When used together, cryptography and steganography can offer two modes of security. For this discussion, evaluate each method applicability to your organization or an organization with which you are familiar. What are the advantages or disadvantages of each to your selected organization? Which method would you consider to be more commonly used in InfoSec and why?
When used together, cryptography and steganography can offer two modes of security. For this discussion, evaluate each method applicability to your organization or an organization with which you are familiar. What are the advantages or disadvantages of each to your selected organization? Which method would you consider to be more commonly used in InfoSec and why?
In a 3-4 page paper not including title and reference page using the framework presented in Chapter 4 of Management of Information Security, draft a sample issue-specific security policy for an organization of your choice.
At the beginning of your document, describe the organization for which you are creating the policy, and then complete the policy using the framework.
Clearly state what the article is about and its purpose
How the article and/or author(s) support your argument(s)
Most important aspects of the article
Any findings and conclusions
Approximately 250 to 350 words in length
Include the article “Abstract” in your posting (your summary should be original)
Include the industry example demonstrating the application of your researched article
“IMPORTANT” – Include the reference for the article in correct APA format (5-6 REFENCES) and citations
Whitman, M. E., & Mattord, H. J. (2019). Management of information security (6th ed.) Cengage Learning
Print ISBN: 978-1337405713
eText ISBN: 978-1337671545
Supplemental text; for assignment research
Chopra, A. & Chaudhary, M. (2020). Implementing an information security management system: Security management based on ISO 27001 guidelines (1st ed.). Apress.
For milestone 2, you will complete the first few sections of the Portfolio Project. Include and be sure to use the outline already drafted for milestone 1.
Analyze a security breach that has occurred in the recent past (within the last three years). In your critical evaluation of the chosen security breach, review and analyze the breach along the following dimensions:
What went wrong?
Why did it occur?
Who was responsible?
Your paper should meet the following requirements:
Be 3 pages in length, not including the title page and reference page.
Follow APA guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
Support your answers with the readings from the course and at least four scholarly journal articles.
Cite a minimum of six scholarly sources—academic and peer-reviewed—to support your positions, claims, and observations.
Be clear and well written, concise, and logical, using excellent grammar and style techniques.
PORTFOLIO MILESTONE ONE
There was a security breach on Facebook in 2019 discovered in 2021. This security breach was about cybercriminals who breached the Facebook database and accessed the phone numbers of 533 million users with their ID numbers, names, emails, and birthdays. The hackers had exposed the database to the members of the public, and they did this for almost three years. The breach was realized in 2021 by a cyber security firm. The criminals could access personal information each and every time they wanted because they had all the details to log into those accounts. The hackers obtained data from Facebook servers by using a misconfigured phone importer. These criminals could use the asses to commit more crimes using accounts that belonged to other individuals and went unnoticed. Most Facebook users were affected by the problem of their accounts being hacked during this period. They were in control of these accounts and regulated what happened (Choi., 2021). Most security breaches occur as a result of vulnerability or exposure to databases. There might have existed a loophole to security on Facebook that was identified by these hackers and exploited to access the Facebook servers. Poor management of passwords might have given these criminals access to the servers, thus hacking many accounts (Finnerty et al., 2019).
The problem is that Facebook cyber security did not realize this for three years, and rather an external firm identified this. This shows that the organization was reckless in maintaining and regularly checking its servers and databases. It is the role of the relevant organization to maintain secure passwords to servers and ensure that their databases are not exposed to criminals. All loopholes that can lead to security attacks should be closed and continually monitored to avoid the loss of relevant data and information within an organization. Misconfigured settings on software, password recycling, and vulnerabilities in software could all lead to a security breach. If an organization does not secure its networks, data, applications, and network, it could be at risk of being attacked. Criminals exploit the weaknesses of an organization to access its information. They exploit systems that might not be updated, thus stealing relevant information. In any organization, it should be ensured that only a few people are aware and can access the passwords because this will reduce the chances of being exposed to risks. If many people can access the server, there might be one who will expose the organization either willingly or unwillingly. The reason why Facebook cyber security agents took so long to realize that their account had been hacked was that many individuals within the organization could access the data, and therefore the chances of noticing were very high, thus increasing the risk (Reshmi., 2021).
In conclusion, to avoid security breaches, one needs to keep on changing their passwords, back up the files regularly, use strong passwords, secure the computers and avoid leaking the information and passwords to the public. If all the loopholes within an organization are covered, information vulnerability is reduced. Reducing the vulnerability of data, passwords, and devices reduces the risks of being attacked by criminals. The Facebook security agents configured its security details again to minimize this issue because they were attacked because of misconfiguration. They made strong security passwords and backed up all the files hacked. The attack was so big and happened for a long time because they failed to check their servers and databases regularly. The risk within an institution can be managed by checking the security details, including the passwords and all other loopholes oftenly and managing them. Everyone within an organization has to be responsible for the organization’s security at all times (Tuttle., 2018).
References
Breier, J., & Branišová, J. (2017). A dynamic rule creation based anomaly detection method for identifying security breaches in log records. Wireless Personal Communications, 94(3), 497-511.Choi, Y. B. (2021).
Organizational Cyber Data Breach Analysis of Facebook, Equifax, and Uber Cases. International Journal of Cyber Research and Education (IJCRE), 3(1), 58-64.Finnerty, K., Fullick, S., Motha, H., Shah, J. N., Button, M., & Wang, V. (2019). Cyber security breaches survey 2019.Foecking, N., Wang, M., & Huynh, T. L. D. (2021). How do investors react to the data breaches news? Empirical evidence from Facebook Inc. during the years 2016–2019. Technology in Society, 67, 101717.Reshmi, T. R. (2021).
Information security breaches due to ransomware attacks-a systematic literature review. International Journal of Information Management Data Insights, 1(2), 100013.Tuttle, H. (2018). Facebook scandal raises data privacy concerns. Risk Management, 65(5), 6-9.
The Impact of Climate Change on Food Security Overview The United Nations (UN) has hired you as a consultant, and your task is to assess the impact that global warming is expected to have on population growth and the ability of societies in the developing world to ensure the adequate security of their food supplies. Case Assessment As the world’s population nears 10 billion by 2050, the effects of global warming are stripping some natural resources from the environment. As they diminish in number, developing countries will face mounting obstacles to improving the livelihoods of their citizens and stabilizing their access to enough food. The reason these governments are struggling even now is that our climate influences their economic health and the consequent diminishing living standards of their peoples. Climate changes are responsible for the current loss of biodiversity as well as the physical access to some critical farming regions. As such, these changes in global weather patterns diminish agricultural output and the distribution of food to local and international markets. These difficulties will become even more significant for these countries as the Earth’s climate changes for the worse. Temperatures are already increasing incrementally, and polar ice caps are melting, so the salient question is: what does this suggest for developing societies? The issue before the developing world is not its lack of food, but rather how to gain access to food. Simply put, changes in our climate are affecting the global food chain, and hence, the living standards of entire populations. Added to this is the fact that food is not getting to where it is needed in time to prevent hunger or starvation. In many developing countries, shortages are due to governments’ control over distribution networks rather than an insufficient supply of food itself. In effect, these governments are weaponizing food by favoring certain ethnic or religious groups over others. When added to dramatic climate changes that we are experiencing even now, the future for billions of poor people looks increasingly dim. Instructions You are to write a minimum of a 5 page persuasive paper for the UN that addresses the following questions about the relationship between atmospheric weather patterns and food security in the developing world: Climate change and global warming are often used interchangeably, but they are not the same phenomenon. What are the differences between the two concepts and what leads to the confusion between them? In 1900, the average global temperature was about 13.7° Celsius (56.7° Fahrenheit) (Osborn, 2021), but as of 2020, the temperature has risen another 1.2°C to 14.9°C (58.9°F). According to the Earth and climate science community, if the Earth’s surface temperature rises another 2°C (3.6°F), we will suffer catastrophic weather patterns that, among other things, will raise sea levels, cause widespread droughts and wildfires, result in plant, insect, and animal extinctions, and reduce agricultural productivity throughout the world (Mastroianni, 2015 and Lindsey & Dahlman, 2020). How much credibility do you place in these projections? Why? There is no question that the Earth’s food sources are threatened by changes in its weather patterns, but what specific challenges does climate change pose to the food security of people in the developing world? There is currently a debate among some multinational lending agencies like the International Monetary Fund, UNICEF, and AID over the financial support for food security has been misused by recipient government officials. On the other hand, U.S. authorities insist that misuse of its assistance is not occurring because it has strict monitoring oversight in place. What is your position on this matter? Is there evidence that financial assistance to developing governments is being widely misused by government officials? Guidelines This course requires the use of Strayer Writing Standards (SWS). For assistance and information, please refer to the SWS link in the left-hand menu of your course and check with your professor for any additional instructions. In order to earn full credit, your paper must be divided into at least four full pages of content (one page to address each of the four questions above), and include at least a one-half page introduction and a one-half page conclusion – making a minimum total of five full pages of text. You must use at least seven credible sources (excluding Wikipedia, dictionaries, and encyclopedias) that are appropriate for the subjects under discussion. You must use only double-spacing and not place extra spacing between paragraphs or section headings. The specific course learning outcome associated with this assignment is as follows: Evaluate the impacts that climate changes are having on the growth of global populations and the security of their food sources. References Liz Osborn. 2021. History of Changes in the Earth’s Temperature. https://www.currentresults.com/Environment-Facts/changes-in-earth-temperature.php Brian Mastroianni. 2015. Why 2 degrees are so important. https://www.cbsnews.com/news/paris-un-climate-talks-why-2-degrees-are-so-important Rebecca Lindsey and LuAnn Dahlman. 2020. Climate change global temperature. https://www.climate.gov/news-features/understanding-climate/climate-change-global-temperature
Topic is “Enhancing Cyber Security In Healthcare -With The Help Of Machine Learning”.
Research Questions:
How can we control the access to sensitive healthcare information and systems?
How to provide data security for affected healthcare data breaches?
How to enhance the cybersecurity in healthcare to overcome the cyber attacks ?
11.1 Mock Dissertation Chapter One Introduction
Overview: As you observed in the LIVE session, there is a connection between chapter three and chapter one. Therefore, as an extension of our week in the mock chapter three from last week, we will write a mock chapter one. For the sake of preparation, we will be using the required headings from the University of the Cumberlands Dissertation Handbook. Like we discuss in class, each university has unique parameters for what they expect in chapter one, so you may see papers from other universities that look slightly different. The importance here is to focus on the content, not necessarily the organization. This assignment will help determine your readiness to write a full-length chapter one.
Directions:
1. Review the rubric and examples to make sure that you understand what is expected of you in this assignment.
a. Chapter One Samples.pdf Chapter One Samples.pdf – Alternative Formats
b. Rubric for Chapter One.docx Rubric for Chapter One.docx – Alternative Formats
2. Develop a 3-4 page (more is fine) mock chapter one to include the following expectations from the university:
•
o Overview (1-2 well developed paragraphs)
o Background and problem statement (1-2 well developed paragraphs)
o Purpose of the study (1 well developed paragraph)
o Significance of the study (1 well developed paragraph)
o Research Questions (numbered list)
o Limitations of the Study (1 short paragraph)
o Assumptions (1 short paragraph)
o Definitions (list)
o Summary (1 well developed paragraph)
3. Turn in your “mock” chapter one to the submission box.
Sample to write
Chapter 1
Overview
Since the publication of the Reagan era education report,ANationatRisk,theUnited Stateshasfocusedattentiononeducation reform(United States, 1983). Thisreportused compelling languageto describeAmerica’s schoolsaslargely inadequate andunabletomeet globaldemandsoneducation, thereby leaving America’sfuturein jeopardy. Sincethattime schoolleadershaveembraced variouseducation reformmovements suchasNoChild LeftBehind and EveryStudentSucceedsAct(NoChild LeftBehind[NCLB],2002,Every StudentSucceeds Act[ESSA],2008). Each withtheir ownmeasuresofstandardizedtesting,academicachievement, and schoolperformance. Perhapsoverlooked istheimportanceofschoolclimateintheoverall schoolimprovementprocess. ClevelandandSink(2018)promotethenotion thatstudent perspectivesonschoolclimateshould beincluded inschoolimprovementplans. Otherresearches suchas Zahid (2014),suggestschoolclimateto bethenumberoneconsideration forstudent academicachievement.
Dutta &Sahney(2016)researched therelationship between schoolclimate andstudent achievementandsuggested apositivecorrelation. Schoolprincipalsaretheleadersoftheir building, shaping acompelling visionforthefuturewhilepromoting safety,academic achievement,andapositiveclimate. Depending ontheschools’size,theprincipal’sjob description may includecurriculum, discipline, community relations, andfiscalresponsibilities. Principals are required tobalance theexpectations ofstate, community, and districtleaders toproducethehighest possiblestandardized testing, personnel,and schoolclimateresults. Theseresponsibilitiesmake themoneofthemostinfluential schoolimprovement figures.
Theinfluenceofaprincipalextendstotheperception ofallinternaland externalstakeholders. With increasing research tosuggestpositiveschoolclimatescould beaninfluentialcomponent of schoolimprovement, principals should consider theextenttowhichinternal stakeholderssuch as theteaching faculty perceive their influenceoverschoolclimate. Theextentto which principals can influenceschoolclimate inArkansas’ schoolsisunknown.
Purposeofthestudy
Thepurposeofthisquantitativecorrelational research wastoinvestigate if andtowhat extentprincipal leadership practicescorrelatewithschoolclimate asperceived byteachersinthein ruralandsuburbanschoolsinArkansas. Thisstudyinvestigatedthebivariatecorrelationbetween theteachers’perception oftheschoolprincipal’sleadershippracticesandthecorresponding school’sclimatescores. Twenty-fourschoolsareincluded inthesamplesizefromsixgeographic regionsofArkansas. Inall, 626teachersparticipated, answeringsurveysregarding their perspective of24schoolprincipalsandthe correspondingschoolclimates in Arkansas.The leadership practicesoftheprincipal andtheschoolclimate werethevariablesforthisstudy. Significanceofthestudy
Cleveland,R. E.,&Sink,C. A. (2018). Studenthappiness,schoolclimate, and school improvementplans. ProfessionalSchoolCounseling, 21(1) doi:http://dx.doi.org/10.1177/2156759X18761898
Dutta, V. &Sahney,S. (2016),Schoolleadership and itsimpactonstudentachievement:The mediating roleofschoolclimateandteacher jobsatisfaction, InternationalJournalof EducationalManagement, 30(6),941-958. https://doi.org/10.1108/IJEM-12-2014-0170
Every StudentSucceedsActof2015,Pub. L. No. 114-95§114Stat. 1177(2015-2016).
NoChild LeftBehind(NCLB)Actof2001,Pub. L. No. 107-110,§101,Stat. 1425(2002).
United States. National CommissiononExcellenceinEducation. (1983). Anation atrisk:The imperativeforeducationalreform. Washington, D.C.:TheNational Commissionon Excellence inEducation.
Zahid, G. (2014). Directandindirectimpact ofperceived schoolclimateuponstudentoutcomes. AsianSocialScience, 10(8),90-102. http://dx.doi.org/10.5539/ass.v10n8p90
This course explores theory and research about 21st Century developments in policing, security, and surveillance. Topics may cover intelligence-gathering, pre-crime, fusion centres, social media policing, body-worn cameras, artificial intelligence/predictive policing, and big data surveillance by public and private agencies. (Prerequisites: SACR 2600; 2620; SACR 3820 or SACR 3680 or SACR 3730; SACR 3910 or SACR 3080, and semester 7 or higher standing; or higher.)
Begin thinking of mobile device security in a business situation. Select a fictional or real corporate or university environment that requires mobile access. Use the Q & A Forum to ask questions and discuss your ideas about the project.
Proposal
Course Project Proposal (one to two pages, 35 points). Remember to properly cite any external sources used.
The proposal should contain the following items.
Cover page
Subject of the Course Project
Name of the company or organization
Brief description of the company chosen
Value proposition of the company
Size of the workforce (students included if the company chosen is an academic institution) with respect to IT infrastructure needs
Overview of the different types of mobile networks available in the company
Overview of types of mobile devices and storage media used in the company
Identification of potential mobile security risks
Audience to whom you are presenting the recommendation(s)
References
Technical Report (four to five pages, 65 points). Remember to properly cite any external sources used. The technical report should contain the following items.
Cover page
Introduction
Intentional versus unintentional mobility scenarios in the company
Protection of data
Physical protection mechanisms
Logical protection mechanisms
Protecting heterogeneous information
Protecting data in motion
Data protection models
Using a device-centric or data-centric model for the case study; which one is better?
Encryption
Types of encryption employed by the company’s IT department
Course Project – Website Security Test Plan for Peapod Grocery Business
The CIO of the online grocery store has asked you to create a website security plan that will keep the information that they are entrusted with safe, secure and out of the news. For this assignment, please include the following:
An executive summary.
An introduction to the plan.
A web security plan strategy (also include the security policy that you designed for module 03).
Deliverables.
Test cases.
You will have at least 5 sources for this paper, with 2 being scholarly sources. Include in-text citations in your paper. Your sources need to be listed according to APA formatting guidelines on your reference page.
Include an APA formatted title page.
Plan should be a minimum of 6 pages.
*Grammar, spelling, and the layout of your essay on Website Security Test Plan for Peapod Grocery Businesswill also be taken into account when grading this assignment.
Maxus Cloud SDK, the Multi-X Security Software Development Kit Hello, and welcome to the Maxus cloud software development kit briefing. This briefing will cover the basics of the Maxus Cloud SDK. If you’d like to hear more information about what you’ve seen in this brief, please contact Major Kyle Stewart at kyle dot stewart dot 5 @ US dot AF dot mil. MXS, pronounced “maxus”, stands for Multi-X security. The maxus project objectives are to provide secure multi-level, multi-category, and multi-nation environments. Categories are the maxus term for what some might call a compartment, caveat, or program.
1
Historical Context
2
The major problems of the USAF stem from the fact that there is a growing requirement to provide shared use of computer systems containing information of different classification levels and need-to-know requirements in a user population not uniformly cleared or access-approved. …
Users are permitted and encouraged to directly program the system for their applications. It is in this latter kind of use of computers that the weakness of the technical foundation of current systems is most acutely felt.
Computer Security Technology Planning Study (Volume II)
October 1972
2
Challenges & Solutions
MXS Reference Architecture
MXS Security Model
Challenges
Current commercial cloud infrastructure does not provide a multi-level / multi-category environment out-of-the-box; it must be provided by workload owner
It is difficult for vendors and mission owners to create multi-level / multi-category aware software
Unclear approach to data labeling impedes interoperability and complicates development of software solutions that function across the enterprise
Solution
Execute project that develops a standard security model, data model, reference architecture, and Software Development Kit (SDK)
Conduct prototyping in an unclassified cloud environment to demonstrate feasibility of using the MXS SDK to develop multi-level / multi-category software solutions
When successful, utilize the MXS SDK to address IT requirements related to enterprise software development
3
3
Enterprise View
4
4
System View
5
5
What is MXS Cloud SDK?
Increasing Technical Opinion
Documentation
Security Model
Data Model
Reference Architecture
Reference Implementation
Cost Model
Human-centric terms and definitions with concepts modeled in a well-defined visual language
Machine readable data formats for access control information and metadata aligned to security model
Organization of COTS/GOTS components into solution which supports security and data models
Executable form of reference architecture that runs inside government owned cloud environment
Provide cost predictions for reference implementation including licenses, compute, store, and network
Acquisition and developer centric documentation that covers requirements, use cases, testing, etc.
6
6
Business Processes
Multiple organizations participate and contribute via DI2E DevTools based on Atlassian tools (Confluence, JIRA, BitBucket) + Jenkins Milestones are 4-week planning periods (i.e., sprints) All work is drafted, approved, and tracked via JIRA tickets Clear “definition of done” with deliverable required for ticket approval Documentation (including this briefing) is all tracked and built from version control
Multi-Level Markings (MLM) occur when there is a mixture of classification levels and categories portion marked within a document
Standards like ISM potentially can misrepresent the aggregate precisely, resulting in over classification at the root level
MXS is working with OSD SAP CIO and Common Metadata Standards Tiger Team (CMSTT) on possible implementation strategies and policies
10
All labels and markings are notional and for illustrative purposes only.
10
Label 0.1
Derived from ISM semantics including JSON-LD distributed controlled value enumeration files
Added additional structure in key areas of concern to address challenges with mixed classification level, categories, coalition data, and developer ergonomics
Works together with MXS Claims JWT
Designed to accept, produce compliant ISM labeled data
Stepping-stone to next-generation labeled infrastructure based on OPA/REGO
Moving the label to application-level protocols (like HTTP) that leverage JSON makes the shared data model more easily exchanged and validated
Better aligned with modern development techniques and knowledge base in industry
All labels and markings are notional and for illustrative purposes only.
11
Access Control
MXS implements an attribute-based access control (ABAC) model that in turn needs to support mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC) Data model focuses on modern production environments like the service meshes in a Kubernetes environment, deploying “sidecars” via COTS tools like Grey Matter Leverages open tools like Open Policy Agent, and the REGO policy language to express and enforce access control policies Combines the claims and labeling standardization in JSON to create a zero-trust architecture with rigid enforcement throughout the mesh
package mxs default allow = false allow { # has_necessary_attributes sufficient_clearance all_categories } # Ensure that the user has sufficient clearance to view the marking on # the document. sufficient_clearance { # UIAS data has an array of clearances, not the highest clearance doc_classification_num := input.label._classification._classId clearance_number[user_clearances[_]] >= doc_classification_num } …
12
12
Towards 1.0 – MXS ABAC Data Model
Top-down design after gathering taxonomy of existing data semantics from IC and SAP communities
Core specification that deals with the attributes required for access control to support MAC, DAC, and RBAC
Priorities / Trade-offs
Keep data going over the WAN small
Keep data structures as normalized and regular as possible
Follow principle of least surprise
Interoperability with legacy formats
Leverages JSON based JavaScript Object Signing and Encryption (JOSE), JSON Web Tokens (JWT), and SPIFFE for security and certificate management
Future expansion to binary formats like Concise Binary Object Representation (CBOR), or other formats like XML
13
13
Three Tier Architecture
14
14
Reference Architecture
Government owned architecture with focus on use of commercial products and standards
Example open / commercial products:
Example open / commercial standards:
Initial focus is on single-level, multi-category; aligns with cloud architecture
Hooks to facilitate cloud hosted or on-premise cross domain solution
Compatible with MLS data stores and services
Managed, labeled data management and application hosting environment designed to integrate well with K8s DevSecOps pipelines like Platform One
JSON
Schema
System for Cross-domain
Identity Management
15
15
Reference Implementation
Automation Stack
(*) Will support full DevSecOps lifecycle of hosted applications (via GitOps) and service mesh
Used to automate deployment of packages on K8s
Used for orchestration of executable capability
Used to configure the baseline and deploy K8s
Used to create, manage, and destroy baseline infrastructure
Prototype / Experimentation
Hosted in Cloud One Development (C1D) on top of Amazon Web Services (AWS) Used for COTS evaluation, prototype, experimentation, and scalability testing Leverages full C1D guard-railed environment to support potential future expansion to C1 production
Development
U-FEN is primary development environment Minimizes delta to other *-FEN targets Allows connectivity to unclassified identity store to enable ICAM solution Already aligned with Platform One as DevSecOps environment
16
16
Next Steps
Integration with Platform One Integration with Grey Matter Automated Security Analysis
MITRE Caldera for automated pen testing framework
MITRE SAF (Heimdall) for automated compliance monitoring
Deployment to U-FEN Government Functional Testing Groundwork for Operational Pilots
Prototype • GTRI as Prime ⁃ 2371B OTA via AFRL ⁃ 9-month POP • Cloud One Dev / U-Fences + Platform One • Early involvement from AO and test communities • Demo Days June / Oct 2021
Transition & Mature • MXS Data Labeling Standard 1.0 (NIEM / CMSTT) • Upstream to Platform One (Iron Bank / Big Bang) • Enterprise ICAM Pilot • Operational Pilots
Enterprise Software Factory • Sustained Capability Development ⁃ Leverage DevSecOps ⁃ Built on Platform One ⁃ MXS SDK (Cloud / Edge) • Production Cloud Environments ⁃ Cloud One (IL5, IL6) ⁃ *-FEN ⁃ C2S
Impact • Empowers customers with DevSecOps as-a-Service • Lowers bar for third party developers to create multi-level, multi-category, multi-nation aware applications in the cloud or on premise • Government owned architectures supported with COTS products
18
18
MXS SDK Future Architecture
Baked-in resiliency to denied, disrupted, intermittent, and limited environments Takes advantage of strengths of both cloud and on-premise data centers Builds upon the use of commercial and government standards