148.pdf
http://www.privacyrights.org/
Information Security Disaster
31. 96
Richards, L. G., Gorman, M., Scherer, W. T., & Landel, R. D.
(1995). Promoting active learning with cases
and instructional modules. Journal of Engineering Education,
84(4), 375-381.
Scarfone, K., & Souppaya, M. (2009). Guide to enterprise
password management. NIST Special Publica-
tion 800-118.
Schenberger, S., & Mark, K. (2001). DoubleClick Inc.:
Gathering customer intelligence. Ivey Publishing,
9B01E005.
Shapiro, B. P. (1984). An introduction to cases. Harvard
Business School Note, 9-584-097.
Smith, S. W. (2004). Probing end-user IT security practices –
through homework. Educause Quarterly,
27(4), 68-71.
Sridhar, V., & Bhasker, B. (2003). Managing information
security on a shoestring budget. Annals of Cases
on Information Technology, 5, 151-167.
Thomson, K-L., von Solms, R., & Louw, L. (2006). Cultivating
an organizational information security cul-
ture. Computer Fraud & Security, 10, 7-11.
Wilson, M., & Hash, J. (2003). Building an information
technology security awareness and training pro-
gram. NIST Special Publication 800-50.
Wingfield, S. S., & Black, G. S. (2005). Active versus passive
32. course designs: The impact on student out-
comes. Journal of Education for Business, 81(2), 119-123.
Biographies
Dr. Ramakrishna Ayyagari is an Assistant Professor in
Information
Systems at the University of Massachusetts at Boston. He
earned his
doctorate in management from Clemson University. His work
has been
published or forthcoming in outlets such as MIS Quarterly,
European
Journal of Information Systems, Journal of the AIS, Decision
Sciences,
and the proceedings of various conferences.
Jonathan Tyks has been employed in the Information
Technology
field for over ten years. He holds a bachelor’s degree in
Management
Information Systems from Bridgewater State University and an
MBA
from The University of Massachusetts at Boston. He currently
resides
in Boston, MA.
Disaster at a University: A Case Study in Information
SecurityRamakrishna Ayyagari and Jonathan TyksUniversity of
Massachusetts-Boston, Boston, MA, USA[email protected];
[email protected]Executive Summary IntroductionLiterature
Review of Security Case StudiesDisaster at a University – A
33. Case StudyOrganization HierarchySystem DescriptionHistory of
the System: Reflection of Corporate CultureThe Security
Structure: Technical SafeguardsThe Issue: Data BreachThe
Investigation: Lax Security Policies and Culture The Outcome:
Victim of Social EngineeringThe AftermathDiscussion
ConclusionReferencesBiographies
Rubric Name: Project 6: Policy Review
Policies
Level 5
Level 4
Level 3
Level 2
Level 1
Current Policy
10 points
Clearly describes the current IT cyber security policy.
8 points
Basically describes the current IT cyber security policy.
6 points
Weakly describes the current IT cyber security policy.
3 points
Little description of the current IT cyber security policy.
0 points
34. No description of the current IT cyber security policy.
Rationale
10 points
ID at least 2 IT security policies to implement based upon the
case study. Clearly discusses the rationale for selection of these
policies.
8 points
ID at least 2 IT security policies to implement based upon the
case study. Basically discusses the rationale for selection of
these policies.
6 points
ID at least one (1) IT security policy to implement based upon
the case study. Weakly discusses the rationale for selection of
the policy.
3 points
May ID at least one (1) IT security policy to implement based
upon the case study. Little discussion of the rationale for
selection of the policy.
0 points
No policies identified or discussion of the rationale for the IT
security policies.
New Technology
Level 5
Level 4
Level 3
Level 2
Level 1
Functionality of Technology
10 points
Clearly describes functionality of new technology selected for
35. implementation.
8 points
Basically describes functionality of new technology selected for
implementation.
6 points
Weakly describes functionality of new technology selected for
implementation.
3 points
Little description of functionality of new technology selected
for implementation.
0 points
No description of functionality of new technology selected for
implementation.
Challenges
10 points
Clearly describes challenges associated with the current cyber
security policy based on the new technology.
8 points
Basically describes challenges associated with the current cyber
security policy based on the new technology.
6 points
Weakly describes challenges associated with the current cyber
security policy based on the new technology.
3 points
Little description of challenges associated with the current
cyber security policy based on the new technology.
0 points
36. No description of challenges associated with the current cyber
security policy based on the new technology.
Cybersecurity Vulnerabilities
10 points
Clearly explains the cyber security vulnerabilities that could be
introduced by the new technology that may not be mitigated by
technological configuration management. Must address two (2)
or more IT policies.
8 points
Basically explains the cyber security vulnerabilities that could
be introduced by the new technology that may not be mitigated
by technological configuration management. Must address two
(2) or more IT policies.
6 points
Weakly explains the cyber security vulnerabilities that could be
introduced by the new technology that may not be mitigated by
technological configuration management. Must address at least
one (1) IT policy.
3 points
Little explanation on the cyber security vulnerabilities that
could be introduced by the new technology that may not be
mitigated by technological configuration management. May
address only one (1) policy.
0 points
No explanation on the cyber security vulnerabilities that could
be introduced by the new technology that may not be mitigated
by technological configuration management. Doesn’t address
any policies.
Recommendations
Level 5
Level 4
37. Level 3
Level 2
Level 1
Revisions and Modifications
10 points
Clearly discusses revision and modification to each IT cyber
security policy to ensure new technology doesn’t compromise
organization cyber security posture. Must address two (2) or
more IT policies.
8 points
Basically discusses revision and modification to each IT cyber
security policy to ensure new technology doesn’t compromise
organization cyber security posture. Must address two (2) or
more IT security policies.
6 points
Weakly discusses revision and modification to each IT cyber
security policy to ensure new technology doesn’t compromise
organization cyber security posture. Must address at least one
(1) IT policy.
3 points
Little discussion on revision and modification to each IT cyber
security policy to ensure new technology doesn’t compromise
organization cyber security posture. May address only one (1)
policy.
0 points
Doesn’t discuss revision and modification any IT cyber security
policy to ensure new technology doesn’t compromise
organization cyber security posture. Doesn’t address any
policies.
Challenges and Effects
10 points
38. Clearly addresses the inter- and intra-organization leadership,
managerial and policy challenges and effects associated with
the new policies.
8 points
Basically addresses the inter- and intra-organization leadership,
managerial and policy challenges and effects associated with
the new policies.
6 points
Weakly addresses the inter- and intra-organization leadership,
managerial and policy challenges and effects associated with
the new policies.
3 points
Little address of the inter- and intra-organization leadership,
managerial and policy challenges and effects associated with
the new policies.
0 points
Doesn’t address the inter- and intra-organization leadership,
managerial and policy challenges and effects associated with
the new policies.
Communication Challenges
10 points
Clearly discusses challenges in communicating new policies
across the organization.
8 points
Basically discusses challenges in communicating new policies
across the organization.
6 points
Weakly discusses challenges in communicating new policies
39. across the organization.
3 points
Little discussion of the challenges in communicating new
policies across the organization.
0 points
No discussion of the challenges in communicating new policies
across the organization.
Finds and Applies Knowledge
Level 5
Level 4
Level 3
Level 2
Level 1
Use of Authoritative Sources
5 points
Used at least 5 authoritative or scholarly sources in paper. One
must be NIST SP 800-53. No APA style errors in sources.
4 points
Used at least 3 authoritative or scholarly sources in paper. One
must be NIST SP 800-53. No more than 1 APA errors in
sources.
2 points
Used at least 2 authoritative or scholarly sources in paper. One
must be NIST SP 800-53. No more than 2 APA errors in
sources.
1 point
May have used 1 authoritative or scholarly source in paper. May
use NIST SP 800-53. May not have used APA style formatting.
0 points
40. No authoritative or scholarly sources used in paper. NIST SP
800-53 not mentioned.
Citation of Sources
5 points
All sources cited. No errors in citing material in paper.
4 points
All but 1 source cited. Had no more than 5 citing errors in
paper.
2 points
All but 2 sources cited. Had no more than 10 citing errors in
paper.
1 point
All but 3 sources cited. Had less than 15 APA citing errors in
paper.
0 points
No sources cited or had more than 15 APA citing errors in
paper.
Organization, Execution and Appearance
Level 5
Level 4
Level 3
Level 2
Level 1
Formatting
8 points
Has separate title slide with title, student name, class and date.
All slides have titles; not wordy and is easy to read; no spelling
or grammar errors; and no distracting material.
6 points
41. Basic title slide with title, student name, class and date. Slides
have less than 5 errors to include: missing titles, wordy; hard to
read slides; spelling or grammar errors; distracting material.
4 points
Weak title slide with title, student name, class and date. Slides
have less than 10 errors to include: missing titles, wordy; hard
to read slides; spelling or grammar errors; distracting material.
2 points
Missing title slide with title, student name, class and date.
Slides have less than 15 errors to include: missing titles, wordy;
hard to read slides; spelling or grammar errors; distracting
material.
0 points
Missing title slide with title, student name, class and date.
Slides have more than 15 errors to include: missing titles,
wordy; hard to read slides; spelling or grammar errors;
distracting material.
Grammar and Punctuation
2 points
Provides at least 12 PowerPoint Slides
1 point
Provides at least 10 PowerPoint Slides
0 points
Provides less than 10 PowerPoint slides
0 points
Provides less than 10 PowerPoint slides
0 points
Provides less than 10 PowerPoint slides
42. Overall Score
Level 5
14 or more
Level 4
11 or more
Level 3
8 or more
Level 2
5 or more
Level 1
0 or more
Project #6 Detailed Assignment Description
This is the final phase of the case study assignments. The
primary purpose of this project is for you to demonstrate your
understanding of the principles covered in this course. You will
create a minimum 12 PowerPoint slides to summarize the policy
review conducted and your recommendations for the next steps
the merged company should take to protect its data and
information assets. The cover, summary/conclusion and
reference slides are not part of the slide count. It will also
include a minimum of 5 references. The grading rubric provides
additional information about content and formatting of your
presentation.
Each policy review and recommendations presentation should
address the following:
43. · Current policy: Discuss the current (as per the case study) IT
cybersecurity policy.
· New technology: Describe the functionality of the new
technology selected for implementation and the challenges
associated with the current cybersecurity policy. Identify
cybersecurity vulnerabilities that could be introduced by the
new technology that might not be mitigated by technological
configuration management.
· Recommendations: Discuss revisions and modifications that
must be made to the current IT cybersecurity policy to ensure
that the new technology does not compromise the organization's
cybersecurity posture. Address the inter- and intra-organization
leadership, managerial, and policy challenges and effects
associated with the recommendations.