Security Policy Document Project
Objectives
The purpose of this two-part project is to evaluate the student’s ability to analyze security
requirements and develop a security policy that fully addresses them. By completing the two
documents, the student will also gain practical knowledge of the security policy documentation
process. The project will enable the student to see and understand the required standards in
practice, as well as the details that should be covered within the security policy documentation.
Detailed Requirements
Project Deliverable #1 (Due Week 3)
o Using the GDI Case Study below, complete the Security Policy Document
Outline.
o Provide a one or two-page Security Policy Document Outline. The Outline should
cover all aspects of the security policy document and convey the accurate and
appropriate information for the stakeholders to make the appropriate decision.
o Ungraded but instructor will provide feedback to make sure students are on-track.
This outline can become major part of the “Executive Summary” of the final
deliverable.
Project Deliverable #2 (Due Week 7)
o Using the GDI Case Study, complete the Security Policy Document.
o Provide a seven- to ten-page analysis summarizing the security policy to the
executive management team of GDI. The student designs effective real-time
security and continuous monitoring measures to mitigate any known
vulnerabilities, prevent future attacks, and deter any real-time unknown threats;
and also efficiently meets the organization’s objectives. The summary should
effectively describe the security policy in a manner that will allow the Senior
Management to understand the organizational security requirements and make the
appropriate decisions to enforce.
Guidelines
Using the GDI Case Study, create the security policy document.
The security policy document must be 8 to 10 pages long, conforming to APA standards.
NO more than 10 pages (excluding title page, table of contents (optional), and
references page). The document must be double-spaced and Time New Roman 12-
point font. See "Writing Guideline" in WebTycho where you'll find help on writing for
research projects.
At least three authoritative, outside references are required (anonymous authors or web
pages are not acceptable). These should be listed on the last page titled "References."
Appropriate citations are required. See the syllabus regarding plagiarism policies.
This will be graded on quality of research topic, quality of paper information, use of
citations, grammar and sentence structure, and creativity.
The paper is due during Week 7 of this course.
Grading Rubrics
Final Deliverable
Category Points % Description
Documentation and
Formatting
10 10%
Appropriate APA citations/referenced sources and
formats of characters/content.
Case Study Security
Policy Analysis
25 25% Accurate Completion of Security Policy.
Real-time Security 25 2.
ITS 834 Emerging Threats and CountermeasuresTotal points - 100.docxvrickens
ITS 834 Emerging Threats and Countermeasures
Total points - 100
Midterm Research Paper- The paper is due on end of day Monday July 29
Write a research paper on the topic
Cyber warfare and its implications for the United States
Your research paper should be minimally 10 pages (double spaced, Font - Georgia with font size 12). The research paper needs to refer to the following source
· Kostyuk, N., and Zhukov., M., Y. (2019). Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events? Journal of Conflict Resolution, 63(2)., 317-347. (pfd version of paper is uploaded to module 4 in d2l).
· In addition you need to have at least 5 peer reviewed journal/book references
The research needs to minimally discuss the following
· The relevance of cyber warfare for the United States
· What are some examples of possible cyber warfare scenarios where critical infrastructure could be affected
· Emerging technologies that can be used for cyber warfare
· What does Kostyuk and Zhukov (2019) address mainly in their paper? Do you agree with Kostyuk and Zhukov (2019) that cyber-attacks are ineffective as a tool of coercion in war. Ensure to explain why or why not.
· Future implications of cyber warfare for the United States
The bibliography should be included as a separate page and is not part of the 10 page requirement. Student assignments will be run through Safe Assignment. Please ensure to check the safe assignment result prior to submitting.
You will have the chance to submit your assignment up to two times. So please submit earlier than the due date so you can check your safe assign score. If your safe assign score is more than 10 percent, you need to check your paper and make any needed updates and submit again. Text that are copied directly from outside sources without being in quotes is considered plagiarism. Please refer to the University’s academic integrity policy. If there is text in your paper from outside sources that are not referenced and in quotes, you will not receive a grade for the assignment and will be referred to the department.
http://cumberland.smartcatalogiq.com/en/2017-2018/2017-2018-Undergraduate-Catalog/Academic-Affairs/Academic-Integrity-Policy
The university of Cumberland library can be assessed at https://www.ucumberlands.edu/library
The research paper should include the following components.
· Title Page (Not part of the minimum 10 page requirement)
· Abstract (quick overview in your own words of the entire content of your paper, limited to 200-350 words)
· Introduction (1-2 pages, relevance of cyber warfare for the U.S, example, possible scenarios_
· Literature Review (2-4 pages, describes the research papers that you find in reference to the topic of cyber warfare, emerging technologies that can be used, the impact of cyber warfare)
· Discussion (2-3 pages) – (Your perspective on the topic of cyber warfare, implications for the U.S, critical perspectives and/or recommendations)
· Conclusion (1-2 paragra ...
This presentation is intended for security leaders who want to create a business-based security department that provides value, and is valued by the enterprise.
The following recommendations are based on 10+ years of SEC relevancy-based research.
Rubric Name Project 7 Organization Enterprise Plan and Security P.docxSUBHI7
Rubric Name: Project 7 Organization Enterprise Plan and Security Policy Rubric
Criteria
Excellent
Outstanding
Acceptable
Needs Improvement
Needs Significant Improvement
Missing or No Submission
Address of critical areas
17 points
Ensured the plan policy thoroughly addressed each of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
13 points
Plan policy provides good coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
10 points
Plan policy provides fair coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
6 points
Plan policy provides poor coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
3 points
Plan policy provides inadequate coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
0 points
Not included or no submissio ...
IT 552 Milestone One Guidelines and Rubric The fina.docxShiraPrater50
IT 552 Milestone One Guidelines and Rubric
The final project for this course is the creation of a security awareness program proposal. In Module Two, you will take the first step in completing this project by
creating the introduction section of your proposal. Begin by reviewing the Case Document, which will provide you with information about the organization for
which you are creating the security awareness program proposal. Then, based on the scenario provided in the Case Document, write an introduction to your
proposal that addresses the concerns of the chief executive officer and explains why the security awareness proposal will be vital to the organization.
Specifically, the following critical elements must be addressed:
What is the purpose of your proposal? Why is the new security awareness program vital for the organization? Use specific examples to illustrate your
claims.
Overall, how would you characterize the security posture of the organization? What were the major findings in your risk assessment of the organization’s
current security awareness policies, practices, and processes?
Specifically, are there human factors that adversely affect the security climate within the organization? If so, how? Be sure to consider unintentional and
intentional threats to a healthy security culture.
Specifically, are there organizational factors that contribute to an unhealthy security culture in the organization? If so, how? Be sure to consider
organizational data flow, work setting, work planning and control, and employee readiness.
Guidelines for Submission: Your paper must be submitted as a two- to four-page Word document with double spacing, 12-point Times New Roman font, and
one-inch margins, in APA format.
Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Purpose
Meets “Proficient” criteria and
demonstrates evidence-based
perspective on the significance
of security awareness programs
Illustrates the purpose of the
proposal using specific
examples that demonstrate why
the program is vital for the
organization
The purpose of the proposal is
minimally addressed
Does not describe the purpose
of the proposal
20
Security Posture
Meets “Proficient” criteria and
demonstrates perspective in the
evaluation of the overall
security posture using specific
findings from the risk
assessment
Makes a justifiable claim about
the overall security posture of
the organization
Insufficiently makes a claim
about the overall security
posture of the organization
Does not make a claim about
the overall security posture of
the organization
20
Human Factors
Meets “Proficient” criteria
substantiated with examples of
relevant unintentional and
intentional threats
Identifies specific human factors
that adversely affect the
security climate and illustrates
their impact
Insufficiently identifies specific
human fact ...
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
ITS 834 Emerging Threats and CountermeasuresTotal points - 100.docxvrickens
ITS 834 Emerging Threats and Countermeasures
Total points - 100
Midterm Research Paper- The paper is due on end of day Monday July 29
Write a research paper on the topic
Cyber warfare and its implications for the United States
Your research paper should be minimally 10 pages (double spaced, Font - Georgia with font size 12). The research paper needs to refer to the following source
· Kostyuk, N., and Zhukov., M., Y. (2019). Invisible Digital Front: Can Cyber Attacks Shape Battlefield Events? Journal of Conflict Resolution, 63(2)., 317-347. (pfd version of paper is uploaded to module 4 in d2l).
· In addition you need to have at least 5 peer reviewed journal/book references
The research needs to minimally discuss the following
· The relevance of cyber warfare for the United States
· What are some examples of possible cyber warfare scenarios where critical infrastructure could be affected
· Emerging technologies that can be used for cyber warfare
· What does Kostyuk and Zhukov (2019) address mainly in their paper? Do you agree with Kostyuk and Zhukov (2019) that cyber-attacks are ineffective as a tool of coercion in war. Ensure to explain why or why not.
· Future implications of cyber warfare for the United States
The bibliography should be included as a separate page and is not part of the 10 page requirement. Student assignments will be run through Safe Assignment. Please ensure to check the safe assignment result prior to submitting.
You will have the chance to submit your assignment up to two times. So please submit earlier than the due date so you can check your safe assign score. If your safe assign score is more than 10 percent, you need to check your paper and make any needed updates and submit again. Text that are copied directly from outside sources without being in quotes is considered plagiarism. Please refer to the University’s academic integrity policy. If there is text in your paper from outside sources that are not referenced and in quotes, you will not receive a grade for the assignment and will be referred to the department.
http://cumberland.smartcatalogiq.com/en/2017-2018/2017-2018-Undergraduate-Catalog/Academic-Affairs/Academic-Integrity-Policy
The university of Cumberland library can be assessed at https://www.ucumberlands.edu/library
The research paper should include the following components.
· Title Page (Not part of the minimum 10 page requirement)
· Abstract (quick overview in your own words of the entire content of your paper, limited to 200-350 words)
· Introduction (1-2 pages, relevance of cyber warfare for the U.S, example, possible scenarios_
· Literature Review (2-4 pages, describes the research papers that you find in reference to the topic of cyber warfare, emerging technologies that can be used, the impact of cyber warfare)
· Discussion (2-3 pages) – (Your perspective on the topic of cyber warfare, implications for the U.S, critical perspectives and/or recommendations)
· Conclusion (1-2 paragra ...
This presentation is intended for security leaders who want to create a business-based security department that provides value, and is valued by the enterprise.
The following recommendations are based on 10+ years of SEC relevancy-based research.
Rubric Name Project 7 Organization Enterprise Plan and Security P.docxSUBHI7
Rubric Name: Project 7 Organization Enterprise Plan and Security Policy Rubric
Criteria
Excellent
Outstanding
Acceptable
Needs Improvement
Needs Significant Improvement
Missing or No Submission
Address of critical areas
17 points
Ensured the plan policy thoroughly addressed each of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
13 points
Plan policy provides good coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
10 points
Plan policy provides fair coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
6 points
Plan policy provides poor coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
3 points
Plan policy provides inadequate coverage of the following critical areas:
Identify threats and vulnerabilities.
Assign appropriate security controls to protect the infrastructure of the organization.
Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective and detect any issues.
Initiate an incident response plan for responding to problems.
Develop a business continuity and disaster recovery plan to recover from interruptions in business whether manmade or geographical.
0 points
Not included or no submissio ...
IT 552 Milestone One Guidelines and Rubric The fina.docxShiraPrater50
IT 552 Milestone One Guidelines and Rubric
The final project for this course is the creation of a security awareness program proposal. In Module Two, you will take the first step in completing this project by
creating the introduction section of your proposal. Begin by reviewing the Case Document, which will provide you with information about the organization for
which you are creating the security awareness program proposal. Then, based on the scenario provided in the Case Document, write an introduction to your
proposal that addresses the concerns of the chief executive officer and explains why the security awareness proposal will be vital to the organization.
Specifically, the following critical elements must be addressed:
What is the purpose of your proposal? Why is the new security awareness program vital for the organization? Use specific examples to illustrate your
claims.
Overall, how would you characterize the security posture of the organization? What were the major findings in your risk assessment of the organization’s
current security awareness policies, practices, and processes?
Specifically, are there human factors that adversely affect the security climate within the organization? If so, how? Be sure to consider unintentional and
intentional threats to a healthy security culture.
Specifically, are there organizational factors that contribute to an unhealthy security culture in the organization? If so, how? Be sure to consider
organizational data flow, work setting, work planning and control, and employee readiness.
Guidelines for Submission: Your paper must be submitted as a two- to four-page Word document with double spacing, 12-point Times New Roman font, and
one-inch margins, in APA format.
Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Purpose
Meets “Proficient” criteria and
demonstrates evidence-based
perspective on the significance
of security awareness programs
Illustrates the purpose of the
proposal using specific
examples that demonstrate why
the program is vital for the
organization
The purpose of the proposal is
minimally addressed
Does not describe the purpose
of the proposal
20
Security Posture
Meets “Proficient” criteria and
demonstrates perspective in the
evaluation of the overall
security posture using specific
findings from the risk
assessment
Makes a justifiable claim about
the overall security posture of
the organization
Insufficiently makes a claim
about the overall security
posture of the organization
Does not make a claim about
the overall security posture of
the organization
20
Human Factors
Meets “Proficient” criteria
substantiated with examples of
relevant unintentional and
intentional threats
Identifies specific human factors
that adversely affect the
security climate and illustrates
their impact
Insufficiently identifies specific
human fact ...
Build an Information Security StrategyAndrew Byers
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
ISE 510 Final Project Milestone Two Guidelines and Rubric .docxaryan532920
ISE 510 Final Project Milestone Two Guidelines and Rubric
Test Plan
Prompt: For this milestone, write a test plan that details your approach to the security breach analysis and recommendations (final project). You can do research
to include any other topics you found relevant, but you should at least discuss the following:
Introduction
o Introduce your company (Limetree Inc.) and state its capabilities.
o State your goal for the security breach analysis project.
Scope:
o Define the scope of the project.
Hardware and Software:
o Create a list of hardware and software present.
Resources:
o Determine resources required with brief explanation of why each is required (e.g., internet access, computers, additional personnel).
Timeline and Benchmarks:
o Discuss your timeline for the project (how long it will take and why).
o Discuss what regulatory benchmark you will be using to make vulnerability determination.
Approach:
o State your approach (Example: Review interview result, analyze virtual environment, review industry best practices, etc.).
o Define how you will categorize your findings (Example: low, medium, high).
Guidelines for Submission: Your test plan should be 5–7 pages in length and should be submitted as a Microsoft Word document (or equivalent) using 12-point
Times New Roman font and one-inch margins
Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Security Test Plan:
Introduction and Goal
Meets “Proficient” criteria and
profile expertly balances
necessary detail with brevity
Provides brief profile of
business or organization that
has been attacked and its
organizational goals
Provides brief profile of
business or organization that
has been attacked and its
organizational goals but with
gaps in clarity, detail, or
accuracy
Does not provide brief profile of
business or organization that
has been attacked and its
organizational goals
15
http://snhu-media.snhu.edu/files/production_documentation/formatting/rubric_feedback_instructions_student.pdf
Security Test Plan:
Scope
Meets “Proficient” criteria and
response demonstrates
nuanced understanding of using
established cyber security
standards in developing the
scope of security test plans
Determines scope of risk
assessment, based on analysis
of security breach and
established cyber security
standards
Determines scope of risk
assessment, but response has
gaps in accuracy or detail or is
not based on analysis or
established standards
Does not determine scope of
risk assessment
15
Security Test Plan:
Hardware and
Software
Meets “Proficient” criteria and
response demonstrates
nuanced understanding of using
established cyber security
standards i ...
Throughout this course you will be working on several aspects of s.docxherthalearmont
Throughout this course you will be working on several aspects of software assurance and the security development life cycle (SDLC), which will result in a complete software assurance guidelines document for a company of your choosing. Software assurance promotes standards, processes, tools, and techniques to produce software with a reduced risk of security breaches.
Each week, you will complete a part of the software assurance guidelines document. The final draft is due at the end of the course.
You will select an organization, and apply your research to the analysis and development of software assurance policies and processes that would be appropriate for the organization and the software applications they produce for the government. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course's Key Assignment, which you will make contributions to each week.
Project Selection:
The first step will be to select an organization as the target for your software assurance guidelines document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:
· Nontrivial: The selected organization should be large enough to allow reasonable exercise of the software assurance guidelines planning process.
· Domain Knowledge: You should be familiar enough with the organization to allow you to focus on the planning tasks without significant time required for domain education.
· Accessibility: You should have access to the people and other information related to the organization. This will be an important part of the planning process.
The selected organization may already have software assurance guidelines in place and still be used as the basis for the projects in this course. The selected organization must produce software applications for the government, and is therefore subject to software assurance requirements. It is understood that such an organization may not be readily accessible. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of organization selection.
Select an existing organization, or identify a hypothetical organization that fits the requirements listed above. Submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval.
Assignment:
For the assignments in this course, you will not be implementing any software assurance policies or procedures. You will be developing a comprehensive software assurance guidelines document. Your first task in this process will be to select an organization (or identify a hypothetical organization) to u ...
Security of the future - Adapting Approaches to What We Needsimplyme12345
This presentation covers three main areas whereby current security approaches and practices are reviewed and discussed in terms of current needs in the digital disruption space.
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxtangyechloe
Best Coding Practices
LaDonne White, Manager, Webtrain Inc.
e-Commerce Site
August 31, 2018
-Welcome-
1
Introduction
Security attacks are nowadays focusing on productivity enhanced software.
Software development need robust security requirements to deter attacks.
Some vulnerability exist due to human error when coding.
Software development lifecycle need to apply the best coding practices.
Security attacks are evolving from targeting comprehensively protected IT network infrastructure to the productivity-enhanced software or business operations’ applications such as web-based programs that every user utilize on a daily basis.
Webtrain Inc. uses various software applications to conduct it business operations and evaluation of the entire software packages reveal that there are essential requirements that need to be implemented in order to mitigate against certain attacks. The software development lifecycle which includes the coding practices employed by the development team indicate that certain models such as adequate security testing and hardening processes are not properly outlined.
2
Objectives of best practices
To develop secure software.
Ensure robust security requirements are implemented in the software development lifecycle.
Enhance the overall security of the organization.
Mitigate against software-propagated security attacks.
Therefore, it is important that drastic measures be instituted in the software development lifecycle with all security requirements and processes being widely considered. In order to ensure that applications are designed and implemented with appropriate security requirements, the best coding practices must be used in addition to ensuring that focus on the security threats is determined and influenced by the integrated day-to-day operations and processes of the software. It is imperative to ensure that the programs that company will develop in future follow the secure coding guidelines regardless of the device or model utilized for programming.
3
Purpose
Provide a robust software development lifecycle guide.
Institute best secure coding practices that will enable building of secure software at first rather than implementing latter corrective measures.
Limit regular or daily basis security monitoring processes.
Consequently, it is vital that extreme methods be established in the software development lifecycle with all security requirements and processes being widely considered.
Note that it is less expensive to build secure software than to correct security issues after a breach the release and patch cycle of software security management amounts to lengthy security processes and regular security monitoring as well as increase in attack surface. In addition, the objectives and purpose of the company’s best secure coding practices include implementing secure software products, enhancing security level, and creating a reputable brand within the company as well as externally.
4
Resources
OWASP Secur.
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
Term Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
...
Your Challenge
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
Our Advice
Critical Insight
Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how to assess it.
Alignment can be a difficult area for security to get right when it’s trying to balance both regular IT and the business.
Communication is needed between the business leaders, IT leaders, and the security team for an effective security strategy to be in place.
Impact and Result
Info-Tech has analyzed and integrated regulatory and industry best practice frameworks, combining COBIT 5, PCI DSS, ISO 27000, NIST SP800-53, and SANS to ensure an exhaustive approach to security.
Through this process, a comprehensive current state assessment, gap analysis, and initiative generation ensures that nothing is left off the table.
This project will elevate the perception of the security team from being a hindrance to the organization to an enabler.
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
erm Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
d ...
IDG’s fourth annual Security Priorities study aims to gain a better understanding of the various security projects organizations are focused on now and in the coming year.
You are the Nursing Director for the medical-surgical area of a .docxkenjordan97598
You are the Nursing Director for the medical-surgical area of a large
hospital. Nurses at this hospital to “self-scheduling”. The managers of the
units have brought to your attention that a severe staffing shortage for the
winter holiday schedule is apparent. Using two different types of leadership
styles, how would you handle this situation?
.
You are the newly appointed director of the Agile County Airport.docxkenjordan97598
You are the newly appointed director of the Agile County Airport System. The characteristics of your organization include:
It is a Local Government Department
Consists of 4 Airports – International, Mather, Executive, Franklin Field
There are 400 employees at all four airports
The airport board of directors has decided to move to an Agile Lean process for all projects.
You quickly recognize that you need to undertake a cultural transformation in order for the Agile Lean process to take hold. The current organization has the following culture characteristics:
No Mission Statement
No Sense of Direction
Militaristic/Top-Down Leadership Model
No Accountability
No Communication
Staff focused on Empire Building
Organization Viewed Itself as Regulators
Focused on catching people doing something wrong
Publicly Belittled
Focus on “Turf”
Process Oriented
Problem Oriented
Growth Without a Long-Term Plan
Employees Not Engaged
Staff consists mostly of generalists
The board of directors has asked you to prepare an overview presentation for their next meeting on your ideas for a organizational culture transformation plan. To complete this assignment you are to design a 5 to 10 slide PowerPoint presentation with notes, that addresses the following key elements:
What makes up organizational culture?
What do you see as the benefits of a culture transformation
What would your Culture Transformation Plan consist of? Describe the high level steps you would take to accomplish this transformation.
What questions would you ask to help in defining a new culture?
What characteristics would you envision the “new” organizational culture to exhibit? Develop a list based upon the current organizational culture
.
More Related Content
Similar to Security Policy Document Project Objectives The purpos.docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docxaryan532920
ISE 510 Final Project Milestone Two Guidelines and Rubric
Test Plan
Prompt: For this milestone, write a test plan that details your approach to the security breach analysis and recommendations (final project). You can do research
to include any other topics you found relevant, but you should at least discuss the following:
Introduction
o Introduce your company (Limetree Inc.) and state its capabilities.
o State your goal for the security breach analysis project.
Scope:
o Define the scope of the project.
Hardware and Software:
o Create a list of hardware and software present.
Resources:
o Determine resources required with brief explanation of why each is required (e.g., internet access, computers, additional personnel).
Timeline and Benchmarks:
o Discuss your timeline for the project (how long it will take and why).
o Discuss what regulatory benchmark you will be using to make vulnerability determination.
Approach:
o State your approach (Example: Review interview result, analyze virtual environment, review industry best practices, etc.).
o Define how you will categorize your findings (Example: low, medium, high).
Guidelines for Submission: Your test plan should be 5–7 pages in length and should be submitted as a Microsoft Word document (or equivalent) using 12-point
Times New Roman font and one-inch margins
Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Security Test Plan:
Introduction and Goal
Meets “Proficient” criteria and
profile expertly balances
necessary detail with brevity
Provides brief profile of
business or organization that
has been attacked and its
organizational goals
Provides brief profile of
business or organization that
has been attacked and its
organizational goals but with
gaps in clarity, detail, or
accuracy
Does not provide brief profile of
business or organization that
has been attacked and its
organizational goals
15
http://snhu-media.snhu.edu/files/production_documentation/formatting/rubric_feedback_instructions_student.pdf
Security Test Plan:
Scope
Meets “Proficient” criteria and
response demonstrates
nuanced understanding of using
established cyber security
standards in developing the
scope of security test plans
Determines scope of risk
assessment, based on analysis
of security breach and
established cyber security
standards
Determines scope of risk
assessment, but response has
gaps in accuracy or detail or is
not based on analysis or
established standards
Does not determine scope of
risk assessment
15
Security Test Plan:
Hardware and
Software
Meets “Proficient” criteria and
response demonstrates
nuanced understanding of using
established cyber security
standards i ...
Throughout this course you will be working on several aspects of s.docxherthalearmont
Throughout this course you will be working on several aspects of software assurance and the security development life cycle (SDLC), which will result in a complete software assurance guidelines document for a company of your choosing. Software assurance promotes standards, processes, tools, and techniques to produce software with a reduced risk of security breaches.
Each week, you will complete a part of the software assurance guidelines document. The final draft is due at the end of the course.
You will select an organization, and apply your research to the analysis and development of software assurance policies and processes that would be appropriate for the organization and the software applications they produce for the government. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course's Key Assignment, which you will make contributions to each week.
Project Selection:
The first step will be to select an organization as the target for your software assurance guidelines document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:
· Nontrivial: The selected organization should be large enough to allow reasonable exercise of the software assurance guidelines planning process.
· Domain Knowledge: You should be familiar enough with the organization to allow you to focus on the planning tasks without significant time required for domain education.
· Accessibility: You should have access to the people and other information related to the organization. This will be an important part of the planning process.
The selected organization may already have software assurance guidelines in place and still be used as the basis for the projects in this course. The selected organization must produce software applications for the government, and is therefore subject to software assurance requirements. It is understood that such an organization may not be readily accessible. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of organization selection.
Select an existing organization, or identify a hypothetical organization that fits the requirements listed above. Submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval.
Assignment:
For the assignments in this course, you will not be implementing any software assurance policies or procedures. You will be developing a comprehensive software assurance guidelines document. Your first task in this process will be to select an organization (or identify a hypothetical organization) to u ...
Security of the future - Adapting Approaches to What We Needsimplyme12345
This presentation covers three main areas whereby current security approaches and practices are reviewed and discussed in terms of current needs in the digital disruption space.
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxtangyechloe
Best Coding Practices
LaDonne White, Manager, Webtrain Inc.
e-Commerce Site
August 31, 2018
-Welcome-
1
Introduction
Security attacks are nowadays focusing on productivity enhanced software.
Software development need robust security requirements to deter attacks.
Some vulnerability exist due to human error when coding.
Software development lifecycle need to apply the best coding practices.
Security attacks are evolving from targeting comprehensively protected IT network infrastructure to the productivity-enhanced software or business operations’ applications such as web-based programs that every user utilize on a daily basis.
Webtrain Inc. uses various software applications to conduct it business operations and evaluation of the entire software packages reveal that there are essential requirements that need to be implemented in order to mitigate against certain attacks. The software development lifecycle which includes the coding practices employed by the development team indicate that certain models such as adequate security testing and hardening processes are not properly outlined.
2
Objectives of best practices
To develop secure software.
Ensure robust security requirements are implemented in the software development lifecycle.
Enhance the overall security of the organization.
Mitigate against software-propagated security attacks.
Therefore, it is important that drastic measures be instituted in the software development lifecycle with all security requirements and processes being widely considered. In order to ensure that applications are designed and implemented with appropriate security requirements, the best coding practices must be used in addition to ensuring that focus on the security threats is determined and influenced by the integrated day-to-day operations and processes of the software. It is imperative to ensure that the programs that company will develop in future follow the secure coding guidelines regardless of the device or model utilized for programming.
3
Purpose
Provide a robust software development lifecycle guide.
Institute best secure coding practices that will enable building of secure software at first rather than implementing latter corrective measures.
Limit regular or daily basis security monitoring processes.
Consequently, it is vital that extreme methods be established in the software development lifecycle with all security requirements and processes being widely considered.
Note that it is less expensive to build secure software than to correct security issues after a breach the release and patch cycle of software security management amounts to lengthy security processes and regular security monitoring as well as increase in attack surface. In addition, the objectives and purpose of the company’s best secure coding practices include implementing secure software products, enhancing security level, and creating a reputable brand within the company as well as externally.
4
Resources
OWASP Secur.
IT 549 Final Project Guidelines and Rubric Overview .docxchristiandean12115
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional information assurance plan.
The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and
stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more
flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information
assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply
information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking industry professionals in the information assurance field.
The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final
submissions. These milestones will be submitted in Modules Two, Four, Five, and Seven. The final product will be submitted in Module Nine.
In this assignment, you will demonstrate your mastery of the following course outcomes:
Assess confidentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan
Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information
assurance
Analyze threat environments using information assurance research and industry best practices to inform network governance
Recommend strategies based on information assurance best practices for maintaining an information assurance plan
Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues
Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key
concepts?
b) Assess the confi.
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
Term Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
...
Your Challenge
Organizations are struggling to keep up with today’s evolving threat landscape.
From technology sophistication and business adoption to the proliferation of hacking techniques and the expansion of hacking motivations, organizations are facing major security risks.
Every organization needs some kind of information security program to protect their systems and assets.
Organizations today face pressure from regulatory or legal obligations, customer requirement, and now, senior management expectations.
Our Advice
Critical Insight
Performing an accurate assessment of your current security operations and maturity levels can be extremely hard when you don’t know what to assess or how to assess it.
Alignment can be a difficult area for security to get right when it’s trying to balance both regular IT and the business.
Communication is needed between the business leaders, IT leaders, and the security team for an effective security strategy to be in place.
Impact and Result
Info-Tech has analyzed and integrated regulatory and industry best practice frameworks, combining COBIT 5, PCI DSS, ISO 27000, NIST SP800-53, and SANS to ensure an exhaustive approach to security.
Through this process, a comprehensive current state assessment, gap analysis, and initiative generation ensures that nothing is left off the table.
This project will elevate the perception of the security team from being a hindrance to the organization to an enabler.
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
erm Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
d ...
IDG’s fourth annual Security Priorities study aims to gain a better understanding of the various security projects organizations are focused on now and in the coming year.
You are the Nursing Director for the medical-surgical area of a .docxkenjordan97598
You are the Nursing Director for the medical-surgical area of a large
hospital. Nurses at this hospital to “self-scheduling”. The managers of the
units have brought to your attention that a severe staffing shortage for the
winter holiday schedule is apparent. Using two different types of leadership
styles, how would you handle this situation?
.
You are the newly appointed director of the Agile County Airport.docxkenjordan97598
You are the newly appointed director of the Agile County Airport System. The characteristics of your organization include:
It is a Local Government Department
Consists of 4 Airports – International, Mather, Executive, Franklin Field
There are 400 employees at all four airports
The airport board of directors has decided to move to an Agile Lean process for all projects.
You quickly recognize that you need to undertake a cultural transformation in order for the Agile Lean process to take hold. The current organization has the following culture characteristics:
No Mission Statement
No Sense of Direction
Militaristic/Top-Down Leadership Model
No Accountability
No Communication
Staff focused on Empire Building
Organization Viewed Itself as Regulators
Focused on catching people doing something wrong
Publicly Belittled
Focus on “Turf”
Process Oriented
Problem Oriented
Growth Without a Long-Term Plan
Employees Not Engaged
Staff consists mostly of generalists
The board of directors has asked you to prepare an overview presentation for their next meeting on your ideas for a organizational culture transformation plan. To complete this assignment you are to design a 5 to 10 slide PowerPoint presentation with notes, that addresses the following key elements:
What makes up organizational culture?
What do you see as the benefits of a culture transformation
What would your Culture Transformation Plan consist of? Describe the high level steps you would take to accomplish this transformation.
What questions would you ask to help in defining a new culture?
What characteristics would you envision the “new” organizational culture to exhibit? Develop a list based upon the current organizational culture
.
You are working on an address book database with a table called Cont.docxkenjordan97598
You are working on an address book database with a table called Contacts and fields for first name, last name, address, and phone number. Describe how you would implement a Python method that prompted the user to add new address entries into the database table. The table should have no duplicates. Include the necessary code and code descriptions.
.
You are the new Security Manager for a small bank in Iowa. They are .docxkenjordan97598
You are the new Security Manager for a small bank in Iowa. They are growing exponentially and are planning to add the ability for customers to access their accounts via the web and mobile devices. They have a basic DR plan which was made from a template found on the Internet. Now that there is going to be more exposure to the bank's network and data, several updates need to be made to policies and procedures. The CISO has requested that you create an Incident Response plan and submit communication plan for how internal stakeholders and external stakeholders will be notified of incidents. Please create a plan that identifies 2 internal stakeholders, the communication type, and the information which will be included in that plan and 2 external stakeholders, the communication type for each, and the information that will be included in the communication
.
You are working in a rural Family Planning Health clinic and a 16 y.docxkenjordan97598
You are working in a rural Family Planning Health clinic and a 16 y/o presents with complaints of vaginal pain, discharge, odor x 4 days. Pain is getting worse. Her mother relates she has a cognitive learning delay and has tried to talk to her about her consensual sexual behavior with multiple partners. She tells you she has "felt some 'bumps' down there." She relates multiple sexual partners because she is now popular and it is part of the 'game' to stay popular with her new friends. Diagnosis: HPV with several condyloma lesions, a vaginal yeast infection, and chlamydia.
She is given a prescription for Chlamydia, and the vulvar lesions, told to follow up in 2 weeks.
How do you approach her and begin the conversation regarding safe sexual practices? What are your thoughts about this young lady? How do you feel about her game? How would you proceed to give her education?
.
You are working in a family practice when your newly diagnosed T.docxkenjordan97598
You are working in a family practice when your newly diagnosed Type 1 diabetic patient comes in. He is a 15-year-old male and is accompanied by his mother.
The mother and patient report that he is "devastated" by his new diagnoses and that he hasn't been going out with his friends or participating in any of his previous activities. You suspect that he might be experiencing depression.
Please locate two resources specific to this situation that you would refer this parent/patient to for further support. Provide a brief description for each resource and explain why you chose them.
.
You are working for the Chief of Staff (CoS) for a newly elected Gov.docxkenjordan97598
You are working for the Chief of Staff (CoS) for a newly elected Governor. The governor asked the CoS to research and prepare a 5- to 7-paragraph background briefing (
backgrounder
) that addresses the below question. The CoS will use this background briefing to prepare the Governor and his appointed cybersecurity director as they answer questions from the press and general-public.
You are
not
answering the questions as the governor, rather you are providing the governor the information s/he needs to answer the question.
The question:
As governor, how will your administration improve cybersecurity for the state's Critical Infrastructures?
The CoS asked you to research and prepare a draft for the background briefing. Your draft must provide enough information that the CoS and the Governor understand key terms that you use in your explanations. To that end, your draft briefing must answer the following questions:
What is meant by "cybersecurity" for critical infrastructures?" Give examples of critical infrastructure associated with a specific state.
What is meant by "Threats" (i.e. individual hackers, politically motivated hacktivists, criminal enterprises, and unfriendly "nation state" actors), countermeasures, and safeguards? Explain technical terms and examples.
What are the three most important actions that the governor's administration should take to help improve the security of critical infrastructures in the state? (You should identify and discuss these in greater detail than your response to the first two bullet points.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
.
You are working at Johnson and Cohen law firm and have recently .docxkenjordan97598
You are working at Johnson and Cohen law firm and have recently been assigned to lead the appeal of a man convicted of first degree murder and sentenced to death.
The defendant has never had an IQ test, but friends and family insist that he has always been a little “slow“ his entire life. He was also diagnosed with autism earlier in his life and many of his former acquaintances thought he had psychiatric problems when they knew him.
These factors were never brought up at trial by the defendant's previous defense team because they wanted to focus on mitigating circumstances surrounding the crime that was committed rather than confusing the issue with too many different defenses.
Based on the Case Study for this week, submit a 6 page case analysis using Microsoft Word that answers the following questions:
How would your team argue during the appeal that the defendant's constitutional rights were violated?
What evidence would be required for your defendant to be considered mentally retarded under
Atkins v. Virginia
and
Penry v. Lynaugh (1989)
?
Assess whether or not that evidence can be presented in this case.
What evidence would be required for your defendant to be considered insane under
Ford v. Wainwright (1986)
? Assess whether or not that evidence can be presented in this case.
Do you believe that bringing up the defendant's diagnosis of autism could have aided in the defense in the sentencing phase? Would the contention that he was mentally slow have helped? Provide rationale for your answers.
Identify other aspects of the case not mentioned in the scenario that could benefit the defendant. For instance, consider whether the Supreme Court has found it unconstitutional to apply the death penalty in other circumstances.
If you succeed in your appeal, what would be the next steps to occur?
.
You are working for a community counseling agency, and you are taske.docxkenjordan97598
You are working for a community counseling agency, and you are tasked with training new counseling interns on effective counseling skills.
Create
a 1- to 2-page informational training paper on the role of effective counseling skills on the counseling relationship. Describe how each of the following affects the counseling relationship:
Characteristics of an effective helper
Attending and observation skills
Initiation of client-counselor rapport and trust
Maintaining boundaries and self-awareness
Transference and countertransference
Factors associated with age, culture, and diversity
.
You are working as the software tester for a big enterprise comp.docxkenjordan97598
You are working as the software tester for a big enterprise company. Your company is working on the following architecture:
(Daniel, 2016)
Address the following, and complete all of the sections based on the above architecture:
Submit a System Test Plan document that contains the following:
Purpose of the document
Functional scope
Testing strategy
System testing entrance criteria
Test data
Suspension criteria
Execution plan
Defect reporting
Test schedule
Environment
Risks
Assumption
Who-to-call list
.
You are working as HelpDesk Support for an organization where your u.docxkenjordan97598
You are working as HelpDesk Support for an organization where your usual duty involves providing remote users with various IT related supports. The majority of these users are placed in locations where high-speed LAN (10Mbpds) are not available. Assume they are using the Darwin VM at their end, and you have Canberra VM at your end. Now you will have to set up a Remote Desktop Connection from Canberra to Darwin; so that you, with the physical access to Canberra VM, can remotely connect to Darwin VM. You also have to ensure the connection is optimized for low-speed broadband networks. Follow the submission format and before starting this task ensure VMs can ping each other
.
You are working as an APRN in your local primary care office. Th.docxkenjordan97598
You are working as an APRN in your local primary care office. The rural town of Maynard has 300 people, a post office, doctor’s office, and a gas station. The primary source of income is farming or driving 45 minutes to a somewhat larger town. With the blizzard coming, all your patients except two have cancelled for the morning. Jose is scheduled at 0900; he is a nine-year-old Hispanic male born in Mexico. He and his family (Mom, Dad, and six siblings, ages six months to 14 years) moved into the area just a few months ago. Jose’s mother reported that he had nearly died at two months after contracting pertussis.
Your final patient of the morning is Irena, a 15-year-old teenage female who lives with her aunt in Maynard. Irena is Romanian and barely speaks any English. Her aunt has been your patient for the past few years, and she told you that Irena had been abducted in Romania at the age of 10. Irena’s parents found her quite by accident when a sex trafficking ring dumped all their “product” in a refugee camp in Serbia just a few months ago. Irena’s parents are still in Romania, but they sent Irena here to live with her aunt.
Having discussed many guidelines throughout this term, consider the content you have explored. Using this knowledge, answer the following questions related to your chosen scenario. Note: please try to choose a topic for your initial post that you did not choose previously during the semester or aren’t as familiar with so you can gain additional knowledge as we finish up this course
Discuss the guidelines assigned with your scenario.
Will both patients be treated in the same manner? Why or why not?
What would your treatment plan be for each of the individuals in your scenario?
Please include at least three scholarly sources within your initial post.
.
You are the new Public Information Officer (PIO) assigned by the.docxkenjordan97598
You are the new Public Information Officer (PIO) assigned by the Chief of Police. You work for a mid-sized metropolitan police agency that has always relied on the utilization of a city information officer for any media or public communication. Until now, your agency never had an assigned public information officer specifically for the police department. Your agency is growing and is expected to add an additional 25 patrol officers in the next two years.
These added officer positions are in addition to a newly created Federal Task Force, where two new detective positions were added. These positions will create a larger budget for the police department and you have been informed that taxpayers are not necessarily receptive to these costs. As the new PIO, you are required to submit a written communication plan to the Chief of Police detailing how you would draft public notification of the departmental growth and change, reassignments of patrol areas, and overall agency changes occurring in relation to these positions.
Write
a 1,400- to 1,750-word paper that addresses the following:
Describe the genre of communication you would use such as a paper format, social media, public announcement, press release, or a televised media conference.
If increased social media, such as Facebook and Twitter, required for the departmental growth.
How far ahead of these positions being hired would you relay the message?
What do you do with citizens who communicate an opposition the hiring of additional officer causing extra taxes?
Who are your stakeholders in this public notice?
What are the differing concerns of internal communication versus external communication on this issue?
How often would you follow up on the notification? Quarterly, monthly, or annually?
Cite
at least one source other than the textbook.
Format
your paper in proper APA format.
.
You are welcome to go to the San Diego Zoo any time you would li.docxkenjordan97598
You are welcome to go to the San Diego Zoo any time you would like to work on your project. However, you would have to pay for a student ticket or buy a membership. However, I will make an announcement soon about a couple of dates where we get in for a discounted price if we enter as a class. Once inside, you can go off on your own to work on your projects.
1. First, make note of the day(s) you attended the San Diego Zoo, the time you spent there (specific hours), and the weather conditions.
2. Select a
total of 5 primates
from the following list to observe. Please note: not all of these primates will be on display all of the time. You do not need to choose one from each group...you can focus on ANY five species.
3. Focusing on the 5 primates you have selected, note the following aspects about each of them.
Scientific name & common name
Where the species is found at the SD Zoo (Monkey Trail, etc.)
Taxonomic category (prosimian, NW monkey, OW monkey, or ape)
Geographic location
Diet
Dental formula
Sexual dimorphism
Locomotor style
Type of nose
Body size
Any unusual features
Endangered status
4.
Focusing on the 5 primates you have selected, describe and analyze the primates’ behaviors you witnessed during your visit. This is the part you should spend the most time on!!
5. Finally, you should note what you personally gained from the experience, and what your attitude is regarding the Zoo and the care of the animals.
Request
Weather, time, and date of visit
Bullet point answers for 5 primate species (2 points per species)
Analysis of behaviors observed...why are the animals doing what they're doing (5 points per species)
Concluding thoughts of the zoo and the project
.
You are visiting one of your organization’s plants in a poor nation..docxkenjordan97598
You are visiting one of your organization’s plants in a poor nation. You discover a young girl (under the age of 16) is working on the factory floor. The company has a strict prohibition on child labor. You remind the plant manager of the policy and insist that she should go back to the local school. The plant manager tells you the girl is an orphan, has no other means of support, and the country has no social services to provide for her. As the executive, what should you do? Explain your answer with a well-constructed and cogent response.
.
You are to write a four-page (typed, double-spaced) essay addressing.docxkenjordan97598
You are to write a four-page (typed, double-spaced) essay addressing the following question. The exam is open-book, open notes.
Discuss the impact of geography on the civilizations of Mesopotamia, Egypt, Greece, China, sub-Saharan Africa, and pre-Colombian America
(please write on a doc. and do please make sure give me on time)
.
You are to write a 7-page Biographical Research Paper of St Franci.docxkenjordan97598
You are to write a 7-page Biographical Research Paper of
St Francis of Assisi or St Clare
:
*Include a Title Page (not counted as one of the 7 pages)
*Include a “Sources Cited” page (not counted as one of the 7 pages)
*MLA Format or Professor approved format
Use the following Outline: (St Francis of Assisi or St Clare)
I. The Major Events of their life
II. Their Impact on society and the church in their lifetime
III. Their Legacy today…how they still inspire us
IV. Your personal reflections
.
You are to write a 1050 to 1750 word literature review (in a.docxkenjordan97598
You are to write a
1050 to 1750 word literature review
(in addition to the title page and references page) on the articles you selected for Week 2, synthesizing the findings in the articles that you found on your topic. You may incorporate other articles or references to support your discussion, as needed. Use APA citation and reference guidelines.
What is a literature review?
A literature review is a synthesis and critique of the published research in a given area of research. Your focus is on the findings of the studies you are exploring – their methods, approach, results, and implications – rather than the broad topic overall. It should synthesize findings in specific areas. Thus, you should look for themes in the range of articles and write about them as you group common themes.
Synthesize the material you found. In other words, find connected themes in the different areas you cover. Occasionally you might discuss individual articles, but only if the article is very unique and no other article has similar findings. The synthesis should focus strictly on existing, published research.
What else should you include besides a synthesis of research?
Be sure to include in your review other potential areas that still need to be explored. What unanswered questions are there? What holes are in the research that you have not yet found answers to? What contradictions are in the research will you seek to explore?
Examples of Synthesized Findings for Literature Review:
College students were found to have a large number of conflicts with roommates (Darsey, 2003; Smith, 2001; Yarmouth, 2005). Researchers also found that roommate conflicts were most frequent during the first semester of college (Lotspiech, 2004; Nominskee, 2001; Zackarov, 2000). Morissey (2004) found a reduction of roommate conflicts continued as students progressed from freshman to seniors, with seniors having the fewest roommate conflicts. However, Ellensworth (2001) found no correlation with year in school and frequency of roommate conflict. The contradiction between Ellensworth’s and Morissey’s findings suggest that additional research is needed in this area.
Ellensworth’s (2001) research was strictly quantitative, lacking a full picture of the contexts or reasons for the specific conflicts. It asked people to mark the frequency of their conflicts and types of people with whom they typically disputed. Morissey (2004) conducted interviews that allowed participants to provide an explanation for the reasons for the conflicts, and the contexts (dorm roommates, apartment roommates, house roommates, etc.). However, she interviewed far fewer people than Ellensworth surveyed.
Combining Ellensworth’s surveys with Morissey’s interview questions and utilizing a research team to increase the number of interviews could provide more details about the conflicts and contexts, and allow us to further look into the question of year in school and conflict behavior.
DeSoto (2005) and Craig (2.
You are to take the uploaded assignment and edit it. The title shoul.docxkenjordan97598
You are to take the uploaded assignment and edit it. The title should be changed for better clarification, something like SCHOOL DISTRICTS TRAINING THEIR TEACHERS WHO ARE ALREADY IN SERVICE.
Include more expressions of how these children have been failed in the past.
Change up wording and use stronger and more concise word choices.
AGAIN ALL THIS WILL BE DONE FROM OFF THE ASSIGNMENT THAT'S BEEN UPLOADED.
.
You are to use a topic for the question you chose.WORD REQUIRE.docxkenjordan97598
You are to use a topic for the question you chose.
WORD REQUIREMENT IS 300 Words
1. Jean Jacque Rousseau was a Frenchman who wrote the Rights of Man. After viewing the film on the French Revolution, how much of the Rights of Man were followed, especially during the Reign of Terror? Give examples.
2. This week, we read about liberalism and conservatism, two terms that are by no means new to use today. Per your readings discuss the premise of liberalism. Has this ideology changed over time? Can we see elements of this in today’s society? Examples.
3. Per your readings this week, discuss the views of conservatism. Has this ideology changed over time? Do we see some elements of this in today’s society? Examples.
4. Doyle discusses the reasons for the French Revolution. In your mind, which do you believe is the most important and why. Examples.
5. Discuss the issues that led to the American Revolution. Example.
6. Prior to its revolution, Haiti was one of the wealthiest colonies in the world. The French reaped those rewards. So what happened? Why a revolution? Why a violent revolution? Give examples.
7. Discuss Polverel’s interpretation of the French giving Haitian slave emancipation and discuss what he hoped to accomplish. Examples.
8. Agriculture Revolution had a great impact on European society, it has many great accomplishments but there were a few downfalls. Discuss these downfalls. Examples.
9. There was a change in Dynasties in China, the Manchu’s came to power. Discuss the organization of the Manchu Dynasty. Was this effective? Examples.
10. Discuss the foreign relations of the Chinese Empire with its European counter parts. Discuss whether or not this experience was positive or negative. Give examples.
11. Discuss the most important issue that was the foundation for the 1848 Revolutions. Examples.
.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
Pride Month Slides 2024 David Douglas School District
Security Policy Document Project Objectives The purpos.docx
1. Security Policy Document Project
Objectives
The purpose of this two-part project is to evaluate the student’s
ability to analyze security
requirements and develop a security policy that fully addresses
them. By completing the two
documents, the student will also gain practical knowledge of the
security policy documentation
process. The project will enable the student to see and
understand the required standards in
practice, as well as the details that should be covered within the
security policy documentation.
Detailed Requirements
Project Deliverable #1 (Due Week 3)
o Using the GDI Case Study below, complete the Security
Policy Document
Outline.
o Provide a one or two-page Security Policy Document Outline.
The Outline should
cover all aspects of the security policy document and convey
the accurate and
appropriate information for the stakeholders to make the
appropriate decision.
o Ungraded but instructor will provide feedback to make sure
students are on-track.
2. This outline can become major part of the “Executive Summary”
of the final
deliverable.
Project Deliverable #2 (Due Week 7)
o Using the GDI Case Study, complete the Security Policy
Document.
o Provide a seven- to ten-page analysis summarizing the
security policy to the
executive management team of GDI. The student designs
effective real-time
security and continuous monitoring measures to mitigate any
known
vulnerabilities, prevent future attacks, and deter any real-time
unknown threats;
and also efficiently meets the organization’s objectives. The
summary should
effectively describe the security policy in a manner that will
allow the Senior
Management to understand the organizational security
requirements and make the
appropriate decisions to enforce.
Guidelines
document.
conforming to APA standards.
NO more than 10 pages (excluding title page, table of contents
(optional), and
references page). The document must be double-spaced and
Time New Roman 12-
3. point font. See "Writing Guideline" in WebTycho where you'll
find help on writing for
research projects.
(anonymous authors or web
pages are not acceptable). These should be listed on the last
page titled "References."
plagiarism policies.
ity of
paper information, use of
citations, grammar and sentence structure, and creativity.
Grading Rubrics
Final Deliverable
Category Points % Description
Documentation and
Formatting
10 10%
Appropriate APA citations/referenced sources and
formats of characters/content.
Case Study Security
Policy Analysis
4. 25 25% Accurate Completion of Security Policy.
Real-time Security 25 25
Real-time Security Protection against dynamically
changing threats.
Continuous
Monitoring
25 25
Continuous Monitoring for up-to-date Asset
Management and Security Posture
Executive Summary 15 15%
Provide an appropriate summary of the Security
Policy Document.
Total 100 100%
A quality paper will meet or exceed all of the
above requirements.
No Outline
Submitted
-10
If no outline is submitted at the end of week 3, it
will be minus 10 points from the final document
grade.
Criteria Good Fair Poor
Documentation
and formatting
7-10 points
5. At least 3 Appropriate
APA
citations/referenced
sources and formats
of characters/ content.
3-6 points
Included 3 references but
incorrect formatting or
referencing/ citation
0-2 points
Does not include at
least 3 references
Security Policy
analysis
17-25 points
Effectively describes
the security policy in
a manner that will
allow the Senior
Management to
understand the
organizational
security requirements
8-16 points
Describes the security
policy in a manner that
6. allows the Senior
Management to
understand the
organizational security
requirements but not
enough to make the
0-7 points
Describes the security
policy in a manner that
is unclear to the Senior
Management. The
analysis Is not
sufficiently supported
with documentation
and make the
appropriate decisions
to enforce.
Analysis is supported
with documentation
and evidence.
appropriate decisions to
enforce. And/or is not
sufficiently supported with
documentation and
evidence. And/or the
description is somewhat
unclear.
and evidence. Senior
7. management would not
have enough detail to
make appropriate
decisions.
Real-time
Security
17-25 points
Effectively designs
real-time security
measures to mitigate
any known
vulnerabilities, prevent
attacks, and deter any
real-time threats; and
also efficiently meets
the organization’s
objectives.
8-16 points
Designs technically
feasible real-time
security measures to
mitigate any known
vulnerabilities, prevent
attacks, and deter any
real-time threats, but
lacks efficiency to meet
the organization’s
objectives.
0-7 points
8. Ineffectively designs
real-time security
measures to mitigate
any known
vulnerabilities, prevent
attacks, and deter any
real-time threats; also
lacks efficiency to
meet the
organization’s
objectives.
Continuous
Monitoring
17-25 points
Effectively designs
continuous monitoring
measures to mitigate
any unknown
vulnerabilities, prevent
future attacks, and
deter any real-time
unknown threats; and
also efficiently meets
the organization’s
objectives.
8-16 points
Designs technically
feasible continuous
monitoring measures to
mitigate any unknown
vulnerabilities, prevent
9. future attacks, and deter
any real-time unknown
threats, but lacks
efficiency to meet the
organization’s objectives.
0-7 points
Ineffectively designs
continuous monitoring
measures to mitigate
any unknown
vulnerabilities, prevent
future attacks, and
deter any real-time
unknown threats; also
lacks efficiency to
meet the
organization’s
objectives.
Executive
summary
11-15 points
Effectively
summarizes the
security policy
analysis. Includes all
key points of the
analysis and allows
the senior
6-10 points
10. Describes the security
policy analysis in a
manner that allows the
Senior Management to
understand the
organizational security
0-5 points
Describes the security
policy analysis in a
manner that is unclear
and/or insufficient.
Summary is difficult to
follow or does not
management to
understand the
organizational
security requirements
but not enough to
make appropriate
decisions
.
requirements but not
enough to make
appropriate decisions. Key
information is left out or
not made clear.
include key information
and details.
11. Background
For those that are not familiar with the term, this project is
called an Authentic Assessment
Project. These projects are designed to reflect “real life”
activities and will require you to
perform considerable self-directed study. Like real life
problems, you will not find all the
answers you need in the textbook. You will, however, have the
help of your instructor to resolve
issues you may encounter.
Project Description
The project is to write a company Security Policy Document for
a fictitious company called
Global Distribution, Inc. (GDI). A Security Policy Document is
an absolutely essential item for
any organization that is subjected to a security audit. Lack of
such a document will result in an
automatic failed audit. A Security Policy Document within an
organization provides a high-level
description of the various security controls the organization will
use to protect its information
and assets. A typical Security Policy Document contains a large
set of specific policies and can
run several hundred pages. However, for this project, you will
write a brief document with a
maximum of 20 specific policies for the GDI Company.
Therefore, you must carefully consider
and select only the most important policies from hundreds of
possible specific policies. A brief
description of the GDI Company is given below.
12. You will work individually on this project for a total of 25% of
your grading for the course. You
may collaborate with your classmates to share ideas and
activities in preparation of the final
project deliverable. However, you will be graded for your
individual effort and deliverables, and
you will submit the project in your individual project
assignment folders. You will treat this
project deliverable as if you would deliver it to your own
customer or client who will be paying
you for the deliverables.
Suggested Approach
These are only recommendations on the general approach you
might take for this project. This is
your project to develop individually.
1. Determine the most important assets of the company, which
must be protected
2. Determine a general security architecture for the company
3. Determine the real-time security measures that must be put in
place
4. Determine the monitoring and preventative measures that
must be put in place
5. Develop a list of 15 to 20 specific policies that could be
applied along with details and
rationale for each policy
6. Integrate and write up the final version of the Security Policy
Document for submittal
13. The GDI company description is deliberately brief. In all real
life projects, you typically add
complexity as you become smarter as you go along. State the
assumptions/rationale you make to
justify the selection of the particular security policies you
select. Attach the
assumptions/rationale to each specific security policy.
References
There are many information sources for Security Policy
Documents on the Internet. However,
one good source to start with is the SANS Security Policy
Project that lists many example
security policy templates.
http://www.sans.org/security-resources/policies/
Company Description
GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages
thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE,
GFI specializes in financial management, loan
application approval, wholesale loan processing, and investment
of money management for their customers.
GFI employs over 1,600 employees and has been experiencing
consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed
management strategy built on scaling operational
performance through automation and technological innovation
has propelled the company into the big leagues; GFI
was only recently profiled in Fortune Magazine.
The executive management team of GFI:
14. Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and
hired to protect the physical and operational
security of GFI’s corporate information system.
You were hired by COO Mike Willy and currently report to the
COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data
center located on the 5th floor of the
corporate tower. This position is the pinnacle of your career –
you are counting on your performance here
to pave the way into a more strategic leadership position in IT,
filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson
believes that the IT problem is a known quantity –
that is, he feels the IT function can be nearly entirely
outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department;
the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can
be obtained from 3rd parties. Since the CEO
has taken the reigns two years ago, the CEO has made
significant headway in cutting your department’s
budget by 30% and reducing half of your staff through
outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT
department is a constant struggle. COO Willy’s
15. act of hiring you was, in fact, an act of desperation: the
increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned
Willy, and he begged to at least bring in a
manager to whom these obligations could be delegated to.
Willy’s worst nightmare is a situation where the
Confidentiality, Integrity, and Availability of the information
system was compromised – bringing the
company to its knees – then having to rely on vendors to pull
him out of the mess.
GFI has experienced several cyber-attacks from outsiders over
the past a few years. In 2012, the Oracle
database server was attacked and its customer database lost its
confidentiality, integrity, and availability for
several days. Although the company restored the Oracle
database server back online, its lost confidentiality
damaged the company reputations. GFI ended up paying its
customers a large sum of settlement for their
loss of data confidentiality. Another security attack was carried
out by a malicious virus that infected the
entire network for several days. While infected the Oracle and
e-mail servers had to be shut down to
quarantine these servers. In the meantime, the company lost
$1.700, 000 in revenue and intangible
customer confidence.
There’s no question that the company’s CEO sees the strategic
importance of technology in executing his
business plan, and in this way you share a common basis of
principle with him: that IT is a competitive
differentiator. However, you believe that diminishing internal
IT services risks security and strategic
capability, whereas the CEO feels he can acquire that capability
immediately at a low cost through the open
market. You’re told that CEO Thompson reluctantly agreed to
16. your position if only to pacify COO Willy’s
concerns.
CORPORATE OFFICE NETWORK TOPOLOGY
Remote
Dial UpUsers
Trusted Computing Base Internal Network
Off-Site Office
Internet
Global Finance, Inc.
VPN
Gateway
VPN
Gateway PBX
PSTN
Worstations
(x25)
Worstations
(x12)
Worstations
(x63)
Worstations
(x5)
19. 100Mbps
10 Gbps
OC193
10Gbps
RAS
10 Gbps
10 Gbps
10 Gbps
OC193
10Gbps
90
90
Wireless
Antenna90
You are responsible for a corporate WAN spanning 10 remote
facilities and interconnecting those facilities
to the central data processing environment. Data is transmitted
from a remote site through a VPN
appliance situated in the border layer of the routing topology;
the remote VPN connects to the internal
Oracle database to update the customer data tables. Data
transaction from the remote access to the
corporate internal databases is not encrypted.
20. A bulk of the data processing for your company is handled by
Oracle database on a high end super
computer. The trusted computing based (TCB) internal network
is situated in a physically separated subnet.
This is where all corporate data processing is completed and
internal support team has its own intranet web
server, a SUS server, an internal DNS, an e-mail system, and
other support personnel workstations. Each
corporate department is segregated physically on a different
subnet and shares the corporate data in the
TCB network.
OTHER CONSIDERATIONS
1. Ever since the article ran in Fortune about GFI, your network
engineers report that they’ve noted a
significant spike in network traffic crossing into the internal
networks. They report that they cannot be
certain what or who is generating this traffic, but the volume
and frequency of traffic is certainly
abnormal. The management is very concerned over securing the
corporate confidential data and
customer information.
2. Increasingly, GFI’s CEO Thompson attempts to outsource IT
competency. In fact, you’ve been told of
a plan from COO Willy to outsource network management and
security functions away from your
department and to a service integrator. COO Willy warns you
that the political environment will only
become more contentious over time; you must make a
compelling case as to what value your
department can bring over an integrator that can provide secure
21. services at 40% less annual cost than
you.
3. The interrelationship between data and operations concerns
you. Increasingly, some of the 10 remote
sites have been reporting significant problems with network
latency, slow performance, and
application time-outs against the Oracle database. The
company’s business model is driving higher
and higher demand for data, but your capability to respond to
these problems are drastically limited.
4. Mobility is important for the organization to interact with the
customers and other co-workers in near
real-time. However, the CEO is concerned with the mobility
security and would like to research for the
best practice for mobility security. The CEO is willing to
implement a BYOD policy if security can be
addressed.
5. Employees enjoy the flexibility of getting access to the
corporate network using a WiFi network.
However, the CEO is concerned over the security ramifications
over the wireless network that is
widely open to the company and nearby residents.
6. The company plans to offer its products and services online
and requested its IT department to design a
Cloud Computing based on an e-commerce platform. However,
the CEO is particularly concerned over
the cloud security in case the customer database had been
breached.
22. SOCIAL POLICY PAPER 1
SOCIAL SECURITY PAPER 1
CMIT320
Security Policy Paper
Week 3
Table of Contents
Introduction:
GDI background and given
problem……………………………….…………………… 1
Important Assets for
GDI…..……………………………………………………………. 2
Security Architecture for
GDI…………………………………………………………… 3
Ten Possible Security
Policies………………………………………………………. 4
Details and Rationale of the Ten Security
Policies………………………………….. 5
23. Ten Security Policies that should be Applied to
GDI……………………………….. 6
Conclusion……………………………………………………………
………………..… 7
References……………………………………………………………
………………….. 8
Outline of the paper
I. Introduction
a. Briefly discuss the background of GDI in depth.
b. A discussion about the given problem of the IT security,
infrastructure, cost, among items.
II. Discuss the important assets of GDI that need to be fully
protected
i. Asset identification: “Identity and quantify the company’s
24. assets”
ii. Important assets include:
1. Computer network equipment
2. Data
3. Servers, printers
4. Routers, firewalls, switches, wireless devices, etc.
b. Access control methods: sensitivity, integrity, availability
c. Risk and threat assessment: “Identify and access the possible
security vulnerabilities and threats”
d. Identify solutions and countermeasures: “Identify a cost-
effective solution to protect assets”
III. Security architecture for the company
a. “The IT department should always have current diagrams of
your overall network architecture on hand”
IV. A list of 20 or more policies that could be applied to this
situation
a. User Account Policy
b. Audit Security Policy (SANS)
c. Email Security Policy (SANS)
d. Internet Security Policy (SANS)
e. Server Security Policy (SANS)
f. Wireless Security Policy (SANS)
g. Network Security Policy (SANS)
h. Physical Security Policy (SANS)
i. Remote Access Security Policy
j. Ethics Policy (SANS)
k. Privacy Policy
l. Incident Response Policy
m. Access Control Policy
n. Separation of Duties Policy
o. Password Policy
p. Data Retention Policy
q. Hardware Disposal and Data Destruction Policy
r. Documentation policy
V. Specific details and rationale of each policy from above
a. Ethics Policy – “User Education and Awareness Training”
25. b. Documentation policy- “Standards and Guidelines for
Documentation, Data Classification, document retention and
storage, document destruction, system architecture, logs
inventory, change management and control documentation
Network Security Policy- risk and threat assessment,
vulnerabilities, threats, risk, impact, probabilities, natural
disasters, equipment malfunction, intruders, malicious hackers,
potential loss, and threat profiles
c. It also includes firewall, intrusion detection system, audits,
etc.
d. Wireless Security Policy- Access point security, encryption
protocols, MAC address filtering, VPN, etc.
e. Physical Security Policy- physical barriers, video
surveillance and monitoring, lighting, locks, access logs, ID
badges, man-trap
VI. Review the policies and select 12 important policies that
can be applied to GDI
a. Network Security Policy
b. Internet Security Policy
c. Physical Security Policy
d. Ethics Policy
e. Remote Access Security Policy
f. Incident Response Policy
g. Hardware Disposal and Data Destruction Policy
h. Wireless Security Policy
i. Password Security Policy
j. Separation of Duties Policy
k. Privacy Policy
l. Server Security Policy
VII. Conclusion
a. Conclude discussion and proposal of the security policy
document. This will be a conclusion based on the real aspects as
discussed in the ouline
26. References
Include any references here with full citations. The references
will be stated in the case of the final project. This will show all
the sources of information that has been used in making the
detailed research.
Security Policy Document Project
Objectives
The purpose of this two-part project is to evaluate the student’s
ability to analyze security requirements and develop a security
policy that fully addresses them. By completing the two
documents, the student will also gain practical knowledge of the
security policy documentation process. The project will enable
the student to see and understand the required standards in
practice, as well as the details that should be covered within the
security policy documentation.
27. Detailed Requirements
Project Deliverable #1 (Due Week 3)
· Using the GDI Case Study below, complete the Security
Policy Document Outline.
· Provide a one or two-page Security Policy Document Outline.
The Outline should cover all aspects of the security policy
document and convey the accurate and appropriate information
for the stakeholders to make the appropriate decision.
· Ungraded but instructor will provide feedback to make sure
students are on-track. This outline can become major part of
the “Executive Summary” of the final deliverable.
Project Deliverable #2 (Due Week 7)
· Using the GDI Case Study, complete the Security Policy
Document.
· Provide a seven- to ten-page analysis summarizing the security
policy to the executive management team of GDI. The student
designs effective real-time security and continuous monitoring
measures to mitigate any known vulnerabilities, prevent future
attacks, and deter any real-time unknown threats; and also
efficiently meets the organization’s objectives. The summary
should effectively describe the security policy in a manner that
will allow the Senior Management to understand the
organizational security requirements and make the appropriate
decisions to enforce.
Guidelines
· Using the GDI Case Study, create the security policy
document.
28. · The security policy document must be 8 to 10 pages long,
conforming to APA standards. NO more than 10 pages
(excluding title page, table of contents (optional), and
references page). The document must be double-spaced and
Time New Roman 12-point font. See "Writing Guideline" in
WebTycho where you'll find help on writing for research
projects.
· At least three authoritative, outside references are required
(anonymous authors or web pages are not acceptable). These
should be listed on the last page titled "References."
· Appropriate citations are required. See the syllabus regarding
plagiarism policies.
· This will be graded on quality of research topic, quality of
paper information, use of citations, grammar and sentence
structure, and creativity.
· The paper is due during Week 7 of this course.
Grading Rubrics
Final Deliverable
Category
Points
%
Description
Documentation and Formatting
10
10%
Appropriate APA citations/referenced sources and formats of
characters/content.
Case Study Security Policy Analysis
29. 25
25%
Accurate Completion of Security Policy.
Real-time Security
25
25
Real-time Security Protection against dynamically changing
threats.
Continuous Monitoring
25
25
Continuous Monitoring for up-to-date Asset Management and
Security Posture
Executive Summary
15
15%
Provide an appropriate summary of the Security Policy
Document.
Total
100
100%
A quality paper will meet or exceed all of the above
requirements.
No Outline Submitted
-10
If no outline is submitted at the end of week 3, it will be minus
10 points from the final document grade.
Criteria
Good
Fair
Poor
Documentation and formatting
7-10 points
At least 3 Appropriate APA citations/referenced sources and
30. formats of characters/ content.
3-6 points
Included 3 references but incorrect formatting or referencing/
citation
0-2 points
Does not include at least 3 references
Security Policy analysis
17-25 points
Effectively describes the security policy in a manner that will
allow the Senior Management to understand the organizational
security requirements and make the appropriate decisions to
enforce.
Analysis is supported with documentation and evidence.
8-16 points
Describes the security policy in a manner that allows the Senior
Management to understand the organizational security
requirements but not enough to make the appropriate decisions
to enforce. And/or is not sufficiently supported with
documentation and evidence. And/or the description is
somewhat unclear.
0-7 points
Describes the security policy in a manner that is unclear to the
Senior Management. The analysis Is not sufficiently supported
with documentation and evidence. Senior management would
not have enough detail to make appropriate decisions.
Real-time Security
17-25 points
Effectively designs real-time security measures to mitigate any
known vulnerabilities, prevent attacks, and deter any real-time
threats; and also efficiently meets the organization’s objectives.
31. 8-16 points
Designs technically feasible real-time security measures to
mitigate any known vulnerabilities, prevent attacks, and deter
any real-time threats, but lacks efficiency to meet the
organization’s objectives.
0-7 points
Ineffectively designs real-time security measures to mitigate
any known vulnerabilities, prevent attacks, and deter any real-
time threats; also lacks efficiency to meet the organization’s
objectives.
Continuous Monitoring
17-25 points
Effectively designs continuous monitoring measures to mitigate
any unknown vulnerabilities, prevent future attacks, and deter
any real-time unknown threats; and also efficiently meets the
organization’s objectives.
8-16 points
Designs technically feasible continuous monitoring measures to
mitigate any unknown vulnerabilities, prevent future attacks,
and deter any real-time unknown threats, but lacks efficiency to
meet the organization’s objectives.
0-7 points
Ineffectively designs continuous monitoring measures to
mitigate any unknown vulnerabilities, prevent future attacks,
and deter any real-time unknown threats; also lacks efficiency
to meet the organization’s objectives.
Executive summary
11-15 points
Effectively summarizes the security policy analysis. Includes all
key points of the analysis and allows the senior management to
understand the organizational security requirements but not
enough to make appropriate decisions
32. .
6-10 points
Describes the security policy analysis in a manner that allows
the Senior Management to understand the organizational
security requirements but not enough to make appropriate
decisions. Key information is left out or not made clear.
0-5 points
Describes the security policy analysis in a manner that is
unclear and/or insufficient. Summary is difficult to follow or
does not include key information and details.
Background
For those that are not familiar with the term, this project is
called an Authentic Assessment Project. These projects are
designed to reflect “real life” activities and will require you to
perform considerable self-directed study. Like real life
problems, you will not find all the answers you need in the
textbook. You will, however, have the help of your instructor
to resolve issues you may encounter.
Project Description
The project is to write a company Security Policy Document for
a fictitious company called Global Distribution, Inc. (GDI). A
Security Policy Document is an absolutely essential item for
any organization that is subjected to a security audit. Lack of
such a document will result in an automatic failed audit. A
Security Policy Document within an organization provides a
high-level description of the various security controls the
organization will use to protect its information and assets. A
typical Security Policy Document contains a large set of
specific policies and can run several hundred pages. However,
for this project, you will write a brief document with a
33. maximum of 20 specific policies for the GDI Company.
Therefore, you must carefully consider and select only the most
important policies from hundreds of possible specific policies.
A brief description of the GDI Company is given below.
You will work individually on this project for a total of 25% of
your grading for the course. You may collaborate with your
classmates to share ideas and activities in preparation of the
final project deliverable. However, you will be graded for your
individual effort and deliverables, and you will submit the
project in your individual project assignment folders. You will
treat this project deliverable as if you would deliver it to your
own customer or client who will be paying you for the
deliverables.
Suggested Approach
These are only recommendations on the general approach you
might take for this project. This is your project to develop
individually.
1. Determine the most important assets of the company, which
must be protected
2. Determine a general security architecture for the company
3. Determine the real-time security measures that must be put in
place
4. Determine the monitoring and preventative measures that
must be put in place
5. Develop a list of 15 to 20 specific policies that could be
applied along with details and rationale for each policy
6. Integrate and write up the final version of the Security Policy
Document for submittal
The GDI company description is deliberately brief. In all real
34. life projects, you typically add complexity as you become
smarter as you go along. State the assumptions/rationale you
make to justify the selection of the particular security policies
you select. Attach the assumptions/rationale to each specific
security policy.
References
There are many information sources for Security Policy
Documents on the Internet. However, one good source to start
with is the SANS Security Policy Project that lists many
example security policy templates.
http://www.sans.org/security-resources/policies/
Company Description
GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages
thousands of accounts across Canada, the United States, and
Mexico. A public company traded on the NYSE, GFI
specializes in financial management, loan application approval,
wholesale loan processing, and investment of money
management for their customers.
GFI employs over 1,600 employees and has been experiencing
consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed
management strategy built on scaling operational performance
through automation and technological innovation has propelled
the company into the big leagues; GFI was only recently
profiled in Fortune Magazine.
The executive management team of GFI:
35. CEO
John Thompson
Vice Presidnet
Trey Elway
Executive
Assistant
Julie Anderson
Executive
Assistant
Kim Johnson
Executive
Assistant
Michelle Wang
CFO
Ron Johnson
COO
Mike Willy
CCO
Andy Murphy
Director of
Marketing
John King
Director of HR
Ted Young
Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and
hired to protect the physical and operational security of GFI’s
corporate information system.
You were hired by COO Mike Willy and currently report to the
COO. You are responsible for a $5.25m annual budget, a staff
36. of 11, and a sprawling and expansive data center located on the
5th floor of the corporate tower. This position is the pinnacle
of your career – you are counting on your performance here to
pave the way into a more strategic leadership position in IT,
filling a vacancy that you feel is so significantly lacking from
the executive team.
There is actually a reason for this. CEO John Thompson
believes that the IT problem is a known quantity – that is, he
feels the IT function can be nearly entirely outsourced at
fractions of the cost associated with creating and maintaining an
established internal IT department; the CEO’s strategy has been
to prevent IT from becoming a core competency since so many
services can be obtained from 3rd parties. Since the CEO has
taken the reigns two years ago, the CEO has made significant
headway in cutting your department’s budget by 30% and
reducing half of your staff through outsourcing. This has been
a political fight for you: maintaining and reinforcing the
relevance of an internal IT department is a constant struggle.
COO Willy’s act of hiring you was, in fact, an act of
desperation: the increasing operational dependence on
technology combined with a diminishing IT footprint gravely
concerned Willy, and he begged to at least bring in a manager to
whom these obligations could be delegated to. Willy’s worst
nightmare is a situation where the Confidentiality, Integrity,
and Availability of the information system was compromised –
bringing the company to its knees – then having to rely on
vendors to pull him out of the mess.
GFI has experienced several cyber-attacks from outsiders over
the past a few years. In 2012, the Oracle database server was
attacked and its customer database lost its confidentiality,
integrity, and availability for several days. Although the
company restored the Oracle database server back online, its
lost confidentiality damaged the company reputations. GFI
ended up paying its customers a large sum of settlement for
37. their loss of data confidentiality. Another security attack was
carried out by a malicious virus that infected the entire network
for several days. While infected the Oracle and e-mail servers
had to be shut down to quarantine these servers. In the
meantime, the company lost $1.700, 000 in revenue and
intangible customer confidence.
There’s no question that the company’s CEO sees the strategic
importance of technology in executing his business plan, and in
this way you share a common basis of principle with him: that
IT is a competitive differentiator. However, you believe that
diminishing internal IT services risks security and strategic
capability, whereas the CEO feels he can acquire that capability
immediately at a low cost through the open market. You’re told
that CEO Thompson reluctantly agreed to your position if only
to pacify COO Willy’s concerns.
CORPORATE OFFICE NETWORK TOPOLOGY
Remote
Dial UpUsers
Trusted Computing Base Internal Network
Off-Site Office
Internet
Global Finance, Inc.
VPN
Gateway
VPN
Gateway
PBX
PSTN
Worstations
(x25)
Worstations
(x12)
39. Printers
(x5)
Workstations
(x7)
SUS Server
Access
Layer
VLAN
Switch
10 Gbps
100Mbps
10Gbps
100Mbps
10 Gbps
OC193
10Gbps
RAS
10 Gbps
10 Gbps
10 Gbps
OC193
10Gbps
90
90
Wireless
Antenna
90
You are responsible for a corporate WAN spanning 10 remote
facilities and interconnecting those facilities to the central data
processing environment. Data is transmitted from a remote site
through a VPN appliance situated in the border layer of the
routing topology; the remote VPN connects to the internal
Oracle database to update the customer data tables. Data
transaction from the remote access to the corporate internal
40. databases is not encrypted.
A bulk of the data processing for your company is handled by
Oracle database on a high end super computer. The trusted
computing based (TCB) internal network is situated in a
physically separated subnet. This is where all corporate data
processing is completed and internal support team has its own
intranet web server, a SUS server, an internal DNS, an e-mail
system, and other support personnel workstations. Each
corporate department is segregated physically on a different
subnet and shares the corporate data in the TCB network.
OTHER CONSIDERATIONS
1. Ever since the article ran in Fortune about GFI, your network
engineers report that they’ve noted a significant spike in
network traffic crossing into the internal networks. They report
that they cannot be certain what or who is generating this
traffic, but the volume and frequency of traffic is certainly
abnormal. The management is very concerned over securing the
corporate confidential data and customer information.
2. Increasingly, GFI’s CEO Thompson attempts to outsource IT
competency. In fact, you’ve been told of a plan from COO
Willy to outsource network management and security functions
away from your department and to a service integrator. COO
Willy warns you that the political environment will only
become more contentious over time; you must make a
compelling case as to what value your department can bring
over an integrator that can provide secure services at 40% less
annual cost than you.
3. The interrelationship between data and operations concerns
you. Increasingly, some of the 10 remote sites have been
reporting significant problems with network latency, slow
performance, and application time-outs against the Oracle
41. database. The company’s business model is driving higher and
higher demand for data, but your capability to respond to these
problems are drastically limited.
4. Mobility is important for the organization to interact with the
customers and other co-workers in near real-time. However, the
CEO is concerned with the mobility security and would like to
research for the best practice for mobility security. The CEO is
willing to implement a BYOD policy if security can be
addressed.
5. Employees enjoy the flexibility of getting access to the
corporate network using a WiFi network. However, the CEO is
concerned over the security ramifications over the wireless
network that is widely open to the company and nearby
residents.
6. The company plans to offer its products and services online
and requested its IT department to design a Cloud Computing
based on an e-commerce platform. However, the CEO is
particularly concerned over the cloud security in case the
customer database had been breached.
_1430024514.vsd