Home >> Free Essays >> All Subjects >> IT
IT Examples and Topics
ISA Assessment of an Organization’s IT systems.
Kennith Thurman
School or Institution Name (University at Place or Town, State)
ISA Assessment of an Organization’s IT Systems
Introduction:
Information technology and communication systems play an important role in modern business. Advancements made in information and communication technologies over the years have changed the way people do business. Almost all of the modern enterprise or even small to medium-sized businesses rely on information technology equipment. Information technology is used to achieve business goals and embedded in business processes. All modern businesses harnessing the power of information technology, utilize the state of the art technologies for data processing ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1ostuirn8a","properties":{"formattedCitation":"(Englbrecht, Meier, & Pernul, 2019)","plainCitation":"(Englbrecht, Meier, & Pernul, 2019)"},"citationItems":[{"id":2103,"uris":["http://zotero.org/users/local/gITejLE9/items/G8R5QSG4"],"uri":["http://zotero.org/users/local/gITejLE9/items/G8R5QSG4"],"itemData":{"id":2103,"type":"chapter","title":"Toward a Capability Maturity Model for Digital Forensic Readiness","container-title":"Innovative Computing Trends and Applications","publisher":"Springer","page":"87-97","author":[{"family":"Englbrecht","given":"Ludwig"},{"family":"Meier","given":"Stefan"},{"family":"Pernul","given":"Günther"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Englbrecht, Meier, & Pernul, 2019). The data being processed by modern businesses often contain personally identifiable information of customers collected through various sources. It also includes direct business processes that rely on such data for service delivery. Exponential penetration of information technology systems into modern businesses have also made them a potential target of cybercriminals.
Where every organization claim to be the best in protecting their customer's data, the headlines are always filled with successful news of data breaches on such organizations. Increased reliance on businesses has shifted the attention of cybercriminals from targeting individual users to enterprise businesses. Cybercrime is developing as an industry and real businesses are facing challenges in securing their critical infrastructure from cyber-attacks. Cybercriminals are always trying to devise new and improved methods of breaching the available defense mechanisms of enterprise information systems ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a142ob86op6","properties":{"formattedCitation":"(Wood & Vickers, 2018)","plainCitation":"(Wood & Vickers, 2018)"},"citationItems":[{"id":2104,"uris":["http://zotero.org/users/local/gITejLE9/items/KD78XTS9"],"uri":["http://zotero.org/users/local/gITejLE9/items/KD78XTS9"],"itemData":{"id":2104,"type":"paper-conference","title":"Anticipated impact of the capability maturity model integration (CMMI®) V2. 0 on aerospace systems safety and security","container-title":"2018 IEEE Aerospace Conference","publisher":"IEEE","page":"1-11","ISBN":"1-5386-2014-6","author":[{"family":"Wood","given":"Paul B."},{"family":"Vickers","given":"David"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Wood & Vickers, 2018). There are various frameworks in place to help organizations in securing critical information technology infrastructure. The basic goal of all of the frameworks is to ensure the confidentiality, integrity, availability, and non-repudiation of data systems. Most organizations fail due to inefficient system configurations or lack of investments for appropriate infrastructure developments. It is hard for security managers to impress and convince higher management to invest in secondary systems to protect primary installations.
To overcome these and various other challenges faced by organizations in securing critical information infrastructure, information security assurance capability maturity model has been developed. It is also known as ISA-CMM framework. The framework requires organizations to build security into the business process. Information security must be a part of the business plan and it must be built into the business goals. Information security strategy must align with the business goals. Capability maturity model for information security assurance helps organizations to evaluate their existing infrastructure for compliance with the framework. The case study explains the assessment of an organizations data storage systems based on ISA-CMM framework version 3.2. During the study, various vulnerabilities and risks were discovered in the data storage systems and mitigation strategies were formed as per the capability maturity framework.
Discussion:
The most valuable and critical asset of any modern organization is the data storage system of the organization. Modern businesses rely on extensive data processing. Cloud computing paradigm has shifted the data storage from local storage systems to cloud ones. But the shift in storage system paradigm has not resolved the problem of targeted attacks and data breaches. Although virtualization and cloud computing solutions have solved the problem to some extent in the broader picture the risks have increased as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a234q707q8a","properties":{"formattedCitation":"(Yu, 2018)","plainCitation":"(Yu, 2018)"},"citationItems":[{"id":2105,"uris":["http://zotero.org/users/local/gITejLE9/items/MUL6LK2T"],"uri":["http://zotero.org/users/local/gITejLE9/items/MUL6LK2T"],"itemData":{"id":2105,"type":"article-journal","title":"Method Study on Information Safety Capability Evaluation of Internet Finance Enterprise","author":[{"family":"Yu","given":"Dongsheng"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Yu, 2018). Most of the businesses are not ready for migration to cloud servers due to privacy concerns and lack of regulation in this regard. An assessment of an organization's local data storage systems has been made based on the ISA-CMM framework. The organization provides data analytics services to global clients by employing state of the art data analytics technology. Data is received, processed, and stored into storage systems continuously. Data streams related to market analysis also contain personally identifiable information of clients. Securing such information storage and processing systems is the responsibility of the organization. The organization claims to be the best in protecting data storage systems but the assessment results suggest otherwise.
Local data storage systems consist of twenty servers interconnected with the internal network of the organization. Some servers and their communication topologies further divided into smaller networks for redundancy purposes. Most of the services offered by these data storage servers are accessible from external networks as well. A single server was configured to perform authentication and authorization services for the entire fleet of data storage systems in the organizational network ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2krq32rivm","properties":{"formattedCitation":"(Jacobs, 2015)","plainCitation":"(Jacobs, 2015)"},"citationItems":[{"id":2109,"uris":["http://zotero.org/users/local/gITejLE9/items/Y7BP5XLZ"],"uri":["http://zotero.org/users/local/gITejLE9/items/Y7BP5XLZ"],"itemData":{"id":2109,"type":"book","title":"Engineering information security: The application of systems engineering concepts to achieve information assurance","publisher":"John Wiley & Sons","ISBN":"1-119-10479-3","author":[{"family":"Jacobs","given":"Stuart"}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Jacobs, 2015). Authentication requires the identification of the person requesting access to the resources. Authorization deals with the access restrictions at the second step of the authentication. Meaning that it controls that the host will have access to what resources after successful authentication. The basic line of defense against any remotely accessed service is to use strong authentication and authorization systems.
During the assessment, it was discovered that the authentication server was configured to use password-based authentication system without any additional password policies making the system potentially vulnerable to hacking attempts. Simple password-based authentication systems can be compromised by password sniffing or packet sniffing attacks along with man in the middle type of attacks. Once an attacker is able to compromise the authentication system then all of the other logical measures for data security can also be breached. Although the organization has not experienced any attack bypassing their authentication system but lack of basic password policies made the system highly vulnerable ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a28aqaj3b57","properties":{"formattedCitation":"(Wahlgren, Fedotova, Musaeva, & Kowalski, 2016)","plainCitation":"(Wahlgren, Fedotova, Musaeva, & Kowalski, 2016)"},"citationItems":[{"id":2112,"uris":["http://zotero.org/users/local/gITejLE9/items/BKIYI4KB"],"uri":["http://zotero.org/users/local/gITejLE9/items/BKIYI4KB"],"itemData":{"id":2112,"type":"paper-conference","title":"IT Security Incidents Escalation in the Swedish Financial Sector: A Maturity Model Study.","container-title":"HAISA","page":"45-55","author":[{"family":"Wahlgren","given":"Gunnar"},{"family":"Fedotova","given":"Anna"},{"family":"Musaeva","given":"Alexandra"},{"family":"Kowalski","given":"Stewart"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Wahlgren, Fedotova, Musaeva, & Kowalski, 2016). The severity of the vulnerability was rated as critical and there was a high likelihood of the breach as per the capability maturity model of information security assurance. As the mitigation steps, it was recommended to implement a password policy as soon as possible. When designing security infrastructure, the most difficult aspect is to find the best balance of security and usability. For example, a most secure system will be one that is not connected to anything such as not even connected to power source. And then buried into the earth inside a concrete block. The system is no doubt the most secure system in the world as it cannot be accessed or breached by anyone. However, on the other hand, the same system will be the most useless system on earth as well as it cannot be used at all.
Therefore, implementing security means finding the optimal balance between security and usability of the system. The goal of information security assurance capability maturity model is to help organizations to minimize the security and usability tradeoff. In the current situation of the organization a password policy that requires the users to use complex passwords can be implemented. But the policy will kill the usability of the system as well because it will be hard for the employees and service users to remember a bunch of complex passphrases. As a result, people will tend to write down the passcodes as hand notes making the system even more vulnerable ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1dlht9tseu","properties":{"formattedCitation":"(Le & Hoang, 2017)","plainCitation":"(Le & Hoang, 2017)"},"citationItems":[{"id":2115,"uris":["http://zotero.org/users/local/gITejLE9/items/3IS34FA2"],"uri":["http://zotero.org/users/local/gITejLE9/items/3IS34FA2"],"itemData":{"id":2115,"type":"article-journal","title":"Capability Maturity Model and Metrics Framework for Cyber Cloud Security","container-title":"Scalable Computing: Practice and Experience","page":"277-290","volume":"18","issue":"4","author":[{"family":"Le","given":"Ngoc T."},{"family":"Hoang","given":"Doan B."}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Le & Hoang, 2017). Thus an incorrectly configured security policy will make the system more vulnerable instead of increasing security. The basic goal of information security assurance is to create the culture of secure practices used by the employees without compromising the security and usability of the system. A good password policy will require users and employees to use a strong password that must be eight characters long. Along with the length requirement, the policy must state that the user is required to use a combination of lowercase letters, uppercase letters, numerical values, and special characters. Use of all these characteristics will make the password secure enough to survive dictionary attacks.
Dictionary attacks are a type of attack in which criminals try to bypass the authentication system using all of the password combinations found in a dictionary. Therefore, it is highly recommended not to use dictionary words as passphrases for critical information systems. Moreover, a policy can implement that the password must be changed after a predefined interval such as after six months. It will ensure the password re-use conditions as the users are tempted to use a single password for multiple services they use. Password rotation is compulsory and it is never recommended to use the same password for multiple accounts. Given all of the password hardening policies and requirements, the authentication system cannot be considered as reliably secure against sophisticated attacks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2j19oapu72","properties":{"formattedCitation":"(Doss, Tesiero, Gokaraju, Mc Elreath, & Goza, 2017)","plainCitation":"(Doss, Tesiero, Gokaraju, Mc Elreath, & Goza, 2017)"},"citationItems":[{"id":2118,"uris":["http://zotero.org/users/local/gITejLE9/items/4D59ID4X"],"uri":["http://zotero.org/users/local/gITejLE9/items/4D59ID4X"],"itemData":{"id":2118,"type":"article-journal","title":"Proposed derivation of the Integrated Capability Maturity Model as an environmental management maturity model","container-title":"Energy Environ. Eng","page":"67-73","volume":"5","author":[{"family":"Doss","given":"Daniel Adrian"},{"family":"Tesiero","given":"Raymond"},{"family":"Gokaraju","given":"Balakrishna"},{"family":"Mc Elreath","given":"David"},{"family":"Goza","given":"Rebecca"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Doss, Tesiero, Gokaraju, Mc Elreath, & Goza, 2017). Stated password policy can work for end users but may not be enough for the employees working with sensitive personal information of clients. The solution is the implementation of the two-factor authentication system. A two-factor authentication system will provide an extra layer of security making the system more complex for criminals to breach the defenses.
Multiple systems are available for two-factor or multifactor authentication such as one-time password based logins, facial recognition, and fingerprint scanners. All of these authentication systems are based on something the user has, something the user remembers, and something that belongs to the actuals user for identification purpose. Something the user has can be a credit card, something the user remember is the password, and something that belongs to the user is the biometric verification through a fingerprint. The most secure factor is something that belongs to the user such as biometrics as they cannot be duplicated with ease. However, there are certain cases in which researchers were able to bypass fingerprint validation systems. But the probability of such attacks is very low and close to zero for enterprise systems. A layered approach to security of the system will increase the capacity of the system to defend against the digital dark arts.
Authorization system of the organization was also vulnerable due to the poor segregation of data systems inside the network. The organization was not maintaining the recommended level of data segregation for different departments. For example, data related to the finance department was easily accessible to the customer support department. The organization was informed about the vulnerabilities and steps to mitigate the risks of data breaches due to poor segregation of confidential data. All of the data storage servers were accessible from external networks even the system perceived to be only internal due to poor configuration of firewall rules. Network level firewall was installed but not configured to close unused ports on the network allowing hackers to exploit the firewall defenses. To mitigate the risk the firewall was configured to drop all incoming traffic on any port for internal servers of the organization making them invisible from external networks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ahtp7rvem2","properties":{"formattedCitation":"(Bloomfield, Bishop, Butler, & Netkachova, 2017)","plainCitation":"(Bloomfield, Bishop, Butler, & Netkachova, 2017)"},"citationItems":[{"id":2121,"uris":["http://zotero.org/users/local/gITejLE9/items/59UKPTGA"],"uri":["http://zotero.org/users/local/gITejLE9/items/59UKPTGA"],"itemData":{"id":2121,"type":"paper-conference","title":"Using an assurance case framework to develop security strategy and policies","container-title":"International Conference on Computer Safety, Reliability, and Security","publisher":"Springer","page":"27-38","author":[{"family":"Bloomfield","given":"Robin"},{"family":"Bishop","given":"Peter"},{"family":"Butler","given":"Eoin"},{"family":"Netkachova","given":"Kate"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Bloomfield, Bishop, Butler, & Netkachova, 2017). Data storage server’s segregation was achieved by the implementation of virtual local area networks on switch level. Network switches were configured to block the access of one department for the data of other departments. Along with network-based firewall it was recommended to use host-based firewalls as well because a host-based firewall will protect the internal network of the organization from being compromised. It will also help in the isolation of an infected host from the network.
The organization was informed about the benefits and appropriate configuration of network intrusion detection systems that will protect any attempt to compromise the network. It must be configured at a point with the network firewall so, that the traffic from all of the internal network nodes can be monitored. It was also discovered that the organization was storing logs of network activity and access requests on different servers. There was no mechanism of analyzing the logs and central management of the logs as well making it extremely difficult for the organization to reconstruct the attack events in case of successful breach of the defenses. The risk was mitigated by the installation of central log storage and analysis system secured by a reverse proxy configuration. It was necessary as targeted attacks and advanced persistent attacks try to wipe out the log files to obscure the forensic investigation paths for researchers.
Conclusion:
It is of vital importance for organizations to secure their information technology infrastructure from cyber-crimes. There are many frameworks available to organizations for securing infrastructure with legal implications and regulations. Information security assurance based on capability maturity model is the best framework for most of the organizations to align their information security infrastructure to their business goals. It requires organizations to implement security into processes at the domain level. The case study of the organization revealed many vulnerabilities including some critical risks. All of the risks were mitigated as per the ISA-CMM framework and assigned appropriate recommendations along with comprehensive suggestions for strategic security policy implementation.
References
ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Bloomfield, R., Bishop, P., Butler, E., & Netkachova, K. (2017). Using an assurance case framework to develop security strategy and policies. International Conference on Computer Safety, Reliability, and Security, 27–38. Springer.
Doss, D. A., Tesiero, R., Gokaraju, B., Mc Elreath, D., & Goza, R. (2017). Proposed derivation of the Integrated Capability Maturity Model as an environmental management maturity model. Energy Environ. Eng, 5, 67–73.
Englbrecht, L., Meier, S., & Pernul, G. (2019). Toward a Capability Maturity Model for Digital Forensic Readiness. In Innovative Computing Trends and Applications (pp. 87–97). Springer.
Jacobs, S. (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons.
Le, N. T., & Hoang, D. B. (2017). Capability Maturity Model and Metrics Framework for Cyber Cloud Security. Scalable Computing: Practice and Experience, 18(4), 277–290.
Wahlgren, G., Fedotova, A., Musaeva, A., & Kowalski, S. (2016). IT Security Incidents Escalation in the Swedish Financial Sector: A Maturity Model Study. HAISA, 45–55.
Wood, P. B., & Vickers, D. (2018). Anticipated impact of the capability maturity model integration (CMMI®) V2. 0 on aerospace systems safety and security. 2018 IEEE Aerospace Conference, 1–11. IEEE.
Yu, D. (2018). Method Study on Information Safety Capability Evaluation of Internet Finance Enterprise.
Subject: IT
Pages: 7 Words: 2100
_Y bjbj 29 9 228 @,L@2p@(@(@@@BBBZZZZZZZHZ-BBBBBZ@@HZPEPEPEB@@)YpPEBZPEPESLU@6_DC.UY02UHarCaHUU aWBBPEBBBBBZZPEBBB2BBBBaBBBBBBBBB2 Strategies for Addressing Global Threats
Author Name(s), First M. Last, Omit Titles and Degrees
Institutional Affiliation(s)
Author Note
Include any grant/funding information and a complete correspondence address.
Introduction
Cyber terrorism is a growing strategic threat to businesses and organizations dealing with banking and financial services. Cyber terrorism is of varying types and individuals or groups involved in such activities have agendas different than an ordinary hacker or cyberbullies. According to statistics, almost 122,000 people lost their lives due to terrorist activities in just the previous 3 years and insured losses reached up to 173 million (Michel Kunreuther, 2018). These causalities and damages are directly linked with their malicious activities related to financial and IT sectors and departments as only in 2016, they undertook 346 attacks on the global supply chain. It has been reported that terrorist organizations are using of computing techniques and expertise in order to launch attacks against their targets. In this background paper, several techniques and practices of prevention are discussed for the implementation in PBI-FS, the financial service acquired by Padgett-Beale.
Analysis
Cyber terrorists gave been using different platforms for launching attacks on financial services over the years. It is important to understand and have a clear idea of these activities in order to prevent them in the future. Mobile Banking is one of the popular attack vector used in previous years by cyber terrorists. They do so by using Trojans and viruses using mobile applications of Marcher/Android by virtue of auto-install vulnerabilities. Along with that, SMS fishing, encapsulating Trojans in the form of updates, fake web addresses or emails are also used frequently for this purpose ADDIN ZOTERO_ITEM CSL_CITATION citationIDIfTwejcC,propertiesformattedCitation(Littl3field, 2018),plainCitation(Littl3field, 2018),noteIndex0,citationItemsid521,urishttp//zotero.org/users/local/5OlhLovK/items/IZ377F8Y,urihttp//zotero.org/users/local/5OlhLovK/items/IZ377F8Y,itemDataid521,typewebpage,abstractContents n2. Executive Summary n2.1 Keywords n3. Introduction n3.1 Aim and methodology n4. What is cyber terrorism n4.1 Origins and,container-titleMedium,languageen,noteLibrary Catalog littlefield.co,titleCyber Terrorism understanding and preventing acts of terror within our cyber space,title-shortCyber Terrorism,URLhttps//littlefield.co/cyber-terrorism-understanding-and-preventing-acts-of-terror-within-our-cyber-space-26ae6d53cfbb,authorfamilyLittl3field,given,accesseddate-parts2020,3,2,issueddate-parts2018,2,28,schemahttps//github.com/citation-style-language/schema/raw/master/csl-citation.json (Littl3field, 2018). Another kind is an extortion attack to extort banks and financial services where a person calls a bank or organization and ask for an amount of 1Million for the information they managed to steal.
Phishing attacks have also become abundant due to advancements in the cybersecurity industry. Previously, to launch a phishing attack, a hacker had to build a site write or develop malware programs to launch the campaign against the potential target. Nowadays, the task has become easier because of the availability of hacking toolkits which can be purchased and used for exploitation (SECUREWORKS, 2017). Other common related threats include Network traveling worms, social engineered Trojans and advanced persistent threats.
In order to prevent these potential attacks, there are few recommendations for PBI-FS for consideration.
The organization needs to have an efficient threat intelligence system to have a proactive approach to the security program.
The organization must have a mechanism to track threats that are specific to the nature of the business.
Leveraging automation tools is one of the effective solutions for monitoring and detection (Carter, 2017).
Frequent workshops and seminars for cybersecurity training of the employees to update them about advance techniques and practices.
Conclusion.
Cyber terrorism should not be underestimated in view of recent incidents and breaches in the financial sector. A company can prevent these threats by applying early and effective mitigation and detection steps to reduce the risk of cyber-attacks by criminals and terrorists. Apart from the steps mentioned above, the upper management must make sure that employees are well aware of security requirements. The reason is that employees are comparatively a weaker link in the chain of cybersecurity and may become responsible for cyber-attack or data theft.
References
Michel Kerjan, E., Kunreuther, H. (2018). A successful (yet somewhat untested) case of disaster financing Terrorism insurance under TRIA, 20022020.Risk Management and Insurance Review,21(1), 157-180.
SECUREWORKS. (2017, 5 12). Cyber Threat Basics, Types of Threats, Intelligence Best Practices. Retrieved from SECUEWORKS HYPERLINK https//www.secureworks.com/blog/cyber-threat-basics https//www.secureworks.com/blog/cyber-threat-basics
Littl3field. (2018, February 28). Cyber Terrorism Understanding and preventing acts of terror within our cyber space. Medium. https//littlefield.co/cyber-terrorism-understanding-and-preventing-acts-of-terror-within-our-cyber-space-26ae6d53cfbb
Carter, W. (2017). Forces Shaping the Cyber Threat Landscape for Financial Institutions.
STRATEGIES FOR ADDRESSING GLOBAL THREATS PAGE MERGEFORMAT 5
Running head STRATEGIES FOR ADDRESSING GLOBAL THREATS PAGE MERGEFORMAT 1
()b / o ) P m q G
x5hhhWhhhLQh h
h
hChRh_lhQhCYBfHphq hCYhzh hdhhihgh
hF hhhxh3)b DVn FgdHgdCgdCgd
gd
gd56fgzCDCDUVLshhRh0RhIh4hQhCYBfHphq h-ChhHhh4shIEhhmHnHuhhRhChh/hhrh hR hR hR jhR U2 00gdgdgdIgdIsl78zppbpWP hh h6hhIh0JmHnHujhUmHnHuh6mHnHuhmHnHuhQh,BfHphq ,hQhi6BfHphq 2hihiBOJQJJfHphq hQhiBfHphq hihhwXhohkq
gdQdgdgdi0178H0gdgd @AXYZksokgShk0JmHnHuhQhF PJhhwshxjh0JUmHnHuhk0JmHnHu h0Jjh0JU hQ0J hF 0JhADjhADU hQhhhQh BfHphq hQhaZiBfHphq hQhBfHphq gdi
gdQ hQhhADhws hx0Jjh0JUmHnHu8 01hpQ0/ s666666666vvvvvvvvv66666666666666666666666666666666666666.666666666666nN66666666666666666666666666666666666666666666666666666666666666666p626FVfv2.6FVfv6FVfv6FVfv6FVfv6FVfv6FVfv 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@PJ_HmH nH sH tH VV A
Normald CJKH_HaJmH nHsH tHT@T j Heading 1@a5OJPJQJJRR j@ Heading 2@5OJPJQJJNN 0@ Heading 3 @5OJPJQJJTT 0@ Heading 4 @56OJPJQJJNN 0@ Heading 5 @6OJPJQJJZZ Fj Heading 6(@BOJPJQJJphnnn Gj Heading 7(@6BOJPJQJJphnnnbb Hj Heading 8(@BCJOJPJQJJaJphh h Ij Heading 9 (@6BCJOJPJQJJaJphDA D Default Paragraph FontRiR
0 Table Normal4 l4a (k (
0No List TT
Section Title@aOJPJQJJ2@2 0Header d2/2 0 Header CharKH0W0 Strong 5B 1B 0Placeholder Text Bph@@@f Bf 0No Spacing,No IndentdCJ_HaJmH nHsH tHN/QN Heading 1 Char5KHOJPJQJJN/aN @Heading 2 Char5KHOJPJQJJD@rD Title amOJPJQJJ@/@ S Title CharKHOJPJQJJ.X . @Emphasis6N/N 0@Heading 3 Char5KHOJPJQJJT/T 0@Heading 4 Char 56KHOJPJQJJN/N 0@Heading 5 Char6KHOJPJQJJRR 0 Balloon Text dCJOJQJJaJR/R 0Balloon Text CharCJKHOJQJJaJ A P Bibliography 0xTx j0 Block Text NYYYOYYYPYYYQYYY6BphYYY6B6 0 Body Text x8/8 0Body Text CharKHP2 0 Body Text 2 x/A 0Body Text 2 CharKHBQRB 0 Body Text 3 xCJaJD/aD 0Body Text 3 Char CJKHaJLMrL (0Body Text First IndentR/R 0Body Text First Indent CharKHHCH 0Body Text Indent)xhF/F )0Body Text Indent CharKHPNP ,0Body Text First Indent 2V/V 0Body Text First Indent 2 CharKHLRL .0Body Text Indent 2-xhJ/J -0Body Text Indent 2 CharKHTST 0 0Body Text Indent 3/xhCJaJR/R / 0Body Text Indent 3 Char CJKHaJPP 0Caption1d6BCJaJph88 30Closing2d4/14 20 Closing CharKHFBF 5 0 Comment Text 4dCJaJF/QF 4 0Comment Text Char CJKHaJ@jAB@ 70Comment Subject65R/qR 60Comment Subject Char5CJKHaJ(L( 90Date8./. 80 Date CharKHRYR 0 Document Map dCJOJQJJaJR/R 0Document Map CharCJKHOJQJJaJFF 0E-mail Signature dF/F 0E-mail Signature CharKHDD 0
Footnote TextdCJaJH/H 0Footnote Text Char CJKHaJtt 0Envelope Address@dD/@ OJPJQJJ 0Envelope Return AdCJOJPJQJJaJ2 2 C0Footer Bd2/12 B0 Footer CharKHpCp p Table Grid7VD0DdS Table Grid Light7VE0EdR/aR Heading 6 CharBKHOJPJQJJphnnnX/qX Heading 7 Char6BKHOJPJQJJphnnnZ/Z Heading 8 CharBCJKHOJPJQJJaJph/ Heading 9 Char6BCJKHOJPJQJJaJphDD K0 HTML Address Jd6D/D J0HTML Address Char 6KHe M 0HTML Preformatted LdCJOJQJJaJ/ L 0HTML Preformatted CharCJKHOJQJJaJ8 8
0Index 1Nd8 8
0Index 2Od8 8
0Index 3Pd8
8
0Index 4Qd88
0Index 5Rd88
0Index 6Sd88
0Index 7Td88
0Index 8Ud88
0Index 9VdpPP 0
Index HeadingW5OJPJQJJtt Y
Intense Quote/XhhN@@@ P@@@ a6Bph@@@P/P XIntense Quote Char6BKHph@@@0/0 0List
Zhm424 0List 2
m434 0List 3
8m444 0List 4
m454 0List 5
m0 List Bullet _ FmB6B 0
List Bullet 2
FmB7B 0
List Bullet 3
a FmB8B 0
List Bullet 4
b FmB92B 0
List Bullet 5
c FmFDBF 0
List ContinuedxhmJERJ 0List Continue 2exmJFbJ 0List Continue 3fx8mJGrJ 0List Continue 4gxmJHJ 0List Continue 5hxm1 List Number i FmBB 0
List Number 2
j FmBB 0
List Number 3
k FmBB 0
List Number 4
l F mBB 0
List Number 5
m F mD@D List Paragraph
nm- p 0 Macro Text(o
@
d(CJKHOJQJJ_HmH nHsH tHN/N o 0Macro Text CharCJKHOJQJJaJI r0Message HeaderIqdM NOPQ8OJPJQJJ/ q0Message Header CharKHOJPJQJJq D2D 0 Normal (Web)s OJQJJB 0
Normal Indent tO v0 Note Heading ud/a u0Note Heading CharKHNZrN x 0 Plain Text wdCJOJQJJaJN/N w 0Plain Text CharCJKHOJQJJaJNN zQuoteya6Bph@@@@/@ y Quote Char6BKHph@@@4K4 0 Salutation/ 0Salutation CharKH@ 0 Signatured8/8 0Signature CharKHL,L 0Table of Authorities @@ 0Table of FiguresP.P 0 TOA Heading x5OJPJQJJ22
pTOC 4d22
pTOC 5d22
pTOC 6d22
pTOC 7d22
pTOC 8d22
pTOC 9d 0Endnote ReferenceH@ @ PFootnote ReferenceH A0 APA ReportV0 j4 d
OJQJ@@ p Table/Figure
m M
Plain Table 1qV0j@ j j
44d,5555B B 0Comment ReferenceCJaJBB 0 Endnote TextdCJaJF/F 0Endnote Text Char CJKHaJb 0 HTML CodeCJOJQJaJBd B 0
HTML KeyboardCJOJQJaJFg F 0HTML TypewriterCJOJQJaJH1 H PIntense Emphasis6Bph777TA T EIntense Reference5@BphYYYH H jp TOC Heading@ aaJ FV a F j0FollowedHyperlink BphYYY2Or 2 Title 2 a6U 6 0 Hyperlink Bph___PKContent_Types.xmlN0EH-J@ULTB l,3rJBG7OVa(7IRpgLr85vuQ8CX6NJCFB..YTe55 _g -Yl6NPK6 _rels/.relsj0 Qv/C/(hO Chvxp_P1H0ORBdJE4bq_6LR70O,En7Lib/SePKkytheme/theme/themeManager.xml M @w7c(EbCA7K
Y,
e.,H,lxIsQ ,jGW)E 8PKRtheme/theme/theme1.xmlYF/lMBql4F3 iCCiH/6MwFcd
4IsNXp xpop,
we.pC0pm 8MQoDBF1vtp .4IPaQ4qm0qnAy0bfU LlRJ3TlNS)a)Cv.xys@oE@)xRe_-4PHI.rm3g--PP
Yu),j-BXRH8@ I7E10(2O4k LEzqO2POuz_gx7 svnB2,E3p9GQd H
xuv 0F,FK sO3w vfSVbsyX p5veuw 1z@ l,ib
I jZ29LZ15xl.(zmd@23ln-@iDtd6lB63yy@tHjpUyeXry3sFXI
O5YYS.7bdn671.
tn/w/t6PssL. JiN AI)t2 Lmx(-ixQCJuWlQyI@
m2DBAR4 wnaQ
W0xBdT/.3-FbYLKK 6HhfPQh)GBms_CZys
v@c)h7JicFS.NP
eI Q@cpaAV.9HdHVXAYr A pxSL93U5U
NC(pu@d4)t9M4WP5flk_X-C wTB Y,
Ao Ye zxTVOlp
/gTpJ
EG,
AozAryerb/Ch, Eoo.
YgJW____RVW/79AkWjZuk y_Zklc,bUvPK
theme/theme/_rels/themeManager.xml.relsM 0woo5
6Q
,.aic21hqm@RNdo7gK(MR(.1rJT8VAHubP8g/QAs(LPK-Content_Types.xmlPK-6 0_rels/.relsPK-kytheme/theme/themeManager.xmlPK-Rtheme/theme/theme1.xmlPK-
theme/theme/_rels/themeManager.xml.relsPK xml version1.0 encodingUTF-8 standaloneyes
aclrMap xmlnsahttp//schemas.openxmlformats.org/drawingml/2006/main bg1lt1 tx1dk1 bg2lt2 tx2dk2 accent1accent1 accent2accent2 accent3accent3 accent4accent4 accent5accent5 accent6accent6 hlinkhlink folHlinkfolHlink/2 VVV5s5f z 7zQ4X9QST @H 0( 0( B S (())aabb
@kk@())aabbmq C
D
@knmRlk6jco8bah iL4_ZJhB.eOZ T V pm tsr ..888.. OJQJo( OJQJo( 888OJQJo( OJQJo(888o(. 888OJQJo( Article . Section .PP()pp()PP)PP))PP.0p0p.hOJQJo(hHhppOJQJJo(hHoh@ @ OJ QJ o(hHhOJQJo(hHhOJQJJo(hHohOJ QJ o(hHhOJQJo(hHhPPOJQJJo(hHoh OJ QJ o(hHhh))88)()()pp() .@ @ . . Article . Section .PP()pp()PP)PP))PP.0p0p.hh.PP.....xx.... ..... X X ......
.......
88........
......... tsr TZJV pm.eO dYZ
r
H7bAMw@(R9OF-mLA.TWYnBdeTh j6l r s_vwcpDH( gF A
kqzW@_g_l68D-hV55Q-CADH4rOLQ0RU4UWiaZik4swsyRIECYCSDI
jRM oMr, EA0krW9nnc4RhwXR5d/MxiR y __Grammarly_42____i__Grammarly_42___14H4sIAAAAAAAEAKtWckksSQxILCpxzi/NK1GyMqwFAAEhoTITAAAATH4sIAAAAAAAEAKtWcslP9kxRslIyNDYyMje1NDU2M7M0szA2NDBU0lEKTi0uzszPAykwqgUAOOoZSwAAAA@(@8@Unknown GAx Times New Roman5Symbol3. Cx ArialABCambria Math 8SimHeiSO(SimSunSO9. )Segoe UI9 @ Consolas Cx Courier NewWingdingsB1hI I 0 NQHP Pr2xx bCUserszarrarhafeezghoriAppDataRoamingMicrosoftTemplatesAPA style report (6th edition).dotx(Strategies for Addressing Global Threats Zack GoldMorningH
Oh0, H h t
,Strategies for Addressing Global Threats Zack Gold APA style report (6th edition)Morning2Microsoft Office Word@F@6_@6_I.,D.,T hp
)Strategies for Addressing Global Threats Titleh0t(0 _PID_HLINKSZOTERO_PREF_1ZOTERO_PREF_2AB5https//www.secureworks.com/blog/cyber-threat-basicsdata data-version3 zotero-version5.0.84session idf7TrZYNB/style idhttp//www.zotero.org/styles/apa localeen-US hasBibliography1 bibliographyStyleHasBeenSet0/prefspref namefieldType valueField/pref nameautomaticJourn0alAbbreviations valuetrue//prefs/data
(),-./0123456789@ABCDEFGHIJLMNOPQRTUVWXYZfabcdeRoot Entry Fa6_ 1TableaWordDocument 2SummaryInformation(KDocumentSummaryInformation8SMsoDataStore6_6_GVXG3LPP2 6_6_Item PropertiesJ3GMFPSF2W2 6_6_Item qPropertiesU
()CoverPageProperties xmlnshttp//schemas.microsoft.com/office/2006/coverPagePropsPublishDate/AbstractSTRATEGIES FOR ADDRESSING GLOBAL THREATS/AbstractCompanyAddress/CompanyPhone/CompanyFax/CompanyEmail//CoverPagePropertiesxml version1.0 encodingUTF-8 standaloneno
dsdatastoreItem dsitemID55AF091B-3C7A-41E3-B477-F2FDAA23CFDA xmlnsdshttp//schemas.openxmlformats.org/officeDocument/2006/customXmldsschemaRefsdsschemaRef dsurihttp//schemas.microsoft.com/office/2006/coverPageProps//dsschemaRefs/dsdatastoreItemxml version1.0 encodingUTF-8 standaloneyes
bSources SelectedStyleAPASixthEditionOfficeOnline.xsl StyleNameAPA Version6 xmlnsbhttp//schemas.openxmlformats.org/officeDocument/2006/bibliographybSourcebTagArticle/bTagbSourceTypeJournalArticle/bSourceTypebGuidA9826F97-9AB6-4323-9880-F46D9FA5FDF4/bGuidbTitleArticle Title/bTitlebYearYear/bYearbJournalNameJournal Title/bJournalNamebPagesPages From - To/bPagesbAuthorbAuthorbNameListbPersonbLastLast Name/bLastbFirstFirst,/bFirstbMiddleMiddle/bMiddle/bPerson/bNameList/bAuthor/bAuthorbRefOrder2/bRefOrder/bSourcebSourcebTagLast/bTagbSourceTypeBook/bSourceTypebGuid60AAA012-579D-4CB3-B717-40E27E8995F9/bGuidbTitleBook Title/bTitlebYearYear/bYearbCityCity Name/bCitybPublisherPublisher Name/bPublisherbAuthorbAuthorbNameListbPersonbLastLast Name/bLastbFirstFirst,/bFirstbMiddleMiddle/bMiddle/bPerson/bNameList/bAuthor/bAuthorbRefOrder3/bRefOrder/bSourcebSourcebTagSEC17/bTagbSourceTypeInternetSite/bSourceTypebGuidD6802D0D-A2D3-4B43-AC18-85C86F7F1D5F/bGuidbAuthorbAuthorbCorporateSECUREWORKS/bCorporate/bAuthor/bAuthorbTitleCyber Threat Basics, Types of Threats, Intelligence amp Best Practices/bTitlebYear2017/bYearbInternetSiteTitleSECUEWORKS/bInternetSiteTitlebMonth5/bMonthbDay12/bDaybURLhttps//www.secureworks.com/blog/cyber-threat-basics/bURLbRefOrder1/bRefOrder/bSource/bSources
xml version1.0 encodingUTF-8 standaloneno
dsdatastoreItem dsitemIDA0462977-7CC1-4C83-BDA7-A3E04857335B xmlnsdshttp//schemas.openxmlformats.org/officeDocument/2006/customXmldsschemaRefsdsschemaRef dsurihttp//schemas.openxmlformats.org/officeDocument/2006/bibliography//dsschemaRefs/dsdatastoreItem F Microsoft Word 97-2003 Document MSWordDocWord.Document.89qCompObjr
Subject: IT
Pages: 2 Words: 600
Week 8 Research Essay
[Name of the Writer]
[Name of the Institution]
Weak 8 Research Essay
Abstract
Since the establishment of the computers, the software companies are searching for methods which can help them in the development process of software products. In the 1980s, researchers focused on finding techniques for the software developers which can automate their tasks. Many researchers claimed that CASE tools are the future of software development and will perform all the tasks of the software developers automatically. However, CASE tools can’t perform all these tasks of the software developers but provide a combination of tools which can help software developers in the development of the software products.
CASE tools are necessary for every organization with the change in the processes and technology over time. There are different packages which are provided by CASE tools for the software development companies to assist them in the development of software. However, there are still many companies which are not aware of the CASE tools and their need for UML modeling and object-oriented concepts. Many researchers found that CASE tools are necessary for every organization these days who want to solve problems which they are facing in the development of software products.
This paper will present how different CASE tools can be utilized in the development of software products. Different categories of CASE tools are discussed in this paper and explained how these CASE tools categories allow the companies to automate their development tasks. The main goal of this paper is to provide assistance to the software companies that how to perform complex tasks during the development of the software products and how to perform different tasks which are necessary in the development of the software products with the help of CASE tools.
Introduction
Computer-aided software engineering (CASE) tools are used to provide assistance for the design and development of software. The aim of CASE tools is to reduce the time and cost of the development of software and enhance the quality of the software products. CASE tools help in increasing the productivity, improving the quality of software product, and maintenance of the software product. CASE tools assist the developers throughout the different stages of the development process. Computer-aided software engineering (CASE) include many different products which are having different functionalities.
The CASE tools are categorized into three levels which include upper level, lower level, and integrated level. The upper CASE tools are used in planning, designing and analysis phase of the software development, the lower CASE tools are used during the coding phase of the software development and Integrated CASE tools including all the phases which are essential for the development of the software products such as planning, designing, analysis, coding & testing, and maintenance. There are different CASE tools which include diagrams tools, documentation tools, analysis tools, process modeling tools, and design tools. All these CASE tools provide various functionality for the developers to assist them during the development of software products. However, many developers are unaware of the feature of CASE tools; that is why these tools are being sparsely used in many enterprises.
Discussion
CASE tools provide step by step methodology for the development of software products. There are different CASE tools which can be used in designing the process of software development. In designing phase, developers required CASE tools which assist them in creating diagrams and process models for the development of software. There are different diagramming and process model tools which provide assistance to the developers in creating a graphical representation of the data and system processes (Zheng et al., 2017).
Microsoft Visio is one of the most popular CASE tools for creating different diagrams and process models such as UML diagrams, flowcharts, use case diagrams, sequence diagrams, activity diagrams, DFDs, etc. (Zheng et al., 2017). These diagrams are essential because they allow in modifying the software as per the requirement of the software product. Designing tools allow developers to create the block structure of the software and describe about the modules one by one which is used in the software product. These tools help in providing the detail of each module and the connection of each module with each other.
There are different analysis tools which are also essential for the development of software products. Analysis tools help developers to find out the requirements of the users. These tools automatically check for any inaccuracy or inconsistency in the current model of the software. The Visible analyst is one of the most popular analysis tools which is used for complete analysis of the software model. It is an integrated strategic planning and data modeling tool for analyzing the software models during the development of the software product (Osman & Chaudron, 2018).
Coding CASE tools are as important as designing and analysis tools for the development of software. Coding tools consist of libraries and simulation tools which are used for testing and debugging of the software. There are different tools for coding which include Eclipse, Net beans, Microsoft visual studio, android studio, etc. These tools consist of programming environments such as IDE which provide assistance during the coding process of the software development. Testing and debugging is very important for the development of the software. It is the process of finding errors in the code and then fixing those errors. Testing and debugging helps the developers in fixing errors easily in the complex code (Osman & Chaudron, 2018).
Software maintenance and quality assurance are also very important because it allows the developers to include modifications in the software product after the development of the final product, and increase the overall quality and performance of the software product. The most important factor in the development of the software is to provide the quality to end users as per organization standards. Similarly, maintenance is also very important because bugs can stop the functionality of the software at any time. Maintenance allows to fix those bugs and ensure the stability of the software product (Osman & Chaudron, 2018). There are different quality assurance tools which include J meter, load runner, selenium, etc.
The above described is the different CASE tools and how they can be used in different processes of software development. It is very important to find the requirements of the software product before selecting a CASE tool because different CASE tools provide different functionalities for the developers. However, documentation and diagrams are an essential need for every software developer because they help in making relationships between different software components (Orlikowski, 1993). CASE tools are not only used for the development of the software products but also being used for database designing. They can provide many functions in database design which include designing a database, creating diagrams like schema’s, ERD, relationship diagrams, etc., generating reports and implementing a database.
Conclusion
Software engineers are searching for finding solutions to find architectural glitches and other problems during the development of software products. There are many software development companies which are looking for ways which can help them in automating the software development process. However, they are still not aware of the CASE tools which are the solution for their problems. CASE tools provide different tools for the developers which can automate the software development process. Different Case tools allow companies to create a proper structure for the development of the software and perform tasks step by step knowing the requirements of the users. It is really important for software development companies to utilize CASE tools to compete in the market.
References
Orlikowski, W. J. (1993). CASE tools as organizational change: Investigating incremental and radical changes in systems development. MIS quarterly, 309-340.
Yu, J. S., Zheng, Y. D., Tang, D. Y., & Jiang, Y. (2017, December). A graphical method for multi-signal flow graph modeling and testability analysis based on visio control component. In 2017 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM) (pp. 1306-1309). IEEE.
Osman, H., & Chaudron, M. R. (2018). Correctness and Completeness of CASE Tools in Reverse EngineeringSource Code into UML Model. GSTF Journal on Computing (JoC), 2(1).
Subject: IT
Pages: 6 Words: 1800
Freedom of Information Act & the Privacy Act
Kennith Thurman
[Institutional Affiliation(s)]
Author Note
Freedom of Information Act & the Privacy Act
In the electronic age, the issue of privacy has become increasingly more serious. The right to privacy is a recognized as an individual right and refers to the ability to share or withhold information about oneself with the external world, on one’s own terms. In this regard, the ‘Wiretap Act’ is U.S. federal law that protects individual privacy in their communication. The law imposes civil and criminal penalties on intercepting, disclosing, or using any breached information for personal gains. A deliberate interception by means of which the contents of a communicating are acquired for the purpose of listening, disclosing or using that information is illegal under the Act CITATION Far19 \l 1033 (Farkas, 2019). Moreover, any pretexting to obtain, sell, or buy another individual’s phone records through fraudulent tactics or otherwise is illegal, except if it is acquired by an intelligence or law enforcement agency, under the ‘Telephone Records and Privacy Protection Act of 2006’ which was signed by President Bush CITATION Bro07 \l 1033 (Broache, 2007). Moreover, federal agencies are also held accountable under the ‘Freedom of Information Act (FOIA)’ which allows everyone access to requested federal agency records as a right. Only records that are protected from disclosure under special exemptions by law enforcement agencies CITATION DHS171 \l 1033 (DHS, 2017). In this regard, the Privacy Rights Clearinghouse website provides citizens with a good overview of current consumer privacy rights by providing them educational resources to help raise their awareness, and thus, empower them to protect their privacy. The organization publishes original educational publications, and provides one-to-one-assistance to citizens, and advocates consumer-friendly privacy-related policy to stakeholders and legislators CITATION Pri19 \l 1033 (Privacy Rights, 2019).
References
BIBLIOGRAPHY Broache, A. (2007, January 17). President signs pretexting bill into law. Retrieved May 22, 2019, from CNET: https://www.cnet.com/news/president-signs-pretexting-bill-into-law/
DHS. (2017). Freedom of Information Act and Privacy Act. Retrieved May 22, 2019, from Homeland Security: https://www.dhs.gov/freedom-information-act-and-privacy-act
Farkas, B. (2019). How the Wiretap Act Protects Personal Privacy. Retrieved May 22, 2019, from Lawyers: https://www.lawyers.com/legal-info/personal-injury/types-of-personal-injury-claims/wiretap-act-privacy.html
Privacy Rights. (2019). Services. Retrieved May 22, 2019, from Privacy Rights Clearinghouse: https://www.privacyrights.org/about/services
Subject: IT
Pages: 7 Words: 2100
Week 8 Forum Post
Kennith Thurman
School or Institution Name (University at Place or Town, State)
Week 8 Forum Post
Closeout meetings of organizations related to information security assurance based on capability maturity models can prove to be the path changer as well. Key stakeholders must participate in the closeout meeting along with the security teams of the organization. In closeout meeting, the stakeholders have to decide on an appropriate capability maturity for information security with a unique balance of security and usability. The capability maturity model is designed to help organizations to choose a framework that provides the best security without compromising on the usability of the system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1s0j0bu1ha","properties":{"formattedCitation":"(Glumich, Riley, Ratazzi, & Ozanam, 2018)","plainCitation":"(Glumich, Riley, Ratazzi, & Ozanam, 2018)"},"citationItems":[{"id":2034,"uris":["http://zotero.org/users/local/gITejLE9/items/PNK2WUHT"],"uri":["http://zotero.org/users/local/gITejLE9/items/PNK2WUHT"],"itemData":{"id":2034,"type":"paper-conference","title":"BP: Integrating Cyber Vulnerability Assessments Earlier into the Systems Development Lifecycle: A Methodology to Conduct Early-Cycle Cyber Vulnerability Assessments","container-title":"2018 IEEE Cybersecurity Development (SecDev)","publisher":"IEEE","page":"77-84","ISBN":"1-5386-7662-1","author":[{"family":"Glumich","given":"Sonja"},{"family":"Riley","given":"Juanita"},{"family":"Ratazzi","given":"Paul"},{"family":"Ozanam","given":"Amanda"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Glumich, Riley, Ratazzi, & Ozanam, 2018). Most secure system disconnected from everything will also become the most useless system as well. Therefore, a closeout meeting plays a key role in the choice of the appropriate security framework for the organizations.
It may change the future directions of the company to achieve business goals without compromising on information security. The meeting will help organizational stakeholders to achieve primary security goals of confidentiality, integrity, availability, and non-repudiation. Closeout meetings contribute significantly to the security planning of organizations ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1oq2tfs2pa","properties":{"formattedCitation":"(Safa, Von Solms, & Furnell, 2016)","plainCitation":"(Safa, Von Solms, & Furnell, 2016)"},"citationItems":[{"id":2037,"uris":["http://zotero.org/users/local/gITejLE9/items/QICJW5ZM"],"uri":["http://zotero.org/users/local/gITejLE9/items/QICJW5ZM"],"itemData":{"id":2037,"type":"article-journal","title":"Information security policy compliance model in organizations","container-title":"Computers & Security","page":"70-82","volume":"56","author":[{"family":"Safa","given":"Nader Sohrabi"},{"family":"Von Solms","given":"Rossouw"},{"family":"Furnell","given":"Steven"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Safa, Von Solms, & Furnell, 2016). Information security is of vital importance, and stakeholders have to decide for a secondary solution investment to protect primary installations of information technology systems. Therefore, heads of all departments along with security teams must participate in closeout meetings.
References
ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Glumich, S., Riley, J., Ratazzi, P., & Ozanam, A. (2018). BP: Integrating Cyber Vulnerability Assessments Earlier into the Systems Development Lifecycle: A Methodology to Conduct Early-Cycle Cyber Vulnerability Assessments. 2018 IEEE Cybersecurity Development (SecDev), 77–84. IEEE.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70–82.
Subject: IT
Pages: 14 Words: 4200
Business Analyst
Name
Affiliations with Institutes
Business Analyst
With the ever-increasing demand for IT systems and multiple requests for the development of IT projects, it is no wonder that the whole life cycle of project development/implementation is given huge importance. An IT-related project, whether it is a software development, network setup or IT infrastructure configuration, involves multiple people that work together to make the project a success. Some of these roles include project manager, software developers, business analysts etc. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). Perhaps one of these roles that get unnoticed is of a business analyst ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). Business analysts are those people that fill in the gap between IT and the business ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). For an IT project to be a success, someone who can understand the technicalities of both IT and business must be present.
Role of Business Analyst
A business analyst analyzes the risk from all the aspects and finds out ways to mitigate or remove the possibilities of risk from the project.
Some of the main reasons why IT projects fail are
Incomplete requirements: The user was unable to fully convey his demands or it was on the part of the team for not properly understanding the requirements ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017).
Lack of user involvement: Without proper inclusion of the users of the project, the end result may not be the optimal one as the users give the right feedback on what is needed.
Unrealistic expectations: Something demanded by the client that may not be possible to complete due to any reason like finances, lack of technology, etc. is called unrealistic expectations.
Lack of support: It is necessary for any team that its members work in a joint effort to finish the project successfully ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). If proper support is not available, then the project is destined to fail.
Changing requirements: If the user continuously changes his requirements because of unfamiliarity to his main needs, then it can result in unnecessary delays and costs.
Lack of planning: Diving into development without proper planning can lead to catastrophic results in the IT projects
All of the above-mentioned reasons for failure should be mitigated by the business analyst by taking proper steps, that are
The Business analyst should review the requirements to know whether they are realistic or not, whether these can be completed or not and whether the requirements clearly represent the client’s needs.
The Business analyst should know which users are necessary for the projects and when they may be needed to participate in the development of the project ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017).
A Business analyst should review, whether the requirements are feasible enough to be completed within the stipulated time or not ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). It is not necessary that a business analyst be present when objectives are set, but they should be fully aware, whether it would be possible and feasible for his team to continue the project.
The Business analyst can design the presentation in such a way that the senior management, that is in charge of the big decisions, knows the significance of the project which would save everyone's time.
If all the risks that can occur in a project are mitigated, the project is bound to be successful.
The Business analyst can participate in the development of requirements and carefully identify all the requirements ahead ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). This would allow the developers to easily complete the project without the need for major overhauling.
Planning for any project is of paramount importance. Carefully identifying each step of the cycle and implementing it properly, is the job of the business analyst ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SfwCq5Ba","properties":{"formattedCitation":"(Nicholas & Steyn, 2017)","plainCitation":"(Nicholas & Steyn, 2017)","noteIndex":0},"citationItems":[{"id":388,"uris":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"uri":["http://zotero.org/users/local/qnvKw9vm/items/Y98QNMW5"],"itemData":{"id":388,"type":"book","ISBN":"1-317-38480-6","publisher":"Routledge","title":"Project management for engineering, business and technology","author":[{"family":"Nicholas","given":"John M."},{"family":"Steyn","given":"Herman"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nicholas & Steyn, 2017). They should be aware of what must be done, along with the requirements for making the project a great success.
References
ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Nicholas, J. M., & Steyn, H. (2017). Project management for engineering, business and technology. Routledge.
Subject: IT
Pages: 2 Words: 600
Business analyst roles and responsibilities
[Name of the Writer]
[Name of the Institution]
Business Analyst’s Roles and Responsibilities
A business analyst is often described as a bridge of communication between the stakeholders and IT staff. They facilitate an organization by discussing the policies, structures of business, suggesting and proposing the solutions that will, in turn, help them to achieve their aim and be successful. Their role is to understand the business and its requirements also, pointing out any changes that are required, ensuring all the hopes of stakeholders are met. Additionally, one of their key responsibility is to document all the business needs, test plans, execution of these plans and supporting the team and customer development.
A business analyst plays one of the critical roles in a project as the fate of the whole project is determined by the role of an analyst and project manager (Beauchamp, 2008). An analyst is responsible for the delivery of the right project by ensuring that whether all the desired objectives are achieved or not.
Business Analyst’s key Responsibilities
The duties or responsibilities of an analyst vary on a daily basis according to the type of organization and what services they offer. Typically, people often consider the role of an analyst as a person that just analyze the business and provide his opinion about that. But, in reality, the job of an analyst is much broader as they have to help the stakeholders by understanding the problems they are facing and formulating a plan that will solve their problems. They also help the organization to make a timely decision about where to invest their money to achieve maximum benefits in the future. It is their responsibility to understand business requirements and their connections to the possibility of change by assembling and documenting potential business requirements. Additionally, they are responsible for explaining technical terminologies to the non-technical staff and clarifying the instructions to the teams to achieve an objective. It is also a part of their duty to determine business investments, savings, and their impact in the future. Also, proposing a solution to a problem that an organization faces and then implementing it.
Business Analyst’s Role in a Project
A good analyst is critical in a project’s success because they can lead a project towards success and failure. The list of their roles in any project is as follows:
Running the project’s casual side.
The role of the project manager is to lead the team, review all the work done by the team and managing the team’s meetings. While all the informal leadership of the team including the tech team and interaction with the customer’s side team will be done by the business analyst.
Managing the tech team.
The tech team is directly dependent upon the business analyst. They need guidance and direction on a daily basis to proceed with the work. Business analyst has the ability to make a decision that is in the favor of the company and they can therefore directly assist the tech department in reaching their objective by keeping the project moving in case of any problem from the customer side.
Managing the requirements.
Although the project manager leads the overall project, it’s the responsibility of an analyst to review each and every detail of the project, attend the meetings with the customer and work in coordination with other staff and document every detail to achieve the goal.
Making a creative decision on the project.
The decisions made by the project manager is totally based on the decision and analysis report of a business analyst. As business analyst knows full details of the project based on the client perspective he or she can take creative decisions immediately. This will help the project run smoothly without requiring extra time.
Keeping the customer-focused
A business analyst works as a communication bridge between the customer and the staff. It is his key responsibility to keep the customer involved in the process as the customer’s disappearance makes it difficult to accomplish the task.
Conclusion
A business analyst can make or break the project and plays a vital role in the success of the project. There are many companies that combine the role of an analyst and project manager which will eventually lead them towards their failure because they both have different tasks and responsibilities. Also, too much communication and leadership in a certain project are needed from a business analyst. Therefore, to reach the maximum success it is important to take help from an analyst.
References
BIBLIOGRAPHY Beauchamp, G. (2008). The Benefits of Business Analysis. Retrieved July 10, 2019, from Modern Analyst: https://www.modernanalyst.com/Resources/Articles/tabid/115/articleType/ArticleView/articleId/602/What-are-the-Benefits-of-Business-Analysis.aspx
Subject: IT
Pages: 2 Words: 600
Performance Measurement Techniques
[Author’s name]
[Institute’s name]
Performance Measurement Techniques
Introduction
A comprehensive assessment of the project during different phases is a necessary condition to ensure the successful development and execution of the project. The overall performance of the project is mainly associated with the domains of project scope, schedule, or deliverables. The criteria of performance valuation of the project require the adoption of specific and well-aligned performance measurement techniques — the broad concept of performance defined as objective assessment of performance against the benchmark. Implementation of suitable performance measurement techniques is necessary to condition considering the aim of measuring the performance of the project. This paper focuses on critically analyzing which performance measurement techniques can be used to identify or control changes to the project scope, schedule, or deliverables.
Discussion
Scope, schedule, and deliverables recognized as three major stages to guarantees successful development and application of the project. Assessment of the project at various phases is a mandatory condition to detect any problematic feature and propose suitable solutions timely. Further, this perspective is characterized as the assistive factor for the decision-makers in the future. The success of the project can only be apprehended by selecting a suitable performance assessment system. It is noteworthy to mention that the evaluation system requires the active involvement of suitable performance measurement techniques ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"93X5mRA3","properties":{"formattedCitation":"(Vanhoucke, 2009)","plainCitation":"(Vanhoucke, 2009)","noteIndex":0},"citationItems":[{"id":1648,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/IHING4XH"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/IHING4XH"],"itemData":{"id":1648,"type":"book","ISBN":"978-1-4419-1014-1","publisher":"Springer US","title":"Measuring Time: Improving Project Performance Using Earned Value Management","URL":"https://books.google.com.pk/books?id=qvVYqCnl4RgC","author":[{"family":"Vanhoucke","given":"M."}],"issued":{"date-parts":[["2009"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Vanhoucke, 2009). The development of appropriate performance measurement metrics is the first stage to successfully identify factors of change or control in the scenario of project scope, schedules, and deliverables. The specific performance measurement techniques under this broad domain of project management can be examined in different forms.
Evaluation of Direct Impact
Assessment of the overall performance of the project is a necessary condition to make better inferences about the aspects of change in the scenario of project scope, schedule, or deliverables. Exploration of the size of influence is characterized as a business performance measure to evaluate the element of change for the phase of deliverables. The performance measurement of the direct impact made it possible to examine the entire form of the project's success. This performance measurement determines in the form of size of difference that exists in level of performance before and after the project's entire period.
Return on Investment (ROI)
Return on Investment (ROI) is categorized as one mandatory performance measurement technique to examine the suitability of the project. This idea of measurement is useful to identify control changes significantly for the phase of the project scope. It is helpful to examine the overall feasibility of the project. The assessment of the cost for the project is an integral condition of measurement of project performance. The criteria of ROI entirely focus on assessing financial benefits for the amount that is invested in a project. The financial balance is a basic condition under the domain of ROI concerning elements of cost and profit from the project. The focal point of this form of assessment measurement technique is to evaluate financial benefit from the specific form of the project divided by the spectrum of cost ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ysZVjWfu","properties":{"formattedCitation":"(Kerzner, 2011)","plainCitation":"(Kerzner, 2011)","noteIndex":0},"citationItems":[{"id":1649,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/AT9BUQK6"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/AT9BUQK6"],"itemData":{"id":1649,"type":"book","ISBN":"978-1-118-08477-9","publisher":"Wiley","title":"Project Management Metrics, KPIs, and Dashboards: A Guide to Measuring and Monitoring Project Performance","URL":"https://books.google.com.pk/books?id=QCnL2zA3E64C","author":[{"family":"Kerzner","given":"H. R."}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kerzner, 2011). The successful application of this assessment metric primarily associated with the contributing aspects of profit, cost savings, and the need for change during any phase of the project.
Data Analysis
Data analysis is a mandatory form of performance measurement for the stage of the project scope. It is vital for project planners to regularly adopt the option of data analysis by keenly examining various monetary and non-monetary factors. The need for change during the phase of project scope can only be assessed by opting for the prospect of data analysis. The objective of right fit for project scope is determined by evaluating various forms of financial position of project.
Schedule Performance Index (SPI)
The performance measure of SPI is defined as one essential condition to determine the overall feasibility of the project’s schedule. It is an approach of measurement that identifies how close the project is being accomplished considering the standard of schedule. The calculated ratio of SPI attained by dividing the budgeted cost of completed work with the planned value. The financial measurement as SPI provides a clear indication to identify the need for change or control mainly during the stage of the project schedule. Evaluation of financial feasibility of the project is a mandatory requirement to develop a standard of change according to the needs of project.
Cost variance
Cost variance is defined as another criterion of performance measurement to successfully identify the elements of change or control under the spectrum of project deliverables. This metric is used to examine the existing difference between the factors of the planned budget and the real cost of the project ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"S9QeCtod","properties":{"formattedCitation":"(Schwalbe, 2008)","plainCitation":"(Schwalbe, 2008)","noteIndex":0},"citationItems":[{"id":1650,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/VHBSAPP7"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/VHBSAPP7"],"itemData":{"id":1650,"type":"book","ISBN":"978-1-4239-0220-1","publisher":"Course Technology","title":"Introduction to Project Management, Second Edition","URL":"https://books.google.com.pk/books?id=3Bvo1CVCsVoC","author":[{"family":"Schwalbe","given":"K."}],"issued":{"date-parts":[["2008"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Schwalbe, 2008). This form of assessment is vital to make better inferences about the success of the entire project. The standard of cost variance is defined as cost variance (CV) = Budgeted Cost of project Operations – Actual Cost of Project Work.
Schedule Variance
The objectives of identification or control of changes to the project schedule can be successfully achieved through the active consideration of budgeted and scheduled project work. This form of assessment significantly indicates the current positioning of the project, whether it accomplishes the project work according to projection, or there is a need for offering any new practical measure.
Conclusion
To conclude the discussion on the consideration of different performance measurement techniques, it is vital to indicate that different phases of the project require an active form of evaluation. Assessment of project performance is an integral approach to identify the need for change and propose suitable practical strategies. Cost assessment is imperative to ensure the successful execution of the project.
References
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Kerzner, H. R. (2011). Project Management Metrics, KPIs, and Dashboards: A Guide to Measuring and Monitoring Project Performance. Retrieved from https://books.google.com/books?id=QCnL2zA3E64C
Schwalbe, K. (2008). Introduction to Project Management, Second Edition. Retrieved from https://books.google.com/books?id=3Bvo1CVCsVoC
Vanhoucke, M. (2009). Measuring Time: Improving Project Performance Using Earned Value Management. Retrieved from https://books.google.com/books?id=qvVYqCnl4RgC
Subject: IT
Pages: 3 Words: 900
Common Problems Faced by System Analysts and Possible Solutions
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Institutional Affiliation(s)]
Author Note
Common Problems Faced by System Analysts and Possible Solutions
System analysts are the IT professionals who ensure the proper and effective functioning of the computer systems and infrastructures while working on higher levels in an organization. Their fundamental responsibilities include complete and thorough research of problems, finding optimized solutions, explaining the series of necessary actions, and finally managing different stakeholders from different backgrounds for achieving the system requirements. They examine the current working system and procedures of an organization and develop response plans according to its requirements CITATION CAR17 \l 1033 (WILSON, 2017).
Both for the progress and security of a company, the role of the system analysts is extremely important. However, they often face many challenges due to increased system requirements from different kinds of stakeholders. Some of those problems faced by the System Analysts and the alternative actions that can be taken in order to avoid them are explained below:
Analyzing Loads of Data
It’s the nature of the job of a System Analyst to deal with a large amount of data and analyze it according to the specific requirements within a short interval of time. This hustle can easily lead to developing a state where the System Analysts are unsure of the starting and ending points of their analysis. The condition of over-analyzing arises when the System Analysts are CITATION Ste13 \l 1033 (Famuyide, 2013):
Unclear and ask multiple questions for getting clarification.
Unsure of the requirements and confirm them again and again.
Expand the phase of analysis instead of dealing it iteratively.
Develop excessive models and artifacts
Solution
To deal with a ton of data in a short time, the System Analysts should approach their cases iteratively instead of a long process of trying to get clarification regarding the requirements. Some personal level skills like time management and prioritization of tasks are tested here. An efficient System Analyst is one who filters out irrelevant information and utilizes only the necessary relevant information to develop an effective working solution CITATION Ste13 \l 1033 (Famuyide, 2013).
Skills and Knowledge
System Analysts often face situations in which they have to interact and deal with business-specific terms. Technology and Business are the two very big fields covering multiple areas of knowledge that the System Analyst is expected to have a command on. Focusing more on one of these two aspects will consequently lead to the detriment of another. Some of the main questions which arise here are CITATION Ste13 \l 1033 (Famuyide, 2013):
How can a System Analyst, having a technical background is supposed to have a good grasp of the business domain?
How can a System Analyst cope up with the anticipated changes when shifting his focus from the methods of designing the structured systems to the object-oriented design and analysis?
How can a System Analyst modify his working process by shifting from the Waterfall methodology to an Iterative/Agile one?
Solution
System Analysts, along with the knowledge of the latest technology, should continually try to learn more about the industry and business. However, there is no single path to get the desired knowledge and skills. The task is not easy and very challenging but can be dealt with effectively with the help of proper training. Also, for the companies hiring System Analysts, finding the capable and right person can also be difficult. A newly hired employee should be provided with the necessary training or tools before his appointment. The companies should provide System Analysts with a clear career path and an opportunity to nurture and strengthen their skills CITATION Ste13 \l 1033 (Famuyide, 2013).
Unresponsive Stakeholders
In situations involving information overload, many stakeholders don’t share their information with the System Analysts. It is important in these cases for System Analysts not to consider it personal CITATION Ang12 \l 1033 (Wick, 2012). There are numerous reasons for the uncooperative behaviour of the stakeholders. Some of them are:
Lack of Healthy Trade of Knowledge
Many stakeholders don’t respond effectively to the Systems Analyst as they (stakeholders) are not provided with the basic draft/outline of the proposed project by the System Analyst.
Past Experiences
If any stakeholder has any bad past experiences with a System Analyst of a particular company, then he might question the ability of current analysts from the same company.
Unexplained Effectiveness
The stakeholders consider it useless to spend money on a project which is not properly explained to them by the analysts. System Analysts often fail to properly guide the stakeholders about the overall productivity and effectiveness of the projects under process.
Solution
An effective solution to this problem is by altering and modifying the technique of asking. A System Analyst must understand the fact that every stakeholder cannot be dealt with in the same way. They might encounter stakeholders who don’t prefer to have too many meetings. Such clients should be directly asked for the relevant information required. If a System Analyst is able to effectively communicate with the stakeholders by successfully finding a mutual field of interest, then there is a greater chance of them (stakeholders) sharing information. The System Analysts should try to begin their meetings by an icebreaker activity to ensure that the stakeholders are comfortable and clear on the overall motives and profits of the project. As he (System Analyst) proceed with the project tasks, he should keep in touch with the stakeholders by informing them about the success stories so far, and the predicted benefits of the project to get their support, confidence, and trust. As an extreme case, if the stakeholder is still unresponsive, the System Analyst should approach the higher authorities for the solution CITATION Ste13 \l 1033 (Famuyide, 2013).
References
BIBLIOGRAPHY Famuyide, S. (2013, April 29). Common Problems Faced by Business Analysts and Possible Solutions. Retrieved from Business Analyst Learnings: https://businessanalystlearnings.com/blog/2013/4/29/common-problems-faced-by-business-analysts
Wick, A. (2012, April 9). Is A Systems Analyst A Business Analyst? Retrieved from BA Times: https://www.batimes.com/angela-wick/is-a-systems-analyst-a-business-analyst.html
WILSON, C. (2017). Roles and Responsibilities of System Analyst. Retrieved from Vocal: https://vocal.media/journal/roles-and-responsibilities-of-system-analyst
Subject: IT
Pages: 3 Words: 900
Impact of poverty on global food security and the potential technological solutions
Student’s Name
Institution
Date
Introduction
Food security has been a critical issue globally. Food security is referred to as the lack of distribution, availability, and accessibility of food. According to (), food is available globally but the main problem is the accessibility of the food especially in the developing countries and therefore, this result in a high rate of poverty. Lack of enough food can result in a high rate of poverty and therefore, poverty has a serious impact on food security globally. People need to be healthy and have the resource to work to produce needed food to support global demands. It is, therefore, evidence that poverty and food security are directly interlinked. Without enough income, people cannot grow food due to lack of resources. Poverty also makes people ill and therefore, many people cannot have energy and what is required to grow enough food to feed the growing population.
Food security means having enough food years around. It means that the people are able to access nutritious, sustainable and affordable food. Michael (2018) pointed out that few countries globally have managed to avail food throughout the year. But in developing countries, the problem of food is still high and many lives are still being lost as a result of the availability of food. The reason there is a high level of food in developing countries is high poverty index. For instance, countries like Somalia CITATION CarTY \l 1033 (Gonzalez, 2014). Chad and South Sudan have been listed as countries with a high rate of food insecurity. And according to the World Bank report on poverty, these countries have the highest rate of poverty global. This could mean that poverty caused food insecurity and because of high poverty, a country cannot be able to produce enough food to sustain her citizens. It is, therefore, important to start that poverty has a direct effect on food security. Poverty is one of the global challenges to food security globally and therefore, in order to address the food insecurity it is important to address the poverty index, which affects the majority of people.
It is estimated that over 1.8 billion out of 7 billion people live in extreme poverty. Studies have also shown that with poverty people cannot work hard to get food. Many people who live in extreme poverty do not have a resource to utilize in getting their own food and this makes it difficult to solve the problem of food insecurity globally. Poverty also decreases the ability of a country to develop its own agricultural market and economies. It is, therefore, it widens the gap making a country to continue to depend on food donations from other countries CITATION Raf17 \l 1033 (Pérez-Escamilla, 2017). It is, therefore, means that poverty increases the food insecurity. It could be the reason why countries, which experience extreme poverty, are closely associated with a high rate of insecurity besides food insecurity. It is evident that poverty increases food insecurity due to the inability of people to work and produce enough food due to various illness related to poverty. The question many people asked, how poverty and food insecurity could be addressed amicably.
The solution of global food insecurity could be the utilization of technology to produce enough food which can feed the growing population. Technology is regarded as the application of modern machinery and other technology-related techniques to produce more food, which can food the entire growing population. Technology can be sued to fight various aspects of factors, which lead to high poverty in the country. According to the United Nations 43, technology can be used to combat abiotic and biotic related issues, raise, and stresses crop and livestock productivity. Technology can also be used to improve soil fertility and make water available for the production of food and therefore, technology is the best technology, which can be applied to address the issue of food insecurity. Technology is also needed storage, transport, refreshing and agro-processing innovation. And therefore, without the use of technology, solving the problem of food insecurity could be a difficult task. Therefore, technology provides the best alternative measures, which can be applied universally to completely address the problem of food insecurity CITATION Pat14 \p 32 \l 1033 (Michael, 2014, p. 32). With the introduction of advanced technology, it would be helpful for key stakeholders to reach the decision together to solve the problem of poverty to have the way system, is managed. Technology has also helped the introduction of advance planting, spraying chemical, and tilting the land. This means that technology is the key solution to the problem of food insecurity and with efficient analyze and application of various advanced technology the problem of food insecurity could be addressed.
In conclusion, poverty negatively impacts food security. Studies have pointed out that high level of poverty increases the insecurity and therefore, in order to address the problem of food security, the world must solve the problem of povert CITATION Mic14 \l 1033 y (Potters, 2014)y. Countries with high poverty index experience a high rate of food insecurity and therefore, it means that poverty and food security are directly related and therefore, addressing the problem of poverty requires serious coordination among the world bodies and the involvement of key government departments. In rural setup, women are the most affected people. The poverty index in the community especially in the villages is high and the high rate is directly associated limited access to the facilities, which can be used to create wealth and this will helped in eliminating poverty.
Reference
BIBLIOGRAPHY Gonzalez*, C. G. (INSECURITY). Journal of Law & International Affairs. WORLD POVERTY AND FOOD, 2-15.
Michael, P. (2014). Food Security and International Organization. Journal of food and nutrition, 2-31.
Pérez-Escamilla, R. (2017). Food Security and the 2015–2030 Sustainable Development Goals: From Human to Planetary Health: Perspectives and Opinions. https://academic.oup.com/cdn/article/1/7/e000513/4259862, 2-18.
Potters, M. (2014). Food security, food sovereignty, and sustainable agriculture. Journal of Business and information system, , 2-18.
United Nations. (2017). The role of science, technology, and innovation in ensuring food security by 2030. Commission on Science and Technology for Development, 2-31.
Subject: IT
Pages: 3 Words: 900
Who Needs an Information Security Program?
[Author’s name]
[Institute’s name]
Who Needs an Information Security Program?
Purpose
Proper application of the information security program is essential for Red Clay Renovations Company to meet the objectives of necessary data protection. It is noteworthy to indicate that the practical idea of developing an information security management system is linked with the consideration of specific standards. The management of the organization must have a clear understanding of the main standard of the projected security program. This specific approach is crucial to ensure corporate benefits for the company by enforcing a proper information security program.
Discussion
Background of the Standard
A comprehensive valuation of standard is useful to guarantee consistency during the phases of implementation and measurement of the information security program for Red Clay Renovations. ISO/IEC 27001 is recognized as the accurate combination of various standards that play their role as the guiding principles for organizations to formulate an information security management program. All the crucial requirements of an information security management system (ISMS) can be successfully attained through the practical perspective of ISO/IEC 27001 standard. The main focus of ISO is to formulate documents comprising essential requirements, specifications, characteristics and guidelines for companies ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"wYx970yZ","properties":{"formattedCitation":"(ISO, 2019)","plainCitation":"(ISO, 2019)","noteIndex":0},"citationItems":[{"id":1445,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/92M63DZL"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/92M63DZL"],"itemData":{"id":1445,"type":"webpage","title":"Standards","container-title":"ISO.Org","author":[{"family":"ISO","given":""}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (ISO, 2019). The adoption of security standards is vital to meet the requirements for building, evaluating and improving an information security management system.
Benefits of Implementing a Formally Documented ISMS
It is indispensable for the management of the company to identify the potential benefits of implementing a formally documented ISMS. This form of assessment is critical to successfully obtain available opportunities and avoid different risk factors. Exploration of potential benefits of the proposed system, is essential to meet the standards of secure information systems in the organization. Application of the documented ISMS, is critical for the company to avail objectives of risk management. The practical approach of ISMS can be helpful to govern responsible entities within the organization when it comes to access particular data ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ogsRvJxy","properties":{"formattedCitation":"(Ahmed, 2017)","plainCitation":"(Ahmed, 2017)","noteIndex":0},"citationItems":[{"id":1447,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/MYWME9QA"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/MYWME9QA"],"itemData":{"id":1447,"type":"webpage","title":"COBIT 5 for Risk- A Powerful Tool for Risk Management","container-title":"ISACA.Org","author":[{"family":"Ahmed","given":"Sheikh Adnan"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ahmed, 2017). Furthermore, the idea of ISMS closely associates with the broad approach of information security. The idea of ISMS provides detailed knowledge about the proper handling and transmission of specific information. The motive of business endurance can also be achieved through the practical approach of the ISMS according to a suitable standard. A continuous assessment of the system makes it possible to offer the required changes effectively. The problem of data breaches can be correctly addressed through the smooth functioning of different business operations according to standards of ISMS.
Standard’s Requirements
Identification of the specific standard’s requirements for making policies is imperative to provide the necessary support to the entire information security program. Suitable alignment of the standard with the features of confidentiality, integrity and availability, is important to ensure proper application of the ISMS within the organizational context. The specific standard in the form of ISO/IEC 27001 plays its role as the criteria of specification for the information security system. Information shared in the form of standard, explicitly indicates what is expected from the practical approach of ISMS. A suitable code of conduct for the application of ISMS can be attained through the perspective of the relevant standard of the security system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"YAqLHfmM","properties":{"formattedCitation":"(ITGovernance, 2018)","plainCitation":"(ITGovernance, 2018)","noteIndex":0},"citationItems":[{"id":1446,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/7HFW26UA"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/7HFW26UA"],"itemData":{"id":1446,"type":"webpage","title":"Information Security & ISO 27001","container-title":"ITGovernance.Co.UK","author":[{"family":"ITGovernance","given":""}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (ITGovernance, 2018). The adoption of a structured approach is another critical requirement associated with the practical consideration of standards in the case of ISMS projects within an organizational setting.
In final remarks, it is significant to illustrate that proper application of an ISO/IEC 27001 compliant Information Security Program is essential for the organization to achieve the purpose of proper information security. The application of ISMS provides a framework to ensure appropriate management of data security within an organizational setting. Attainment of the information security controls eventually helps the organization to successfully manage people, procedures and the prospect of technology within an organizational setting.
References
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Ahmed, S. A. (2017). COBIT 5 for Risk- A Powerful Tool for Risk Management. Retrieved from:
http://www.isaca.org/COBIT/focus/Pages/cobit-5-for-risk-a-powerful-tool-for-risk-management.aspx
ISO. (2019). Standards. Retrieved from:
https://www.iso.org/standards.html
ITGovernance. (2018). Information Security & ISO 27001. Retrieved from:
https://www.itgovernance.co.uk/files/Infosec_101v1.1.pdf
Subject: IT
Pages: 2 Words: 600
Need for Separate System Security Plan for Each Field Office
[Author’s name]
[Institute’s name]
Need for Separate System Security Plan for Each Field Office
Summary
The corporate organization of Red Clay Renovations is focused on delivering different remodeling services in the form of housing structures. It is vital to indicate that the business operations of this company, established in different countries, eventually increase the corporate horizon for the organization. The business positioning of this company involved the functioning of field offices, located in different geographical areas. Information security, is one major indicator for the company to ensure the success of the business ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"gdKZ038l","properties":{"formattedCitation":"(Nieles, Dempsey, & Pillitteri, 2017)","plainCitation":"(Nieles, Dempsey, & Pillitteri, 2017)","noteIndex":0},"citationItems":[{"id":1449,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/H2QBCTXZ"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/H2QBCTXZ"],"itemData":{"id":1449,"type":"report","title":"An introduction to information security","publisher":"National Institute of Standards and Technology","author":[{"family":"Nieles","given":"Michael"},{"family":"Dempsey","given":"Kelley"},{"family":"Pillitteri","given":"Victoria"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Nieles, Dempsey, & Pillitteri, 2017). The development of an explicit security plan gives all the stakeholders a brief understanding of the actual aspects of concern and offers better practical measures. It is significant to examine why it is important for the organization to offer a separate system security plan, in case of each field office. In other words, the practical implications of one system, can never be considered feasible for the business operations of another field office.
Briefing Statement
A system security plan (SSP) is characterized as the document that is helpful to illustrate different functions and aspects relevant to the entire information system. The prospects of hardware and software connections are greatly linked with the practical spectrum of SSP. The business functioning of Red Clay Renovations Corporation actively associated with the practical idea of SSP to meet the potential performance targets in field offices. The document in the form of SSP provides comprehensive information about the overall description, boundary, architecture, and control domains under the overall spectrum of the system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Mhf3dFz8","properties":{"formattedCitation":"(Bowen, Hash, & Wilson, 2007)","plainCitation":"(Bowen, Hash, & Wilson, 2007)","noteIndex":0},"citationItems":[{"id":1590,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/55VZGGR9"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/55VZGGR9"],"itemData":{"id":1590,"type":"paper-conference","title":"Information security handbook: a guide for managers","container-title":"NIST SPECIAL PUBLICATION 800-100, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY","publisher":"Citeseer","author":[{"family":"Bowen","given":"Pauline"},{"family":"Hash","given":"Joan"},{"family":"Wilson","given":"Mark"}],"issued":{"date-parts":[["2007"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Bowen, Hash, & Wilson, 2007). The complete information on system packages is possible through the successful development of SSP.
Purpose of System Security Plan
It is significant to determine the fundamental need for developing a system security plan for the organization. The central aim of establishing SSP is to successfully ensure proper protection of the entire range of information security systems. The application of all the security system resources needs to be properly aligned with the broad domain of SSP. The documentation of information security protection is an integral practical measure, to determine the performance level of different security elements.
The successful implications of SSP can be observed by developing a different system security plan, in case of different field offices of Red Clay Renovations. There is a need for establishing a separate security plan for each field office to successfully meet desired forms of security requirements. The practical idea of security system plan is based on critical evaluation of data integrity and proper confidentiality of the entire security system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"wWAFCveg","properties":{"formattedCitation":"(Swanson, 1998)","plainCitation":"(Swanson, 1998)","noteIndex":0},"citationItems":[{"id":1589,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/YIRV7JCT"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/YIRV7JCT"],"itemData":{"id":1589,"type":"report","title":"Guide for developing security plans for information technology systems","author":[{"family":"Swanson","given":"Marianne M."}],"issued":{"date-parts":[["1998"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Swanson, 1998). It is vital to establish a separate system security plan for different field offices to ensure proper protection in the forms of confidentiality level, integrity, and proper dissemination of information between different stakeholders.
The need for Separate System Security Plan
It is recommended for the policymakers to develop a separate system security plan for each field office, because it presents the unique form of information control. Different duties and job tasks of workers also evaluate through the framework of SSP, concerning the objective of information protection. Important system information in the forms of the system owner, name of the system, list of controls, and overall process of the system is also related to practical implications of SSP. Access control methods, in the case of each field office, also determine through the documented form of SSP ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"quyZmEzv","properties":{"formattedCitation":"(Force & Initiative, 2013)","plainCitation":"(Force & Initiative, 2013)","noteIndex":0},"citationItems":[{"id":1588,"uris":["http://zotero.org/users/local/7Hi3kAOD/items/GBPZDAN6"],"uri":["http://zotero.org/users/local/7Hi3kAOD/items/GBPZDAN6"],"itemData":{"id":1588,"type":"article-journal","title":"Security and privacy controls for federal information systems and organizations","container-title":"NIST Special Publication","page":"8-13","volume":"800","issue":"53","author":[{"family":"Force","given":"Joint Task"},{"family":"Initiative","given":"Transformation"}],"issued":{"date-parts":[["2013"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Force & Initiative, 2013). This idea of data protection requires critical scrutiny of passwords, digital cards, and the approach of biometrics under the domain of a separate system security plan, for each field office. Strengths and weaknesses of the information system can also be effectively observed through the development of a distinct security plan of action.
References
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Bowen, P., Hash, J., & Wilson, M. (2007). Information security handbook: A guide for managers. NIST SPECIAL PUBLICATION 800-100, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Citeseer.
Force, J. T., & Initiative, T. (2013). Security and privacy controls for federal information systems and organizations. NIST Special Publication, 800(53), 8–13.
Nieles, M., Dempsey, K., & Pillitteri, V. (2017). An introduction to information security. National Institute of Standards and Technology.
Swanson, M. M. (1998). Guide for developing security plans for information technology systems.
Subject: IT
Pages: 2 Words: 600
The OW organization is located at two different locations. First and main location is Houston, TX, and the second location is in Richmond, VA. In order to propose the solution fo integrating and configuring the Active Directory (AD) Updates, it is important to consider the provided specifications by the company. The company has 110 employees in their Houston and Richmond sites. There are 9 Executives who manage and execute the company. The Accounts and Sales Department has 30 employees, Creative, Media and Production Department has 49 employees, Human Resources and Finances has 12 employees in Houston, IT has 10 employees. The Networking equipment is already in place for both sites, which are separate AD Domains.
WS_2016 is recommended to be deployed for all the for performing the required the activities and features. In order to do so, the PowerShell is recommended to be used along with the WS_2016 to design the required network with required specifications. This is a desirable feature as MS has unfathomably increased the quantity of accessible PowerShell cmdlets to take into account progressively vigorous administration from the direction line (Saha et al. 2015). This should permit the IT staff to oversee organization resources through direction line interface and content out a dominant part of routine network the executives obligations. Besides, MS Server Administrator utility can remotely deal with various servers, up to hundred per cycle (Saha et al. 2015). This should enable the IT employees to deal with the whole association remotely without physically visiting every server just as taking out the requirement for the Remote Desktop Protocol (RDP) for the executives assignments. These two specifications should disentangle the network the executives for OW's little IT bolster staff all through the two locations. Different features, for example, the Storage Tiers is recommended to be used for users all through the association, especially the employees in the CMP division. These are only a couple of features that OW can exploit inside their association.
Server Configurations, Integration and Deployment
OW's network is recommended to be built with 24 all out dedicated hosts all through the endeavor to deal with hierarchical development throughout the following couple of years while being integrated to have vigorous fail over arrangements. This is recommended to be done to guarantee the organization can recoup from any specific disappointment while as yet fulfilling their hierarchical objectives. Services for OW's every day activities, for example, DHCP, DNS, file dedicated hosts, web dedicated hosts and print dedicated hosts is recommended to be given by these dedicated hosts. Moreover, the two locations is recommended to be reflected to enable each location to work if the WAN connection between the locations may malfunction, yet in addition for hierarchical purposes and simplicity of the executives by the little IT division. Whenever executed properly, OW's undertaking network can scale to their normal development while having unimaginably high unwavering quality.
The fundamental TX location is recommended to have two Domain Controllers (DC) named as TX_DOMCON1 and TX_DOMCON2. The essential area controller, TX_DOMCON1, is recommended to be integrated to execute Domain Name Services (DNS), Dynamic Host Control Protocol (DHCP) just as performing the job of DC. TX_DOMCON2 is recommended to be a duplicate of TX_DOMCON1 and should act as a reinforcement if there should be an occurrence of corruption or dedicated host disappointment. Both DCs should execute the Dedicated host Core rendition of WS_2016 with the GUI. The AD job should be introduced to give Directory Services along having the capacity to compose and deal with the association using bunch strategy talked about later in the proposition. Also, TX_DOMCON2 is recommended to be assigned as a Global Catalog to help in a seeking to be done all through the other location, decreasing the weight on the essential DC.
As the HR and Audit&Finance division should manage very sensitive financial information for the organization, they is recommended to have their very own selective file dedicated host, TX_HR_AF1, which is recommended to be upheld up to TX_HR_AF2. Full reinforcements is recommended to be directed week after week with differential reinforcements happening each night. Shares is recommended to be facilitated on this dedicated host with authority connected to just permit individuals from the HRs and Audit&Finance division access to any resources on it.
The other division to have their own devoted file dedicated hosts is the CMP employees. Like the Finance division, there is recommended to be an essential dedicated host and a reinforcement, TX_FIN_CMED1 and TX_FIN_ CMED 2. These dedicated hosts should likewise pursue a similar reinforcement plan as the Finance division just as having its offer accesses secured to just those employees inside the division. Capacity pools is recommended to be created to execute capacity levels on the essential file dedicated host. Different customary mechanical HDD and SSD is recommended to be appointed to the capacity pool. The SSD level is recommended to be integrated to house the most habitually accessed information while the HDD level should house information accessed less regularly. The capacity level streamlining undertaking is recommended to be booked to execute each night amid off hours.
The rest of the personnel at the TX location should use a single file dedicated host TX_FIN1, which should likewise be sponsored up to TX_FIN2 in a way like the Finance and Creative divisions. Capacity on this dedicated host is recommended to be part among different divisions and shares is recommended to be enforced using the File Dedicated host Resource Administrator. Using this strategy for amount the board should enable the IT division to halfway control and screen the day by day stockpiling resources and produce stockpiling reports to break down circle utilization patterns (Saha et al. 2015). Users is recommended to be set up for home organizers settled under their respective division share with access being conceded just to those individuals from the division, and every user of that division just approaching their very own envelope through use of NTFIN authority. Users should all be given a similar measure of room at first and development solicitations is recommended to be investigated. Because of the further developed features of FINRM when contrasted with NTFIN amounts, authoritative notice contents can be set to execute when a user nears their allotted portion limit (Thaler et al. 2012). The IT division should execute a semi-computerized process with authoritative contents once these amounts are met to trigger a portion increase demand process. All file dedicated hosts in the network is recommended to be introduced with Dedicated host Core with with graphical interface.
Having an open presence on the internet is recommended to be significant for OW to increase new customers and enable their business to develop throughout the following couple of years. Organization mail dedicated hosts should likewise be expected to impart inside and interface with their clients also. The TX location is recommended to have their own devoted mail and web dedicated hosts, with TX_MED1 and TX_WEB1 acting as essential, and TX_MED2 and TX_WEB2 being reflected reinforcements for their respective jobs. These dedicated hosts should execute the Dedicated host Core release of WS_2012 because of its dependability upgrades just as it being naturally more secure than different releases of WS_2016 due to far less operating services without complete graphical variants (Ramjee et al. 2000). Open confronting resources, for example, mail or web dedicated hosts, are frequently the primary purpose of digital assaults and Dedicated host Core should decrease the assault impression.
The VA location is recommended to have the exact same configuration as the essential TX location as found in the network outline underneath. Reinforcement arrangements and adaptation to non-critical failure were worked in to this proposition to forestall vacation for the network and avoid monetary misfortune for the organization. If any one hub inside the network falls flat, OW can proceed with their everyday operations while resolutions are created and actualized by the IT division. This configuration was picked to have the most extreme unwavering quality and adaptation to non-critical failure which is recommended to be pivotal for a developing association. A disentangled outline of OW's network can be seen beneath to show how their network could be organized to accomplish the objectives of this deployment proposition.
Network Plan
257302013271500
2971800296091
center451485
2939143116024center437424Internet
Internet
31568574527543102247441869729343398326right35496500
65314398606Branch 1 …
Branch 1 …
320039944178186145711521left1669200
5126627408033Warehouse n
00Warehouse n
3646714201658Warehouse 1
00Warehouse 1
2677885202021VLAN
VLAN
118645227731400
center106140040712571070400
28266515694Branch n
Branch n
AD and Associated Policies
OW's network ought to incorporate two domains inside a solitary timberland, one for each location. The TX location is recommended to be OW.com and the VA location is recommended to be north.OW.com with each new location that OW works later on following a similar structure. DCs is recommended to be placed in each location for the executives inside their domain. Subdivision in AD is recommended to be used for relationship with AD with each division having their own one of a kind subdivision settled under their domain. Advertisement articles is recommended to be made for each user and is recommended to be formed by occupation employment and put into their particular OUs. PC inquiries inside AD should seek after a practically identical structure. This is to guarantee appropriate affiliation, use of Group Policy, and effortlessness of network the executives all through the domain.
Software programs required all through the affiliation is recommended to be conveyed utilizing bunch arrangement, if the amount of representatives that require it are adequately high or it isn't feasible for the IT division to physically visit every PC for foundation. This should be conceivable with the gathering strategy the executives console inside WS_2016. Groups can be coordinated that ought to send .msi documents and is recommended to be presented upon next PC reboot, if the arrangement was incorporated under the PC design segment of the GPO the executives boss.
To keep up an anomalous condition of security all through the endeavor, a strong access code strategy is recommended to be painstakingly authorized. Strong access codes that are frequently changed is recommended to be used as access codes are reliably vulnerable, especially in the midst of access code task, the executives, and use (Vange et al. 2015). OW workers is recommended to be required to have an entrance code of something like 10 characters in length with a mix of blended case characters, unprecedented characters, and numbers. Access code age limits is recommended to be set in the entrance code approach for a most outrageous age of forty five days and a base age of thirty days. An entrance code log record of ten is recommended to be set to keep users from cycling back to as of late used access codes quickly. This ought to guarantee that if any user accreditations are undermined, they won't be of use to an undetected poisonous user for long.
Despite the general access code approach just discussed, the executives ought to moreover be at risk to a fine-grained get to code arrangement for security reasons. Fine-grained get to code approaches should consider different access code strategies to impact various users all through a domain (Saha et al. 2015). OW ought to presumably use this component of WS_2016 to implement more grounded access code limitations upon select users, the IT division in this circumstance. Additional multifaceted nature, get to code log record, least and most noteworthy access code ages, similarly as expanded access code length necessities is recommended to be upheld upon these workers to verify the corporate network. In case of a network burst, accounts with high power or expert, for instance, the people from the IT division, is recommended to be the principle gathering to be focused by malicious users. By having every now and again changing and complex access codes, this should build the perfect open door for access codes to be broken similarly as abbreviate the available time for them to be used by vindictive computerized entertainers.
Additional safety efforts to be upheld should join the hindering of user accounts following 10 days of no movement. Record crossing out ought to happen following 30 days of idleness, with the exception of if prior plan is made through the IT support division. This is recommended to be done to guarantee access to network and companions assets remain secure from dangerous ambushes. In addition, account logon hours is recommended to be associated as constrained by the representatives' typical work hours with an hour of support time toward the start and end of their conventional work day.
Despite the hardware firewalls starting at now set up, the use of Windows Firewall is recommended to be associated with each PC inside the relationship through gathering approach and principles is recommended to be uniquely fitted to each division. For example, outbound traffic from the HRs and Finance division user workstations to the CMP document dedicated host is recommended to be blocked. Uncommon prudent steps for the open standing up to establishment, for instance, the mail and web dedicated hosts, is recommended to have extra confinements put on them for additional security. For example, drawing nearer ICMP traffic from the open web is recommended to be impeded to forestall against Denial of Service (DOS) strikes. Windows Defender should in like manner be dynamic on all worker workstations all through the venture similarly as every dedicated host. The right arrangement of the hardware and software firewalls and MS's security thing should shield OW from different advanced risks. These are just a few approaches spread out to begin the hardening of the network and the IT division ought to make others as they see fit.
Print Services
The print and record administrations work is recommended to be presented on the fundamental document dedicated host at each location, TX_FIN1 and VA_FIN1, with various print devices arranged all through the earth. Specifically, there ought to at first be two print contraptions arranged inside each division to suit printer pooling as a techniques for weight altering the print occupations between the various users. Any representative should no doubt print to other print contraptions outside of their division, anyway they is recommended to have a lower need than workers utilizing their own special division assets.
DNS and DHCP
IPv4 addresses is recommended to be used all through the relationship for straightforwardness of the executives as that is still commonly used today. Later on when OW creates and overall determination rates of IPv6 increment, reconsideration of tending to ought to occur. As there is recommended to be many network-essential contraptions all through the endeavor network, for instance, document dedicated hosts, printers, and DCs, these PCs should all be apportioned static IP addresses rather than have DHCP reservations. This is recommended to be done to guarantee that fundamental contraptions are always reachable if there ought to be an event of a DHCP dissatisfaction. Various devices, for instance, representative workstations, association PCs, or other mobile phones is recommended to have address the board performed utilizing DHCP. Augmentations is recommended to be incorporated to have lease ranges of sixteen hours. This ought to guarantee that a location task covers a full work day while up 'til now being short enough to keep the pool of available locations from operating low from PDAs entering and leaving the network for the term of the day. DNS and DHCP administrations is recommended to be managed by the basic DCs of each location, separately. Those dedicated hosts ought to in like manner go about as a support for their second location dedicated hosts in the contrary location for failover plans in case of dedicated host disillusionment or debasement. The eighty/twenty rule is recommended to be associated inside each augmentation; the basic DHCP dedicated host gives commonly eighty percent of the addresses inside its degree with the auxiliary giving the remainder of the addresses. This is recommended to be done to give address task in circumstances where the basic DHCP dedicated host is unfit to satisfy its administrations (Vange et al. 2015).
Summary
In summary, the network framework and hardware is recommended to be set up at the two locales in a reflected way to give straightforwardness of the board to the IT division despite thinking about basic improvement all through the accompanying couple of years. The various domains and predictable structure of AD ought to encourage the weight of affiliation and association of the undertaking network. Each dedicated host is recommended to have a given support dedicated host for examples of machine disillusionment, defilement, or other disaster. Security rehearses, for instance, the entrance code arrangement, use of Windows security software, and additional firewall confinements ought to guarantee that the association touchy business matters are verified. Assessing moderately, the IT division could complete the basic setup inside seven days. While this network sending may give off an impression of being outrageous, OW is a creating endeavor that requires an answer that ought to more likely than not scale as their affiliation creates.
References
Saha, S., Nandi, S., Paul, P. S., Shah, V. K., Roy, A., & Das, S. K. (2015). Designing delay
constrained hybrid ad hoc network infrastructure for post-disaster communication. Ad Hoc Networks, 25, 406-429.
Thaler, D., Draves, R., Matsumoto, A., & Chown, T. (2012). Default address selection for
internet protocol version 6 (IPv6) (No. RFC 6724).
Ramjee, R., La Porta, T. F., Salgarelli, L., Thuel, S., Varadhan, K., & Li, L. (2000). IP-based
access network infrastructure for next-generation wireless data networks. IEEE personal Communications, 7(4), 34-41.
Vange, M., Plumb, M., Kouts, M., & Wilson, G. S. (2015). U.S. Patent No. 9,185,185.
Washington, DC: U.S. Patent and Trademark Office.
Stewart, B. B., Thompson, J., & McClelland, K. E. (2012). U.S. Patent No. 8,250,167.
Washington, DC: U.S. Patent and Trademark Office.
Subject: IT
Pages: 9 Words: 2700
[Writer’s Name]
[Instructor’s Name]
ENG 101 0W1
September 16, 2019
Wireless Network Security
The prevention of unauthorized access or potential damage to a computer by utilizing wireless networks is known as wireless security. Due to the increasing use of technology, hackers are becoming more and more advanced that can lead them to easily exploit the system’s vulnerability. Thus using wireless security is becoming more important these days. Generally, endpoint security is the one that is exploited by the hackers. So to make endpoints computer secure there is a tool known as a wireless protector. This tool automatically disables both endpoints and wireless devices when Ethernet is detected on computers and re-enable the devices when an Ethernet connection is disconnected. This software facilitates in providing a secure IT environment from untrusted devices. It can be deployed using a software management console or by a third party deployment system. By just installing remote service the software can secure multiple computers while also provide several other features such as auto-scanning, auto-discovery and easy to use administration interface. It can secure several endpoint services such as Bluetooth, wireless 802.11, wireless phones, modems and broadband (3G or 4G/WiMAX). It can also help in securing windows 10, 8, 7 and Vista. ("Auto Disable Wireless When Connected To LAN - Windows Mac").
Key features
It disables wireless when docked.
It disables devices when LAN is connected
Disable wireless on Mac-OS X
Disable wireless devices when Ethernet is detected.
Wireless computers discovery and scanning
It collects activity logging as well although that is optional depending upon the user.
System requirements
To install a product 800MHz processor is required.
Microsoft Windows XP, Windows 7
10 MB Hard disk free space must be available to install a product.
The software is not free although it is not costly as well. It has the option of the free trial but the above-mentioned requirements are needed to be fulfilled. So to install it on the computer was not possible for me due to a lack of processor speed. So, after an extensive search, I came across a tutorial that helps in explaining the downloading steps. Some screenshots are attached below:
Works Cited
"Auto Disable Wireless When Connected To LAN - Windows Mac". Lan-Secure.Com, 2019, http://www.lan-secure.com/WirelessAutoDisable.htm.
Subject: IT
Pages: 1 Words: 300
Wiretapping
[Name of the Writer]
[Name of the Institution]
Wiretapping
Main post
Wiretapping is the process of secretly monitoring telephone calls, cellular calls, fax or Internet-based communications. However, it is a very controversial topic because wiretapping is not considered as unethical due to the privacy rights of an individual. Wiretapping was a very old concept which was usually used by police in the early twentieth century to monitor telephone calls and telegraph. However, it's not an ethical act whether government agencies are doing this or anyone else. It will be totally unfair to monitor communications of a private citizen without revealing them. There are also wiretapping tools which are being used to monitor the traffic of the network (Diffie & Landau, 2009).
There are certain ways which are being used for spying on what others do. Many people think that their phone lines are safe but actually, they are not safe and anyone can listen to our phone calls. It is important to understand the basics of telephones before knowing how wiretapping works completely. One of the best ways to monitor telephone calls is to fit an in-line tap with a recording output to listen to the voice calls. There are also call recording software which allows to record calls manually or automatically by detecting sound on the VOX.
Follow up 1
A sniffer is a wiretapping tool which is used to analyze the traffic of the network. It monitors and detects problems in a network. Sniffer helps a network administrator to manage the traffic flow and keep it efficient. It can be used both for legally and illegally to detect traffic on a network.
Follow up 2
Wiretap Trojan is a program which is used to record VoIP calls secretly. Peskyspy is a wiretap trojan which is specifically built for monitoring and recording Skype calls. It intercepts audio on Skype call before it is encrypted and converts that into an MP3 file. After converting into an MP3 file the audio stream, it is saved on the victim’s machine.
References
Diffie, W., & Landau, S. (2009). Communications surveillance: Privacy and security at risk. Association for Computing Machinery.Communications of the ACM, 52(11), 42. Retrieved from https://search.proquest.com/docview/237061043?accountid=41759
Subject: IT
Pages: 1 Words: 300
Information Assets
[Name of the Writer]
[Name of the Institution]
Information Assets
Introduction
Information assets are considered to be the bodies of knowledge that are managed and organized as single entities. The matter of fact is that the information assets of an organization tend to have financial value like any other corporate asset. Such asset value tends to increase in direct relationship to the individuals who can be making the use of information. As the information undoubtedly has a little lifecycle, therefore, it results in depreciating over time. One thing that must be considered is that there is always a high chance for an asset to lose its value which depends upon the manner in which information is provided (Peltier, 2016). It is also based on the accuracy of the information. There are some organizations in which the non-usable information is considered as a liability. The classification of an information asset can be done to any criteria. The perfect example in such a scenario would be of the data that can be broken down. The implementation of a data classification system can be done for making the information assets easier to find, share and maintain.
The threat to Information Assets
At times when data is seen to be falling either under compliance or regulatory restrictions, the choice of cloud deployment tends to hinge. Such obligations often fall on the user or tenant. There are a number of threats to information assets, and all of them needs to be addressed.
Privacy Violations
One of the most common threats to information assets is a violation of privacy. Information privacy is considered to be a relationship between the dissemination and collection of technology, data, policial and legal issues that surround them. In other words, it is also known as data protection or data privacy . When it comes to the challenge of data privacy, it is for using data while protecting the personal information and privacy preferences of an individual. It has been observed that privacy violations tend to occur outside cloud computing (Kar et al., 2016). In a number of scenarios, cloud privacy information exposures have occurred in different organizations.
Compromise of Virtual Files and Hard Drive
There is no doubt that the theft of information assets may occur in different virtual environments. A VHD is used to store the entire hard drive contents. The matter of fact is that the VMs or disk image includes all structural elements and data. The disk image or VMs can be stored at a place where there is an access to the physical host. Therefore, it becomes quite easier to transport it on a USB flash. The VHD file can be accessed by an attacker, and it would not even require the attacker to enter the data centre.
Viruses
There is no doubt that a computer virus is quite dangerous and costly to deal with. It can happen anytime if there is not any proper protocol in place for protection. A virus acts as a program that has the tendency to replicate and execute itself. It can simply interfere with a computer and may harm the information assets. One of the reasons behind viruses being a major threat to information assets is their ability to steal and corrupt data.
Worms and Spam
Worms are seem to be quite similar to viruses as they can be harmful to the information assets, but there is a clearer difference between the two of them. Unlike viruses, a worm requires no user interaction for spreading itself. On the other hand, spams are the junk email that clogs up the business servers for annoying the recipients working in an organization. The reason why spam has become a computer security threat is that it tends to contain harmful links that may overload the mail server.
Strategies to Protect Information Assets
In the current scenario, there is a high need to focus on protecting information assets. The room for information assets is broader which results in increasing the threats. As the threats for information assets are vast in number, therefore, all of them needs to be addressed in order to make the information secure. There are certain strategies that can be adopted with regards to this.
Beware of Threats
In a number of scenarios, it has been observed that the information assets that lie inside an organization can manifest due to certain errors. There is a high need to create awareness in the organization regarding the risk factors that may occur due to spams. Proper training should be initiated to teach the issues that may come due to such threats (Peltier, 2016).
Updating Desktop Software
Every hacker is aware that a business rarely updates its software. There is no doubt that the software that is out of date often contain security flaws that can be exploited. In order to tackle such risks, there is a high need to protect the information, and there must be regular patches and updates applied to the software (Sittig et al., 2016).
Limiting the Outgoing Connections
In the current scenario, there is a high need to initiate the strategies for managing risks that are associated with the inbound traffic to the IT environment. One of the best approaches here would be to use virus scanning software or simply known as anti-viruses. Apart from this, a computer can easily be infected due to malware which can connect back to the attacker. The possible solution here would be to restrict the services that can be used by a user outside the organization. All of this can be done with the help of firewall connections.
Cloud Computing Decisions
Studies and research show that there is an increase in the cyber attacks which has ultimately become a challenge in order to keep up. Cloud computing solutions tend to offer reliable security. However, there are certain risks in association with cloud computing. Therefore, it becomes quite necessary to carefully evaluate these risks. There must be a proper system of data backup.
Ways to Respond to Threats
The threats in information assets are undoubtedly crucial, therefore, it becomes quite necessary to respond to each threat.
Threat 1: Privacy Violation
If an organization faces a threat of privacy violation in its information assets, the organization must not store the privacy information on the servers that tend to lack adequate control. In order to address this threat, the organization should not select any unverified cloud provider (Kar et al., 2016).
Threat 2: Compromise of Virtual Files and Hard Drive
It is quite important for protecting VHD files when it comes to the strategies of information security. There are three elements required for such protection. A limitation of access should be implemented to the host data stores on which the VMs are presented (Saunders et al., 2016). The second element is to implement the access logging to acknowledge when does a breach occur. The third and last element is to physically isolate the storage network as it may provide access only to host and storage devices.
Threat 3: Viruses
Viruses undoubtedly affect information assets to a great extent. However, they can be tackled by installing anti-virus software within the system of organization. This software will stop the viruses to spread in the system, and the performance of the system will be enhanced as well.
Threat 4: Worms and Spams
Worms and Spam over e-mails can be avoided by deleting the e-mails of the sender which the organization does not recognize. The attachments within the email must be scanned before downloading them. Anti-viruses will be helpful in the case of Worms and Spams.
References
Kar, J., & Mishra, M. R. (2016). Mitigate threats and security metrics in cloud computing. J Inf Process Syst, 12(2), 226-233.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Saunders, A., & Brynjolfsson, E. (2016). Valuing Information Technology Related Intangible Assets. Mis Quarterly, 40(1).
Sittig, D. F., & Singh, H. (2016). A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(02), 624-632.
Subject: IT
Pages: 4 Words: 1200
Intrusion Detection System for Citi Bank
Abhinav Khemani
School or Institution Name (University at Place or Town, State)
Executive Summary
Internet penetration into banking and financial sectors have changed the way people do banking. Information technology plays the role of utility in modern banks. Most of the banking is now powered by the internet. Increased use of the internet has also increased the security challenges for banks such as intrusions. Following measures are proposed for Citi bank to protect its systems.
Network intrusion detection system
Host-based intrusion detection system
Anomaly-based intrusion detection system
The paper describes the threats to existing systems and the benefits of implementing intrusion detection systems.
Introduction:
Modern financial systems heavily rely on the internet and related technologies. Most of the financial transactions are now powered by Internet-based banking systems. Citi bank has also adopted the latest information technologies to ensure business continuity. With the increased penetration of the internet into the financial sector, the security risks for these systems are also increased at an exponential rate. Banking systems are prone to intrusions from third parties such as cybercriminals and hackers ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"SkZzmM8g","properties":{"formattedCitation":"(Zheng, Zhou, Sheng, Xue, & Chen, 2018)","plainCitation":"(Zheng, Zhou, Sheng, Xue, & Chen, 2018)","noteIndex":0},"citationItems":[{"id":86,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/HJHCIFF9"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/HJHCIFF9"],"itemData":{"id":86,"type":"article-journal","title":"Generative adversarial network based telecom fraud detection at the receiving bank","container-title":"Neural Networks","page":"78-86","volume":"102","author":[{"family":"Zheng","given":"Yu-Jun"},{"family":"Zhou","given":"Xiao-Han"},{"family":"Sheng","given":"Wei-Guo"},{"family":"Xue","given":"Yu"},{"family":"Chen","given":"Sheng-Yong"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Zheng, Zhou, Sheng, Xue, & Chen, 2018). Hackers cost billions of dollars to financial sectors every year. As the security researchers are improving the defenses, the criminals are also developing more sophisticated attacks to compromise these systems. The most critical asset of a bank is the internal network of the bank. Citi bank has deployed firewall to protect the network, but it is not enough to protect the system from the latest attacks. The paper describes the threat types and their preventing solutions to the Citi bank. Implementation of these systems will help the Citi bank to save millions of dollars annually spent on the troubleshooting and system restoration efforts.
Literature Review:
There is no business that can be imagined without the implementation and reliance on information technology solutions. The fundamental purpose of an information technology system is to process the data. As every business includes some data processing, there are some businesses that deal with critical information such as personally identifiable information. Banking is one of the businesses that use information technology solutions to process personally identifiable information of the clients to provide them with customized service as per their requirements ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"rwhjhOrg","properties":{"formattedCitation":"(Kiwia, Dehghantanha, Choo, & Slaughter, 2018)","plainCitation":"(Kiwia, Dehghantanha, Choo, & Slaughter, 2018)","noteIndex":0},"citationItems":[{"id":87,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/4VILZU2T"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/4VILZU2T"],"itemData":{"id":87,"type":"article-journal","title":"A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence","container-title":"Journal of computational science","page":"394-409","volume":"27","author":[{"family":"Kiwia","given":"Dennis"},{"family":"Dehghantanha","given":"Ali"},{"family":"Choo","given":"Kim-Kwang Raymond"},{"family":"Slaughter","given":"Jim"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kiwia, Dehghantanha, Choo, & Slaughter, 2018). Where every organization dealing with personally identifiable information of the clients claims to be the best in protecting the information as well the headlines are filled with the successful news of targeted data breaches of such organizations.
Cybercrimes cost billions of Dollars to many organizations annually. It is due to the reliance of the modern service on the internet. Banking is now based on the internet because the internet itself was not designed with much security in mind; therefore any service offered on the underlying internet will be inherently insecure. Banks deploy virtual private networks and many other security solutions to protect their network from hackers. Banking systems are prone to many types of attacks such as the man in the middle attacks, man in the browser attacks, and keylogger attacks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"45b91ksx","properties":{"formattedCitation":"(Cepheli, B\\uc0\\u252{}y\\uc0\\u252{}k\\uc0\\u231{}orak, & Karabulut Kurt, 2016)","plainCitation":"(Cepheli, Büyükçorak, & Karabulut Kurt, 2016)","noteIndex":0},"citationItems":[{"id":88,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/XJ7YNQXT"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/XJ7YNQXT"],"itemData":{"id":88,"type":"article-journal","title":"Hybrid intrusion detection system for ddos attacks","container-title":"Journal of Electrical and Computer Engineering","volume":"2016","author":[{"family":"Cepheli","given":"Özge"},{"family":"Büyükçorak","given":"Saliha"},{"family":"Karabulut Kurt","given":"Güneş"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Cepheli, Büyükçorak, & Karabulut Kurt, 2016). All these risks are categorized by the intrusions into the network. In a man in the middle attack, the data transmitted over an insecure channel such as a communication wire can be intercepted by the intruder in transit. It is the external intrusion into the system. Although it is not common nowadays, but a decade ago it was a significant concern for banks all across the world.
Man in the browser and keylogger attacks are considered to be the intrusions arising from within the network. They have the same dangerous effects on the overall security of the data being transmitted as the previous attacks. Modern attacks are more sophisticated in their design than their old counterparts. Banks have implemented various security measures to render these attacks useless. But no defense in the digital world can be considered as hundred percent effective because threat landscape is ever changing. Information assurance is known as the strategies implemented by the organizations to ensure the confidentiality, integrity, availability, and non-repudiation of critical data ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"QVguQfUp","properties":{"formattedCitation":"(Hamed, Ernst, & Kremer, 2018)","plainCitation":"(Hamed, Ernst, & Kremer, 2018)","noteIndex":0},"citationItems":[{"id":89,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/GI4NXU6Z"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/GI4NXU6Z"],"itemData":{"id":89,"type":"chapter","title":"A survey and taxonomy of classifiers of intrusion detection systems","container-title":"Computer and network security essentials","publisher":"Springer","page":"21-39","author":[{"family":"Hamed","given":"Tarfa"},{"family":"Ernst","given":"Jason B."},{"family":"Kremer","given":"Stefan C."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hamed, Ernst, & Kremer, 2018). To minimize the expenditure on system restoration, the information assurance must be a part of the business plan, especially for the banks. Banks are now implementing various intrusion detections systems to prevent attacks before they even execute on the network.
Empirical Analysis:
Citi bank has deployed a network level firewall to protect its internal network from threats such as spyware and hackers. However, the problem with a firewall solution at the network level is that it considers the incoming traffic as an intrusion but ignores the traffic that generates from within the network. Therefore, insiders attack such as man in the browser attack can be successfully executed despite the fact the network is secured by the firewall. Firewall will not be able to block attacks initiated within the network ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"FLXjx74c","properties":{"formattedCitation":"(Hodo, Bellekens, Hamilton, Tachtatzis, & Atkinson, 2017)","plainCitation":"(Hodo, Bellekens, Hamilton, Tachtatzis, & Atkinson, 2017)","noteIndex":0},"citationItems":[{"id":90,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/MRAT6AX2"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/MRAT6AX2"],"itemData":{"id":90,"type":"article-journal","title":"Shallow and deep networks intrusion detection system: A taxonomy and survey","container-title":"arXiv preprint arXiv:1701.02145","author":[{"family":"Hodo","given":"Elike"},{"family":"Bellekens","given":"Xavier"},{"family":"Hamilton","given":"Andrew"},{"family":"Tachtatzis","given":"Christos"},{"family":"Atkinson","given":"Robert"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hodo, Bellekens, Hamilton, Tachtatzis, & Atkinson, 2017). The risk of such attacks is significantly increased with the implementation of bring your own device policies. An employee of the bank may bring an already infected device and connect it to the sensitive network of the bank compromising the whole network.
To protect against such type of attacks intrusion detection systems are to be implemented in the Citi bank. One system is the network intrusion detection system that will monitor the internal network of Citi bank for any intrusion attempt. It will protect against any violation of local security policies while the firewall will be protecting against outside of the network attacks. As an industry practice, to complement the network intrusion detection system, a host-based intrusion detection system will also be implemented. Host-based intrusion detection system will pinpoint the device that is being used to initiate the attack on the network ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"9YfQ8hWF","properties":{"formattedCitation":"(Zhang, Jones, Song, Kang, & Brown, 2017)","plainCitation":"(Zhang, Jones, Song, Kang, & Brown, 2017)","noteIndex":0},"citationItems":[{"id":92,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/WVJ797ZQ"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/WVJ797ZQ"],"itemData":{"id":92,"type":"paper-conference","title":"Comparing unsupervised learning approaches to detect network intrusion using NetFlow data","container-title":"2017 Systems and Information Engineering Design Symposium (SIEDS)","publisher":"IEEE","page":"122-127","ISBN":"1-5386-1848-6","author":[{"family":"Zhang","given":"Julina"},{"family":"Jones","given":"Kerry"},{"family":"Song","given":"Tianye"},{"family":"Kang","given":"Hyojung"},{"family":"Brown","given":"Donald E."}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Zhang, Jones, Song, Kang, & Brown, 2017). Therefore, any malicious attempt will be intercepted and responded before the payload execution. Anomaly-based intrusion detection system will be added as the fourth line o defense against digital darks. It will detect all of the information technology related processes of the Citi bank and if any anomaly between routine tasks is detected that will be intercepted accordingly. Implementation of these systems will help the Citi bank to save expenditures on the troubleshooting and restoration of the network systems after a successful attack on the network.
Targeted attacks on the network of the bank will also be prevented because information assurance is not about responding to the attacks, but it deals with the prevention of the attacks as well. Without the implementation of these systems, the protection of personally identifiable information of the clients cannot be ensured. Targeted attacks on financial organizations are increasing at an exponential rate. If an attack compromising the personal information of customers is successful, then along with the financial losses the organization suffers from severe reputation loss as well.
Conclusion:
Protection of critical information is inevitable for all of the financial institutions. The banks must implement effective intrusion detection systems to protect critical information assets of the bank. It is the customer’s trust in the bank that is required to ensure business continuity. Successful breaches of data can be fatal to customers trust in the banking system. Protection of personally identifiable information is the obligation of the organization processing the information such as the banks. Intrusion detection systems ensure the protection of valuable data stored in banking networks.
References
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Cepheli, Ö., Büyükçorak, S., & Karabulut Kurt, G. (2016). Hybrid intrusion detection system for ddos attacks. Journal of Electrical and Computer Engineering, 2016.
Hamed, T., Ernst, J. B., & Kremer, S. C. (2018). A survey and taxonomy of classifiers of intrusion detection systems. In Computer and network security essentials (pp. 21–39). Springer.
Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., & Atkinson, R. (2017). Shallow and deep networks intrusion detection system: A taxonomy and survey. ArXiv Preprint ArXiv:1701.02145.
Kiwia, D., Dehghantanha, A., Choo, K.-K. R., & Slaughter, J. (2018). A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science, 27, 394–409.
Zhang, J., Jones, K., Song, T., Kang, H., & Brown, D. E. (2017). Comparing unsupervised learning approaches to detect network intrusion using NetFlow data. In 2017 Systems and Information Engineering Design Symposium (SIEDS) (pp. 122–127). IEEE.
Zheng, Y.-J., Zhou, X.-H., Sheng, W.-G., Xue, Y., & Chen, S.-Y. (2018). Generative adversarial network based telecom fraud detection at the receiving bank. Neural Networks, 102, 78–86.
Subject: IT
Pages: 4 Words: 1200
Cloud computing
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Institutional Affiliation(s)]
Author Note
[Include any grant/funding information and a complete correspondence address.]
Cloud computing
The usage of ‘cloud computing’, particularly as a term can be traced back to the end of the 20th century when it was used in an internal, marked-as-confidential document of Compaq CITATION Day15 \l 1033 (Daylami, 2015). It partially failed to gain recognition in the next century but it has made its mark over recent years and acquired all the qualities of a widely used web service, growing its realization.
Cloud computing is one of the most debated topics of Information Technology communities and circles. It has been significantly beneficial to increase the dynamic capabilities of people exponentially over the internet without largely investing in human and capital resources. In the past, companies and businesses used to ‘outsource' or invest huge amounts of money into the bank accounts of software companies or local servers but cloud computing has almost reversed this redundant modus operandi. Local or remote servers used to charge the users even if those were not in use but cloud computing only bills the consumers when it is running which makes it preferable from a financial perspective as well.
One of the paramount definitions of ‘cloud computing’ is postulated by the ‘National Institute of Standards and Technology’ which is a leading enterprise working in the pursuit of increasing industrial competitiveness and innovation. The exegesis of cloud computing views it as a model that enables users to access a trouble-free, instant network which saves a lot of labor in the process. A vast spectrum of computing resources e.g. applications, storage services, configurable networks can get hold of this access which is ultimately extended with minimal efforts concerning management CITATION Boh11 \l 1033 (Bohn, 2011).
This analysis was welcomed as a very instrumental contribution towards the correct understanding of ‘cloud computing’, tackling with the prevailing reluctance to define it due to the little or misleading information entailed by the term ‘cloud.’
This widely accepted definition provides scrupulous details to the consumers and users of cloud computing without any ambiguity. It depicts the availability of three models of service namely:
Cloud software (Software as a Service)
Cloud platform (Platform as a Service)
Cloud infrastructure (Infrastructure as a Service) CITATION Mel11 \l 1033 (Mell, 2011)
It also encapsulates four types of deployment models describing the cloud's ability to share the services CITATION Mar11 \l 1033 (Marston, 2011). The four models are as follows and have many similarities in their roles:
Hybrid cloud
Public cloud
Community cloud
Private cloud
Some attributes, specific to the cloud computing model are also elucidated in this definition and should be central to every cloud service:
On-request self-service: This feature highlights the cloud technology’s service to conspicuously reduce the user’s time cost. The users and customers don’t have to rely on the administrators for any kind of usage complexities.
The pooling of resources: A current need for the web computing processes is the integration and aggregation of the resources to primarily serve the requirements of more than one type of customers. This substantially lightens a major portion of the user’s workload.
Rapid elasticity of configuration: This entails to the consumer’s freedom from worrying about the limitation of the resources and the potential for planning. The customers can scale the resources in an increasing or decreasing manner based on their demand for the services provided by the cloud.
Measured service: The local and remote network servers and software companies became redundant as those were not billing and measuring the usage properly. A need for optimizing and validating the server usage arose which was duly catered by the cloud computing. Mainly, this accommodates the financial needs of users as it only measures and charges those resources which are frequently in the use of the consumer. Resultantly, there is a steep increase in the savings rate of customers.
Broad accessibility to network: This is a key feature regarding cloud computing whereby several virtual resources are available to a heterogeneous category of IT users. This chiefly promotes the user’s ability to access cloud storage and other services from an extensive range of devices i.e. personal computers, tablets, mobile phones etc.
This project attempts to undertake a case study towards the objective of helping the business organization in consideration to decide in the favor of adopting cloud computing to get the bottom of the business problems and find solutions to the day-to-day challenges. As cloud computing has moved from just being a ‘buzzword’ and has gained the unique status of a pervasive and wide-ranging concept in the industry of information technology, therefore the narrative of this account is to convince the said business to adopt some form of computing technology.
This project also strives to evaluate the business's concentration in the market share and provides particulars about the specific needs of an organization and the customized type of cloud computing technology, catering to those needs.
Development of a business case
Executive summary
Students these days largely rely on pictorial sources, e.g. scanned documents, images, digital photos, and many other visual formats to preserve the memories of their academic lives and the unforgettable moments they experience daily. Some of the things which are of consequential importance to the students in the years they spent in schools, colleges and universities are things like:
First day of school, college or university
First best friend
Favorite teacher
First fight
First one to copy from the blackboard
First achievement
First favorite sport
First hobby to develop in the academic horizons
First laptop
First movie watched with friends in the cinema
First grounding by the parents
First suspension
First research premise
First thesis
First degree
Apart from these firsts, there are countless events and experiences which the students undergo and each one is close to their heart. There are many ways to capture and preserve these memories, e.g. blogging, scrap-books, journals, storing pictures in the hard-drives, and digital photos stored in compact discs. Although, all these ways are feasible by many people, yet these are not affordable by everyone in academia and a majority of students and young adults cannot cherish the memories because of a lack of visuals available.
The proposed business plan, in this case, will be named as ‘Friends Photo Studio, Inc.' and it will be largely based upon cloud computing. This plan will meet the needs of the students in the most unique way possible and will represent them in a very interesting light. Not only will be the images of a high-quality format but cloud computing will also enable the users to categorize their pictures in different files based upon the mood, lightening, events, experiences, places, familiar faces, frequent visits and much more.
Furthermore, a dynamic relationship will be established with the users which would demand them to provide the business with their up-to-date extensive photos and experiences, enhancing their need for our services.
‘Friends Photo Studio, Inc.’ initially aims to grow at a thriving rate of 35 percent by solely targeting the freshmen enrolled in the high schools of the state of Texas. Upon accomplishing first numbers of the growth, the business will be spread to students of higher degree programs and to the schools and colleges of other states as well.
This business will be a torch-bearer for other professional photography businesses and a source of great interest and aspirations as it is targeting the most dynamic segment of the society, the young generation involved in the academics.
Financial appraisal
The start-up expenses include:
Inventory of albums, mattes, and frames along with the long-term expenditures for cameras, lights, 2-3 laptops and electric signs to set up the shop in the business hub of Texas. The services of marketing consultants and website developers will also be required and they will be duly paid depending on their progress with the work. The total expenditure may account for up to $150,000 which is a lump-sum amount and may vary given the nature of inventory and gadgets required.
Business objective
This business aims to enjoy photography with the goal of keeping it simple, yet zestful and flamboyant.
Impact of the business
‘Friends Photo Studio, Inc. endeavors to include each and every student currently enrolled in the maximum number of states of America to align with the goals of inclusivity and racial diversity. In due course, any bigotry against races and all types of racial discrimination can be avoided. This will prove to be a successful impact of the business and mark it as one of its own kind in the arena of the photography businesses.
Market assessment
The innovative approach used by the business will help it land a distinctive status in the market and a lot of young adults from the schools and colleges are expected to approach the business with a vast spectrum of their needs of capturing various moments. Nightly backups of the data will enable the business to never lose a string of attachment with its clients and this will help to draw more potential customers.
Project governance
A highly committed business management team will govern the project and the business over the medium and long term. The team will have adequate knowledge of the business and all the intricacies of the facts and figures of all the enterprises involved in the business. The project governors will be effectively result oriented and they will ensure that everyone involved in the venture should produce results.
Progress reporting
The assumption of steady growth with a reasonable increase in clients will aid the forecasting of the progress. Besides, the key financial indicators will be evident in reporting the increment or decline in the progress of the business.
An enterprise cloud strategy
The fundamental feature which makes this business unique from others is its incorporation of cloud computing technology. This computer age has helped the people achieve permanence in imagery CITATION Smi09 \l 1033 (Smith, 2009), and this business is using this fact to use cloud computing as a photo backup, a sharing tool, a sales and records model and ultimately the future as the only resort for the preservation of memories.
Cameras and all types of gadgets in the possession of the students will immediately upload the images to the cloud, where they will be instantly accessible with hundreds of options for organizing, uploading on various social media, editing, enhancing, renaming and downloading. The services required by the computers and/or software applications will become obsolete.
Cloud deployment model
Out of the four types of deployment models of cloud computing, ‘Community cloud' will be put into service for this particular business. A community cloud is best suited for the requirements of this business as it the system and all the services offered to be accessed by a particular community or organization, which is in this case, the students' community.
One of the biggest concerns of the young adults is about the security of their data and in a recently conducted study, more than 80% of the respondents expressed grave apprehensions regarding the social media big conglomerates and their policies regarding the users’ data CITATION Par14 \l 1033 (Pardo, 2014). Therefore, the community cloud acts as the best computing technology for this business which is chiefly driven by measures of regulation and compliance.
Cloud service model
The service model used would be the famously known ‘Software as a Service (SaaS).’ This model erases the need for users to run the website or mobile apps on their own. Software as a service puts an end to the expenses faced by the users which include the acquisition of hardware and maintenance of software.
This business intends to make the students’ lives meaningful by providing them with tokens of love and appreciation and the service model in consideration fully gratifies these wishes with its unique features. Software as a Service, (SaaS), is also the representation of the largest cloud market and makes it easier for enterprises to fully streamline the intricacies of their support and maintenance.
This project is not hesitant to claim that the service model, Software as a Service (SaaS) will certify as a sustainable competitive advantage for the business.
Development, testing, and deployment of the cloud services
This will be done by a cloud service provider who would be independent in his authority. A potentially tighter control regarding governance will be offered if the business opts for an independent provider. An independent service provider will also offer a wide range of business and recruitment technologies such as the management of customer relationships and human resource management. This fits our business design in a befitting manner as the first priority of ‘Friends Photo Studio, Inc.' is our customers and their swerving needs.
Governance policies and service agreements
Several reasons are driving the need for ‘cloud governance' which imparts policies involved in the planning, acquisition, designing, deployment and the management of a cloud computing service. Governance poses questions about the right way of things and whether or not, an individual is abiding by that right way. The dearth of cloud governance will result in security risks, the emergence of hidden clouds posing a danger to the consumers' data and a lack of incentives for potential customers to buy or use the cloud resources.
A well-elaborated strategy for guidance and future roadmap will be laid out at the start of the business. Every employee involved will have to abide by these policies. Violation of any agreements or rules will result in termination of the employee’s contract.
Assessment and resolution of security and privacy issues
Although the pioneering technology of cloud computing aims at more efficient utilization of shared resources, yet it is brimming with risks regarding security CITATION Sec09 \l 1033 (Seccombe, 2009). The cloud becomes a vulnerable target for hackers as breaching into its environment endangers the data and privacy of every user accessing the cloud. Almost every software has been unshielded to some degree in the past and present, which can also pave a way for the exploitation of the cloud’s arenas by some malicious users CITATION Che12 \l 1033 (Chen, 2012). Elements such as data and network security, data locality and integrity, authentication as well as authorization should be predominantly focused upon while development and usage of the cloud services. Besides these core values, applications of the business website present on the students' gadgets should have security measures and several back-ups and restoring options.
Integration with existing enterprise services
Integration calls for a variety of diverse components, inside the businesses and also with the cloud service providers. Synchronization is required for data, applications, business capabilities, and management capabilities so that everything is equally accessible to every user at all times.
Although the cloud service can itself configure and utilize standards for achieving interoperability and broad access, yet even a small amount of work done to update the extant system will reap benefits in the longer term.
In this business, integration is indispensable. In the absence of a definite strategy for integration, the quality of data declines and the vision of ‘Friends Photo Studio, Inc.’ does not conform to such possibilities.
Integration of ‘Friends Photo Studio, Inc.’ with mainstream social media such as Snap Inc., Twitter, and Threads by Instagram is also in the process and it will thrive in the wake of youth's need for connectedness and instant correspondence. All these existing social media sites also use cloud computing technologies with some variations which attribute to the true significance of cloud storage as a hallmark in the IT industry.
Development of a Proof-of-Concept POC before moving to production
A final decision from the senior management in the workplace hierarchy is necessary before launching the business for cloud computing. The business case at hand has 2-3 people at that level of seniority and they will review everything before giving it a thumbs-up.
A team comprising of experts from the purviews of information technology, cost-benefit analysis, user satisfaction, disaster management, and big data will ensure that the proof-of-concept adheres to the production and usage criteria of the cloud service.
Management of the cloud environment
The unerring operations and services of the community cloud will only be realizable if the cloud environment will be managed and evaluated properly, and at regular intervals.
A disaster management and recovery standard operating procedure will be defined and put into effect at the start of the business. Due to the fact that Software as a Service, SaaS is being used as the cloud service model, therefore this particular management will be the responsibility of the independent cloud service provider. The recovery process of the data will be duly ratified before launching the production service.
In ‘Friends Photo Studio, Inc.’, a comprehensive service agreement will be documented and the cloud service provider and the cloud customer will both mutually consent to it. Every problem encountered by the cloud's environment will be marked separately by its degree of complexity so that the urgency of the matter and solution may be determined by the users and the management team. Well trained individuals in the customer body, students, in this case, will verify the recovery process and its thorough completion. In case of any privacy breach or loss of data, the customers will immediately report on the complaints and suggestion forum on the cloud.
Cloud computing is a remarkable practice of the present era which is marked by big data analytics, block-chain technology and the constant need for permanence for data. Through boosting the power of the internet dramatically, cloud computing has significantly evolved the ways an individual uses his / her personal computer or mobile.
Cloud computing assists in eliminating software piracy, reducing the cost of doing business, increases individual and collective productivity, has multiple backup options and offers advancement in the career scopes. Additionally, ‘Friends Photo Studio, Inc.’ will be highly rewarding as a business venture as the application of cloud computing provides a lightning-fast performance, a feature which is extremely regarded to be of value in the current generation of students.
In the wake of its establishment and proliferation, the business case developed in this project will be greatly lucrative, amounting to the cloud computing technology employed as a chief factor of production.
References
BIBLIOGRAPHY Bohn, R. B. (2011). NIST cloud computing reference architecture. World Congress on Services, 594-596.
Chen, D. &. (2012). Data security and privacy protection issues in cloud computing. International Conference on Computer Science and Electronics Engineering, 647-651.
Daylami, N. (. (2015). The origin and construct of cloud computing. International Journal of the Academic Business World, 39-45.
Marston, S. L. (2011). Cloud computing—The business perspective. Decision support systems, 176-189.
Mell, P. &. (2011). The NIST definition of cloud computing.
Pardo, A. &. (2014). Ethical and privacy principles for learning analytics. British Journal of Educational Technology, 438-450.
Seccombe, A. H. (2009). Security guidance for critical areas of focus in cloud computing. Cloud Security Alliance, 35-70.
Smith, R. (2009). Computing in the cloud. Research-Technology Management, 65-69.
Subject: IT
Pages: 10 Words: 3000
Ericsson and IT enabled change
Student name
[Institutional Affiliation(s)]
Introduction
The given article is about the socio-material perspective of IT-enabled change. This case study mainly deals with Ericsson which is a telecommunication company that succeeded in transforming its finance and account ting unit from decentralized structures into a shared service center (SSC). Mainly, four dimensions (common meaning, ground, behavior, and interest) have been spotted in this paper, that highlight IT-enabled change as a practice, both material and social.
Overview and history of the organization
Ericsson is a telecommunication organization that was founded in 1876 having a business with over 80,000 employees worldwide. It has been in the limelight for transforming its finance and accounting unit within three years into a globally oriented structure that consists of networks of SSCs. Ericsson needs advanced ways of transferring the financial and account data as it started communicating at the global level (Loney, 2019). It started its transformation process formally at the beginning of 2004 that completed successfully, around 2006.
Organizational Behavior issues
In this case study, various organizational behavior issues were observed but the few that directly influence the employees include the issue of time taken by employees in adopting the changes that they are just introduced with. Ericsson finds it difficult to motivate its employees to adopt the new environment as recipients (Shonhe & Grand, 2019). For example, the new tools used by this organization have a conflict with the previous ways of recording performance due to which employees find it hard to absorb the way the new tool works.
With the invention of the new ways of judging the performance and skills of the recipients, the organization faced another issue that was of poor communication and feedback. For the employees at Ericsson, it was difficult to share their individual views as they used to do in the absence of IT-enabled change. Because of the lack of direct involvement in the operations, employees were unable to provide proper feedback, when asked.
As the employees were not comfortable in adapting to the newly implemented technology and the ways that were introduced with it, a change in expectations of the employees was observed that effected their behavior as well. From this case study, it can be seen that with change in the working environment, a change in their expectation is considered compulsory, but in the present scenario, though supportive activities of the coaching team were involved as transformation entailed changes to deeply ingrained local practices of the employees but still, it was taking too long for enabling the recipients to warmly welcome the new ways.
Goal
Considering the above-mentioned organizational behavior issues, different approaches have been given that is the ultimate goal of the consultant team. For them to manage employees, their conflicts and smooth functioning of the organizational operations. First of all, employees must be taken in confidence regarding the new tools and being a member of the consultant team, one must try to understand the concerns of recipients to resolve the conflict between previous and newly implemented ways in an organization (Cross & Calvo-Merino, 2016). Recipients must be encouraged by introducing different activities that would develop their interest in adopting new tools and ways. For resolving the conflict, highlighting commonality between the new and old tools would prove effective.
The consultant team must consider the stabilizing activities and motivation of the recipients. Recipients must not be discouraged if they share any of their views so that they feel a sense of security while giving their persona opinion or individual feedback. Management must try to understand the emotions of the employees and should arrange a session where recipients could share their views.
To bring the expectations of recipients at the same level, it is important to give them a form of the team. It would be hard for the management to fulfill the diverging expectations of employees, so the consultant team must promote ideas and activities that would unify them as a team. As a team, they would have the same expectations that authorities could consider to fulfill.
References
Cross, E. S., & Calvo-Merino, B. (2016). 26 The Impact of Action Expertise on Shared Representations.
Loney, B. S. (2019). Enhancing Decision-Making in Experienced Military Medics: A Case Study Intervention (Doctoral dissertation, The Florida State University).
Shonhe, L., & Grand, B. (2019). Implementation of electronic records management systems. Records Management Journal.
Subject: IT
Pages: 2 Words: 600
CSIRT Overview
[Name of the Writer]
[Name of the Institution]
CSIRT Overview
Vision and Mission of the CSIRT
The CSIRT is the governmental initiative that tends to make sure that the systematic and organized response is provided to the security threats and the incidents that are faced by the organizations at the given point of time. The idea is to make sure that the private sector, the communities’ organizations as well as the non-governmental entities are going to be in the position to make sure that they are able to take care of themselves. Keeping these objectives in mind, following are the vision and mission of CSIRT. The mission statement of the CSIRT is as followed. Their mission is to
Our mission is to:
provide a systematic rBEEesponse facility to ICT-incidents
coordinate communication among national and international incident response teams during security emergencies and to help prevent future incidents
support ICT users in Luxembourg to recover quickly and efficiently from security incidents
minimize ICT incident-based losses, theft of information and disruption of services at a national level
gather information related to incident handling and security threats to better prepare future incidents management and provide optimized protection for systems and data
provide a security related alert and warning system for ICT users in Luxembourg
foster knowledge and awareness exchange in ICT security
“Eearly Detection, Prevention, and Response to computer security incidents” and raise cyber security awareness in public and private organizations and the general public.”
• Serve as a National Point of Contact (POC) for computer security incidents coordination and response.• Provide accurate and timely information on current and emerging cyber security threats and vulnerabilities.• Build Rwanda Cyber Security capacities to handle cyber security incidents and threats• Promote information security awareness with the aim of building cyber security culture for internet users in Rwanda.• Promote Research and Development in the cyber security field.• Promote Regional and International cooperation in the field of cyber security.
Key Stakeholders that CSIRT is supposed to Serve
There are many key stakeholders that the CSIRT is supposed to be serving. One of the reasons that the scope of the service is so broad is due to the fact that they are one of the few organizations that have the capacity and the infrastructure to make sure that the protection can be provided from the impending information security threats. Following are some of the stakeholders that they are going to be serving.
Government Organizations: These are the primary beneficiary of the range of the services that are provided by the CSIRT. It has the special protocols for the people who belong this sector.
Private Organizations: CSIRT acts as a business consultancy that acts to make sure that the private organizations are also aided when it comes to how they are going to be making sure that the right service is going to be provided to different organizational stakeholders at the given point of time.
Communities: The communities and the NGO’s are another sector that CSIRT intends to serve. The idea is to make sure that the integrated solution is provided to these stakeholders.
It provides a reliable and trusted point of contact for any users, companies and organizations based in Luxembourg, for the handling of attacks and incidents. Its team of experts acts like a fire brigade, with the ability to react promptly and efficiently whenever threats are suspected, detected or incidents occur.
Scope and the Level of Service of the CSIRT
As discussed in the previous section, they are the organization that is involved in the development of the security protocols and service for the organization. The scope of the business is to make sure that the complete IT security solutions is being provided to the organizations at the given point of time. Now, when one talks about the scope of services of the organization, following are some of the services that are provided by the organization.
Management of the risk and the analysis of the IT security risk that is provided by the organization at the given point of time.
Making sure that there is sense of continuity in terms of how the disaster recovery planning is needed to be done by the organization.
Helping the organizations to make sure that they are able to carry out the compliance audits as well as make sure they are able to make the security assessment related to the organizational safety.
Carrying out the SOC analysis and allowing for the development of the security architecture analysis of the organization at the particular point of time.
Staffing Requirement at the End of the Organization
One key thing that has to be noted about CSIRT is that the range of the services that are provided by the organization, they are quite limited in terms of how they tend to add out as far as the way overall analysis is needed to be provided. The idea is there among the broader stakeholders when it comes to making sure that the personnel requirement has to be quite optimum and there is no need for excessive hiring at the end of the organization. Now, keeping in mind the range of services that are provided by the organization. People who are well equipped with the IT security and network security protocols are the ones that would play an important role in terms of the operations of the organization. At the same time, having an insight about the designing of the architecture of the entity in terms of the networking is another one of the services that are provided at the end of the organization. The people who are on board are also needed to be well accustomed with the effective control analysis. For example, the cyber risk created by the acquisition of robots in the organization’s warehouse has been identified and assessed by the experts (CISO and CRO with the concurrence of the CIO) as high, more than they believe the organization should take. Note, I use “take risk” rather than “accept risk” as it is more true to real life and the decisions we have to make.
Existing Security Technical Staff and Resources
One of the key things that has to be kept in mind with regards to this business is that the resources are needed to be quite optimum. At the moment, the CSIRT is operating at a very limited scope and thus it is quite important for them to make sure that have a sense of insight with regards to what are some of the HR requirements that they have need for at the moment. The resource constraints though are one of the areas that they need to work upon. The problem for them is that how the determination of the resources is going to be done. Most of the times it becomes quite confusing when it comes to making sure that the right balance is adopted. What can be done by them is to make sure that they need to setup an IT asset management protocol that goes a long way towards how the management of the resources is going to be done at the given point of time. The idea is to make sure that the how the assessment of the risk is going to be done and thus need by need analysis is required in this instance. They worked with business managers to reach this decision and based the risk assessment on how a breach would affect enterprise objectives.
Example of the External Resource Needed
During the course of the organizational goal implementation, there is a need to make sure that how the determination of the external resources is going to be done at the level of the organization. The among all the broader stakeholders is to make sure that how the right balance is going to be done in terms of the acquisition and the need assessment is going to be needed. For instance, there might be a case where the people at the CSIRT are required to intervene and create and IT infrastructure. To make sure that this infrastructure is created in the right manner, the whole network output criterion was needed. Now, it would have been quite needless for them to make sure that they use this asset when they don’t have any need for it at the first place. So, what was done by the CSIRT was to make sure that none of the assets were purchased, but instead whenever there is a need for the heavy asset, they tend to lease it out.
Top Five Policies and Procedures
There are range of the policy and the procedures that are carried out by CSIRT at the given point of time that would make sure that how the readiness level of the business is being determined, and thus the proactive services that they are providing is one of the most important procedure that they are providing to the stakeholders. At the same time, another range of procedure that plays an important role in the client value preposition is the way secure quality management ideals are being provided and how the services are being made possible at the given point of time. This is an important aspect of the services of the CSIRT. Then there is service augmenting that tends to make sure that the existing protocols that are setup at the end of the organization are such that are going to be good enough to make sure that the independent handling is going to be provided to the stakeholders without resorting to the issue of the lack of handling that is faced by the businesses at the given point of time. The training modules and the IT audits are also important procedures.
Reporting Structure and Organizational Model
Now, when one talks about the organizational model that is being used during the course of the operations of the CSIRT, the key thing that tends to stand out is that how different it is as compared to some of the traditional organizations. The reason for this difference exists due to the fact that the range of the services that are provided by them are such are quite exclusive in nature and due to that, it is imperative that some sort of insight is developed in terms of how it is going to be made sure that the right structure and defiance level is going to be seen. Most of the times, when one talks about the organizational structure that is being used by the organizations of such magnitude and scale, it is imperative to make sure that the functional structure is used. The advantage and the core reasons that the CSIRT has been using the functional structure is due to the fact that it is one of the few organizations that is quite different in terms of the functionality and how it operates. The other aspect that is needed to be kept in mind is that their range of services are quite heterogeneous and one tone, so a need is not there for complex reporting and organizational structure.
Amount of Additional Funding Implement and Maintain CSIRT
One of the key things that is needed to be kept in mind with regards to the way funding requirement is going to be carried out is that what are the current operational modules that are faced by the organization at the given point of time. The effort is needed to be made to make sure that the sense of perspective is needed to be there in terms of how funding is needed to be done. At the moment, the structure of the organization is such that they do not have need for the long term financing, and as majority of the assets can be leased, and not much need for the heavy machinery, one of the thing that can be done by them is to make sure that they take care of their funding requirement with the help of the internal funding and the debt consideration is not needed to be there.
Communication Plan for the Business
One of the thing that is needed to be kept in mind is that still to this date, the organizations at the government level are not really aware of what are some of the security risks that are faced by them at the given point of time and how the sense of balance can be achieved in this regard. So, the first thing that is needed to be done at the level of the organization must be to make sure that all the required stakeholders are communicated about the business need in an appropriate manner. What it means is that the effort must be made to make sure that the sense of perspective is needed to be there in terms of how the assessment of the organizations need is going to be done. Not only that, the other key thing that is quite important in this regard is to make sure that all the organizational stakeholders are in the position to determine the effectiveness and the benefits that the financial states are going to be gaining if they are working with the CSIRT. They must be made to realize the value preposition of adding the CSIRT to their panel. Top management and the board should have serious conversations that focus not only on acceptable losses, but also on what investors and regulators might consider a reasonable level of cyber defense, detection and response. Any definition of ‘risk appetite’ should probably be based on the likelihood of a serious breach, rather than on the amount of loss.
Timeline for the Implementation of the CSIRT
It has to be noted that when one talks about the timeline, it is quite hard to make sure that the exact timelines are being communicated. One of the reasons that the whole process is quite hard to be achieved is due to the fact that how the whole information serving protocol is needed to be looked at the given point of time and what are some of the long term implications of such a business decision at the given point of time. So, the management of the resources is quite important when such a consideration is needed to be made. Now, for a small business, it is quite possible that this timeline can be determined and as per estimates and the past instances when the whole protocol was being implemented, it takes about two quarters or about six months to make sure that the correct assessment is being made in this regard. The idea is to make sure that the sense of balance has to be there in terms of allocation of resources.
Return on Investment for Implementation of CSIRT Standards
It has to be noted that whenever such an investment is being carried out, the ideal thing that can be done at the level of the organization is to make sure that the whole thing is needed to be looked at in terms of its totality. The idea is to realize that how the whole thing is going to add value in terms of how the investment at the cybercrime level is going to be carried out. For instance, there are risks that are associated with the acquisition of the bots and other particulars and it is very important to make sure that these risks are accounted for when the decision is being made. Looking at the numbers, the current risk that the entity would be facing in terms of the state government would be around $ 10 million or it can be said about the 5 per cent of the total risk profile of the organization at the given point of time specifically when the investment is in place. What it means is that the ROI in this instance would be around 2 per cent of the whole equation or it can be 3 per cent that equals about $ 300,000 at the given point of time. This seems to sound like a great investment and keeping in mind the amount of losses and the risk profile that is faced by the organization, it is safe to assume that the such a decision would work out for the long term future of the organization to say the least.
Examples of Cyber Security Incidents
There have been many examples in the past that how the cyber security incidents have curtailed the long term health of the organization. The biggest example that comes to mind in this regard is that of the NHS, when the confidential data of the patients was stolen and even though at that point of time, it was not considered to be that huge of an investment, when the social security numbers of the students were obtained by the people at the given point of time, they were able to reflect upon the same scenario at the particular point of time.
Total Cost of the Incident
The final thing that is needed to be kept in mind is that how the total cost of such an incident is going to be worked out. Now, there are some important considerations that are needed to be looked at when this determination of the cost is being made. The first thing is that what is going to be the cost of the data that is being compromised at that point of time. The other thing that is quite important is that loss of the equipment and other aspects that are important when it comes to the way decisions about the long-term sustainability of the IT equipment is needed to be made. There is potential cost that is needed to be looked at in terms of what are some of the business opportunities that are lost by the organization at the given point of time and how it is is going to eventually add up at that point of time. There are some indirect costs as well such as the potential loss of the goodwill for the business and how the resource allocation constraints are going to be faced by the business at the corresponding point of time.
References
Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., & Zajicek, M. (2016). Defining incident management processes for csirts: A work in progress (No. CMU/SEI-2004-TR-015). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.
Bada, M., Creese, S., Goldsmith, M., Mitchell, C., & Phillips, E. (2017). Computer security incident response teams (CSIRTs) an overview. Global Cyber Security Capacity Centre, 1-23.
Dsouza, Z. (2017). Are Cyber Security Incident Response Teams (CSIRTs) Redundant or Can They Be Relevant to International Cyber Security. Fed. Comm. LJ, 69, 201.
Mejía, J., Muñoz, M., Ramírez, H., & Peña, A. (2016). Proposal of content and security controls for a CSIRT website. In New Advances in Information Systems and Technologies(pp. 421-430). Springer, Cham.
Renato, C., & María, N. (2015, July). Technologies' Application, Rules, and Challenges of Information Security on Information and Communication Technologies. In 2015 Asia-Pacific Conference on Computer Aided System Engineering(pp. 380-386). IEEE.
Wara, Y. M., & Singh, D. (2015). A guide to establishing computer security incident response team (CSIRT) for national research and education network (NREN). African Journal of Computing & ICT, 8(2), 1-8.
Subject: IT
Pages: 10 Words: 3000
More Subjects
