Categories
Writers Solution

cryptography and steganography can offer two modes of security

When used together, cryptography and steganography can offer two modes of security. For this discussion, evaluate each method applicability to your organization or an organization with which you are familiar. What are the advantages or disadvantages of each to your selected organization? Which method would you consider to be more commonly used in InfoSec and why?

300 words

No APA Format 

Citations and references required 

WE HAVE DONE THIS ASSIGNMENT BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER on cryptography and steganography can offer two modes of security

Are You looking for Assignment and Homework Writing help? We Provide High-Quality Academic Papers at Affordable Rates. No Plagiarism.

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

cryptography and steganography can offer two modes of security

When used together, cryptography and steganography can offer two modes of security. For this discussion, evaluate each method applicability to your organization or an organization with which you are familiar. What are the advantages or disadvantages of each to your selected organization? Which method would you consider to be more commonly used in InfoSec and why?

300 words

No APA Format 

Citations and references required 

WE HAVE DONE THIS ASSIGNMENT BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER on cryptography and steganography can offer two modes of security

Are You looking for Assignment and Homework Writing help? We Provide High-Quality Academic Papers at Affordable Rates. No Plagiarism.

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

Management of Information Security

In a 3-4 page paper not including title and reference page using the framework presented in Chapter 4 of Management of Information Security, draft a sample issue-specific security policy for an organization of your choice. 

At the beginning of your document, describe the organization for which you are creating the policy, and then complete the policy using the framework.

Clearly state what the article is about and its purpose

How the article and/or author(s) support your argument(s)

Most important aspects of the article

Any findings and conclusions

Approximately 250 to 350 words in length

Include the article “Abstract” in your posting (your summary should be original)

Include the industry example demonstrating the application of your researched article

“IMPORTANT” – Include the reference for the article in correct APA format (5-6 REFENCES) and citations 

Whitman, M. E., & Mattord, H. J. (2019). Management of information security (6th ed.) Cengage Learning

Print ISBN: 978-1337405713

eText ISBN: 978-1337671545

Supplemental text; for assignment research

Chopra, A. & Chaudhary, M. (2020). Implementing an information security management system: Security management based on ISO 27001 guidelines (1st ed.). Apress.

Print ISBN: 978-1484254127

eText ISBN: 978-1484254134

WE HAVE DONE THIS ASSIGNMENT BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER on Management of Information Security

Are You looking for Assignment and Homework Writing help? We Provide High-Quality Academic Papers at Affordable Rates. No Plagiarism.

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

Analysis of Recent Security Breaches Draft

For milestone 2, you will complete the first few sections of the Portfolio Project. Include and be sure to use the outline already drafted for milestone 1.

Analyze a security breach that has occurred in the recent past (within the last three years). In your critical evaluation of the chosen security breach, review and analyze the breach along the following dimensions: 

  1. What went wrong?
  2. Why did it occur?
  3. Who was responsible?

Your paper should meet the following requirements:

  • Be 3 pages in length, not including the title page and reference page.
  • Follow APA guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
  • Support your answers with the readings from the course and at least four scholarly journal articles.
  • Cite a minimum of six scholarly sources—academic and peer-reviewed—to support your positions, claims, and observations.
  • Be clear and well written, concise, and logical, using excellent grammar and style techniques. 

PORTFOLIO MILESTONE ONE

There was a security breach on Facebook in 2019 discovered in 2021. This security breach was about cybercriminals who breached the Facebook database and accessed the phone numbers of 533 million users with their ID numbers, names, emails, and birthdays. The hackers had exposed the database to the members of the public, and they did this for almost three years. The breach was realized in 2021 by a cyber security firm. The criminals could access personal information each and every time they wanted because they had all the details to log into those accounts. The hackers obtained data from Facebook servers by using a misconfigured phone importer. These criminals could use the asses to commit more crimes using accounts that belonged to other individuals and went unnoticed. Most Facebook users were affected by the problem of their accounts being hacked during this period. They were in control of these accounts and regulated what happened (Choi., 2021).    Most security breaches occur as a result of vulnerability or exposure to databases. There might have existed a loophole to security on Facebook that was identified by these hackers and exploited to access the Facebook servers. Poor management of passwords might have given these criminals access to the servers, thus hacking many accounts (Finnerty et al., 2019). 

The problem is that Facebook cyber security did not realize this for three years, and rather an external firm identified this. This shows that the organization was reckless in maintaining and regularly checking its servers and databases. It is the role of the relevant organization to maintain secure passwords to servers and ensure that their databases are not exposed to criminals. All loopholes that can lead to security attacks should be closed and continually monitored to avoid the loss of relevant data and information within an organization. Misconfigured settings on software, password recycling, and vulnerabilities in software could all lead to a security breach. If an organization does not secure its networks, data, applications, and network, it could be at risk of being attacked. Criminals exploit the weaknesses of an organization to access its information. They exploit systems that might not be updated, thus stealing relevant information. In any organization, it should be ensured that only a few people are aware and can access the passwords because this will reduce the chances of being exposed to risks. If many people can access the server, there might be one who will expose the organization either willingly or unwillingly. The reason why Facebook cyber security agents took so long to realize that their account had been hacked was that many individuals within the organization could access the data, and therefore the chances of noticing were very high, thus increasing the risk (Reshmi., 2021).   

In conclusion, to avoid security breaches, one needs to keep on changing their passwords, back up the files regularly, use strong passwords, secure the computers and avoid leaking the information and passwords to the public. If all the loopholes within an organization are covered, information vulnerability is reduced. Reducing the vulnerability of data, passwords, and devices reduces the risks of being attacked by criminals. The Facebook security agents configured its security details again to minimize this issue because they were attacked because of misconfiguration. They made strong security passwords and backed up all the files hacked. The attack was so big and happened for a long time because they failed to check their servers and databases regularly. The risk within an institution can be managed by checking the security details, including the passwords and all other loopholes oftenly and managing them. Everyone within an organization has to be responsible for the organization’s security at all times (Tuttle., 2018).

References

Breier, J., & Branišová, J. (2017). A dynamic rule creation based anomaly detection method for     identifying security breaches in log records. Wireless Personal Communications, 94(3),     497-511.Choi, Y. B. (2021). 

Organizational Cyber Data Breach Analysis of Facebook, Equifax, and Uber     Cases. International Journal of Cyber Research and Education (IJCRE), 3(1), 58-64.Finnerty, K., Fullick, S., Motha, H., Shah, J. N., Button, M., & Wang, V. (2019). Cyber security     breaches survey 2019.Foecking, N., Wang, M., & Huynh, T. L. D. (2021). How do investors react to the data breaches     news? Empirical evidence from Facebook Inc. during the years 2016–2019. Technology     in Society, 67, 101717.Reshmi, T. R. (2021). 

Information security breaches due to ransomware attacks-a systematic     literature review. International Journal of Information Management Data Insights, 1(2),     100013.Tuttle, H. (2018). Facebook scandal raises data privacy concerns. Risk Management, 65(5), 6-9.

WE HAVE DONE THIS ASSIGNMENT BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER on Analysis of Recent Security Breaches Draft

Are You looking for Assignment and Homework Writing help? We Provide High-Quality Academic Papers at Affordable Rates. No Plagiarism.

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

The Impact of Climate Change on Food Security

WE HAVE DONE THIS ASSIGNMENT BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER on Indian Removal Act of 1830

Are You looking for Assignment and Homework Writing help? We Provide High-Quality Academic Papers at Affordable Rates. No Plagiarism.

TO BE RE-WRITTEN FROM THE SCRATCH

The Impact of Climate Change on Food Security
Overview
The United Nations (UN) has hired you as a consultant, and your task is to assess the impact that global warming is expected to have on population growth and the ability of societies in the developing world to ensure the adequate security of their food supplies.
Case Assessment
As the world’s population nears 10 billion by 2050, the effects of global warming are stripping some natural resources from the environment. As they diminish in number, developing countries will face mounting obstacles to improving the livelihoods of their citizens and stabilizing their access to enough food. The reason these governments are struggling even now is that our climate influences their economic health and the consequent diminishing living standards of their peoples. Climate changes are responsible for the current loss of biodiversity as well as the physical access to some critical farming regions. As such, these changes in global weather patterns diminish agricultural output and the distribution of food to local and international markets. These difficulties will become even more significant for these countries as the Earth’s climate changes for the worse. Temperatures are already increasing incrementally, and polar ice caps are melting, so the salient question is: what does this suggest for developing societies?
The issue before the developing world is not its lack of food, but rather how to gain access to food. Simply put, changes in our climate are affecting the global food chain, and hence, the living standards of entire populations. Added to this is the fact that food is not getting to where it is needed in time to prevent hunger or starvation. In many developing countries, shortages are due to governments’ control over distribution networks rather than an insufficient supply of food itself. In effect, these governments are weaponizing food by favoring certain ethnic or religious groups over others. When added to dramatic climate changes that we are experiencing even now, the future for billions of poor people looks increasingly dim.
Instructions
You are to write a minimum of a 5 page persuasive paper for the UN that addresses the following questions about the relationship between atmospheric weather patterns and food security in the developing world:
Climate change and global warming are often used interchangeably, but they are not the same phenomenon. What are the differences between the two concepts and what leads to the confusion between them?
In 1900, the average global temperature was about 13.7° Celsius (56.7° Fahrenheit) (Osborn, 2021), but as of 2020, the temperature has risen another 1.2°C to 14.9°C (58.9°F). According to the Earth and climate science community, if the Earth’s surface temperature rises another 2°C (3.6°F), we will suffer catastrophic weather patterns that, among other things, will raise sea levels, cause widespread droughts and wildfires, result in plant, insect, and animal extinctions, and reduce agricultural productivity throughout the world (Mastroianni, 2015 and Lindsey & Dahlman, 2020). How much credibility do you place in these projections? Why?
There is no question that the Earth’s food sources are threatened by changes in its weather patterns, but what specific challenges does climate change pose to the food security of people in the developing world?
There is currently a debate among some multinational lending agencies like the International Monetary Fund, UNICEF, and AID over the financial support for food security has been misused by recipient government officials. On the other hand, U.S. authorities insist that misuse of its assistance is not occurring because it has strict monitoring oversight in place. What is your position on this matter? Is there evidence that financial assistance to developing governments is being widely misused by government officials?
Guidelines
This course requires the use of Strayer Writing Standards (SWS). For assistance and information, please refer to the SWS link in the left-hand menu of your course and check with your professor for any additional instructions.
In order to earn full credit, your paper must be divided into at least four full pages of content (one page to address each of the four questions above), and include at least a one-half page introduction and a one-half page conclusion – making a minimum total of five full pages of text.
You must use at least seven credible sources (excluding Wikipedia, dictionaries, and encyclopedias) that are appropriate for the subjects under discussion.
You must use only double-spacing and not place extra spacing between paragraphs or section headings.
The specific course learning outcome associated with this assignment is as follows:
Evaluate the impacts that climate changes are having on the growth of global populations and the security of their food sources.
References
Liz Osborn. 2021. History of Changes in the Earth’s Temperature. https://www.currentresults.com/Environment-Facts/changes-in-earth-temperature.php
Brian Mastroianni. 2015. Why 2 degrees are so important. https://www.cbsnews.com/news/paris-un-climate-talks-why-2-degrees-are-so-important
Rebecca Lindsey and LuAnn Dahlman. 2020. Climate change global temperature. https://www.climate.gov/news-features/understanding-climate/climate-change-global-temperature

Categories
Writers Solution

Enhancing Cyber Security In Healthcare -With The Help Of Machine Learning

Topic is “Enhancing Cyber Security In Healthcare -With The Help Of Machine Learning”.

Research Questions:

How can we control the access to sensitive healthcare information and systems?

How to provide data security for affected healthcare data breaches?

How to enhance the cybersecurity in healthcare to overcome the cyber attacks ?

11.1 Mock Dissertation Chapter One Introduction

Overview: As you observed in the LIVE session, there is a connection between chapter three and chapter one. Therefore, as an extension of our week in the mock chapter three from last week, we will write a mock chapter one. For the sake of preparation, we will be using the required headings from the University of the Cumberlands Dissertation Handbook. Like we discuss in class, each university has unique parameters for what they expect in chapter one, so you may see papers from other universities that look slightly different. The importance here is to focus on the content, not necessarily the organization. This assignment will help determine your readiness to write a full-length chapter one.

Directions:

1. Review the rubric and examples to make sure that you understand what is expected of you in this assignment.

a. Chapter One Samples.pdf Chapter One Samples.pdf – Alternative Formats

b. Rubric for Chapter One.docx Rubric for Chapter One.docx – Alternative Formats

2. Develop a 3-4 page (more is fine) mock chapter one to include the following expectations from the university:

o Overview (1-2 well developed paragraphs)

o Background and problem statement (1-2 well developed paragraphs)

o Purpose of the study (1 well developed paragraph)

o Significance of the study (1 well developed paragraph)

o Research Questions (numbered list)

o Limitations of the Study (1 short paragraph)

o Assumptions (1 short paragraph)

o Definitions (list)

o Summary (1 well developed paragraph)

3. Turn in your “mock” chapter one to the submission box.

Sample to write

Chapter 1

Overview

Since the publication of the Reagan era education report,ANationatRisk,theUnited Stateshasfocusedattentiononeducation reform(United States, 1983). Thisreportused compelling languageto describeAmerica’s schoolsaslargely inadequate andunabletomeet globaldemandsoneducation, thereby leaving America’sfuturein jeopardy. Sincethattime schoolleadershaveembraced variouseducation reformmovements suchasNoChild LeftBehind and EveryStudentSucceedsAct(NoChild LeftBehind[NCLB],2002,Every StudentSucceeds Act[ESSA],2008). Each withtheir ownmeasuresofstandardizedtesting,academicachievement, and schoolperformance. Perhapsoverlooked istheimportanceofschoolclimateintheoverall schoolimprovementprocess. ClevelandandSink(2018)promotethenotion thatstudent perspectivesonschoolclimateshould beincluded inschoolimprovementplans. Otherresearches suchas Zahid (2014),suggestschoolclimateto bethenumberoneconsideration forstudent academicachievement.

Dutta &Sahney(2016)researched therelationship between schoolclimate andstudent achievementandsuggested apositivecorrelation. Schoolprincipalsaretheleadersoftheir building, shaping acompelling visionforthefuturewhilepromoting safety,academic achievement,andapositiveclimate. Depending ontheschools’size,theprincipal’sjob description may includecurriculum, discipline, community relations, andfiscalresponsibilities. Principals are required tobalance theexpectations ofstate, community, and districtleaders toproducethehighest possiblestandardized testing, personnel,and schoolclimateresults. Theseresponsibilitiesmake themoneofthemostinfluential schoolimprovement figures.

Backgroundandproblem statement

Leadership practicesutilized byprincipals arevitalto thequalityoftheir jobperformance.

Theinfluenceofaprincipalextendstotheperception ofallinternaland externalstakeholders. With increasing research tosuggestpositiveschoolclimatescould beaninfluentialcomponent of schoolimprovement, principals should consider theextenttowhichinternal stakeholderssuch as theteaching faculty perceive their influenceoverschoolclimate. Theextentto which principals can influenceschoolclimate inArkansas’ schoolsisunknown.

Purposeofthestudy

Thepurposeofthisquantitativecorrelational research wastoinvestigate if andtowhat extentprincipal leadership practicescorrelatewithschoolclimate asperceived byteachersinthein ruralandsuburbanschoolsinArkansas. Thisstudyinvestigatedthebivariatecorrelationbetween theteachers’perception oftheschoolprincipal’sleadershippracticesandthecorresponding school’sclimatescores. Twenty-fourschoolsareincluded inthesamplesizefromsixgeographic regionsofArkansas. Inall, 626teachersparticipated, answeringsurveysregarding their perspective of24schoolprincipalsandthe correspondingschoolclimates in Arkansas.The leadership practicesoftheprincipal andtheschoolclimate werethevariablesforthisstudy. Significanceofthestudy

Theextantresearch onschoolclimateincultureislimited. Principalsseeking toimprove their schoolsneed guidanceonhowto promotethebestpossibleenvironmentforpositivestudent outcomes. Promoting apositiveschoolclimatemay provebeneficialto increasing student academicachievement. Understanding theleadership practicesasperceived thatpromotea positiveschoolclimatewillbenefitprincipalsseeking toimprovetheir schools. Thisstudywill recommend leadership practicesthatmay promoteapositive schoolclimateforoverallschool

improvementinruralandsuburbanschoolsinArkansas.

ResearchQuestions

RQ1:To whatextentdoesthe overallindexofprincipal’s leadership practices correlatewith schoolclimate asperceived byhighschoolteachersin 24ruraland suburban schoolsin Arkansas?

LimitationsoftheStudy

Thescopeofthisstudymeasures theclimatesandleadership behaviorsof24schoolsand principals. Given thatschoolclimatescanchangerelativelyquickly andaresubjectto factors beyond theprincipals’ control, theresultsofthiscross-sectionalstudymay onlybe appropriatefor implementation forashorttime afterwards. Assumptions

Thisstudyassumesthattheinstruments usedwillaccurately portray leadership behaviors ofschoolprincipalsandproperly assessschoolclimates. Responsesreceivedfromteachersare believedtoaccurately reflecttheir supervising principalandaccurately measurethecorresponding schoolclimate. Definitions Principal.Thehead leadership position inaschool. Principalsmanagetheday-to-dayschool operationsaswellasmanage discipline, curriculum, andcommunity engagement. Schoolculture. Thecollectivebeliefsandnormsofaschool. Summary

Schoolclimatemaybethemissinglink ofpasteducationreforms. Principalshavethe abilitytoinfluencetheclimateoftheir respectiveschools. Researcheshavesuggested apositive correlation between schoolclimateandstudentachievement(Dutta&Sahney,2016). Providing schoolprincipals withbestpractices topromoteapositiveschoolclimatemay aideinoverall

schoolimprovementmeasures.

References

Cleveland,R. E.,&Sink,C. A. (2018). Studenthappiness,schoolclimate, and school improvementplans. ProfessionalSchoolCounseling, 21(1) doi:http://dx.doi.org/10.1177/2156759X18761898

Dutta, V. &Sahney,S. (2016),Schoolleadership and itsimpactonstudentachievement:The mediating roleofschoolclimateandteacher jobsatisfaction, InternationalJournalof EducationalManagement, 30(6),941-958. https://doi.org/10.1108/IJEM-12-2014-0170

Every StudentSucceedsActof2015,Pub. L. No. 114-95§114Stat. 1177(2015-2016).

NoChild LeftBehind(NCLB)Actof2001,Pub. L. No. 107-110,§101,Stat. 1425(2002).

United States. National CommissiononExcellenceinEducation. (1983). Anation atrisk:The imperativeforeducationalreform. Washington, D.C.:TheNational Commissionon Excellence inEducation.

Zahid, G. (2014). Directandindirectimpact ofperceived schoolclimateuponstudentoutcomes. AsianSocialScience, 10(8),90-102. http://dx.doi.org/10.5539/ass.v10n8p90

WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER on Enhancing Cyber Security In Healthcare -With The Help Of Machine Learning

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

SACR 4620. Advanced Seminar in Policing, Security, and Surveillance

This course explores theory and research about 21st Century developments in policing, security, and surveillance. Topics may cover intelligence-gathering, pre-crime, fusion centres, social media policing, body-worn cameras, artificial intelligence/predictive policing, and big data surveillance by public and private agencies. (Prerequisites: SACR 2600; 2620; SACR 3820 or SACR 3680 or SACR 3730; SACR 3910 or SACR 3080, and semester 7 or higher standing; or higher.)

WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER SACR 4620. Advanced Seminar in Policing, Security, and Surveillance

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

Begin thinking of mobile device security in a business situation

Topic

Begin thinking of mobile device security in a business situation. Select a fictional or real corporate or university environment that requires mobile access. Use the Q & A Forum to ask questions and discuss your ideas about the project.

Proposal

Course Project Proposal (one to two pages, 35 points). Remember to properly cite any external sources used.

The proposal should contain the following items.

  1. Cover page
  2. Subject of the Course Project
  3. Name of the company or organization
  4. Brief description of the company chosen
    • Value proposition of the company
    • Size of the workforce (students included if the company chosen is an academic institution) with respect to IT infrastructure needs
    • Overview of the different types of mobile networks available in the company
    • Overview of types of mobile devices and storage media used in the company
    • Identification of potential mobile security risks
  5. Audience to whom you are presenting the recommendation(s)
  6. References

Technical Report (four to five pages, 65 points). Remember to properly cite any external sources used. The technical report should contain the following items.

  1. Cover page
  2. Introduction
  3. Intentional versus unintentional mobility scenarios in the company
  4. Protection of data
  • Physical protection mechanisms
  • Logical protection mechanisms
  • Protecting heterogeneous information
  • Protecting data in motion
  • Data protection models
  • Using a device-centric or data-centric model for the case study; which one is better?
  • Encryption
  • Types of encryption employed by the company’s IT department
  • Defense or countermeasures
  • Auditing
  • Deterrent controls
  • Preventive controls
  • Portable computer controls
  • Smartphones and PDAs
  • E-mail protection
  • Conclusion
  • References

GET THE COMPLETED ASSIGNMENT

ASSIGNMENT COMPLETED AT CapitalEssayWriting.com

MAKE YOUR ORDER AND GET THE COMPLETED ORDER

CLICK HERE TO ORDER THIS PAPER AT CapitalEssayWriting.com ON  Begin thinking of mobile device security in a business situation

NO PLAGIARISM, Get impressive Grades in Your Academic Work

Categories
Writers Solution

Website Security Test Plan for Peapod Grocery Business

Course Project – Website Security Test Plan for Peapod Grocery Business

The CIO of the online grocery store has asked you to create a website security plan that will keep the information that they are entrusted with safe, secure and out of the news. For this assignment, please include the following:

  1. An executive summary.
  2. An introduction to the plan.
  3. A web security plan strategy (also include the security policy that you designed for module 03).
  4. Deliverables.
  5. Test cases.
  6. You will have at least 5 sources for this paper, with 2 being scholarly sources. Include in-text citations in your paper. Your sources need to be listed according to APA formatting guidelines on your reference page.
  7. Include an APA formatted title page.
  8. Plan should be a minimum of 6 pages.

*Grammar, spelling, and the layout of your essay on Website Security Test Plan for Peapod Grocery Business will also be taken into account when grading this assignment.

WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER about Website Security Test Plan for Peapod Grocery Business

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

Computer Security Technology Planning Study (Volume II)

MXS Cloud SDK

Multi-X Security

Software Development Kit

Multi-Level

Multi-Category

Multi-Nation

Maxus Cloud SDK, the Multi-X Security Software Development Kit Hello, and welcome to the Maxus cloud software development kit briefing. This briefing will cover the basics of the Maxus Cloud SDK. If you’d like to hear more information about what you’ve seen in this brief, please contact Major Kyle Stewart at kyle dot stewart dot 5 @ US dot AF dot mil. MXS, pronounced “maxus”, stands for Multi-X security. The maxus project objectives are to provide secure multi-level, multi-category, and multi-nation environments. Categories are the maxus term for what some might call a compartment, caveat, or program.

1

Historical Context

2

The major problems of the USAF stem from the fact that there is a growing requirement to provide shared use of computer systems containing information of different classification levels and need-to-know requirements in a user population not uniformly cleared or access-approved. …

Users are permitted and encouraged to directly program the system for their applications. It is in this latter kind of use of computers that the weakness of the technical foundation of current systems is most acutely felt.

Computer Security Technology Planning Study (Volume II)

October 1972

https://csrc.nist.rip/publications/history/ande72.pdf

2

Challenges & Solutions

MXS Reference Architecture

MXS Security Model

Challenges

Current commercial cloud infrastructure does not provide a multi-level / multi-category environment out-of-the-box; it must be provided by workload owner

It is difficult for vendors and mission owners to create multi-level / multi-category aware software

Unclear approach to data labeling impedes interoperability and complicates development of software solutions that function across the enterprise

Solution

Execute project that develops a standard security model, data model, reference architecture, and Software Development Kit (SDK)

Conduct prototyping in an unclassified cloud environment to demonstrate feasibility of using the MXS SDK to develop multi-level / multi-category software solutions

When successful, utilize the MXS SDK to address IT requirements related to enterprise software development

3

3

Enterprise View

4

4

System View

5

5

What is MXS Cloud SDK?

Increasing Technical Opinion

Documentation

Security Model

Data Model

Reference Architecture

Reference Implementation

Cost Model

Human-centric terms and definitions with concepts modeled in a well-defined visual language

Machine readable data formats for access control information and metadata aligned to security model

Organization of COTS/GOTS components into solution which supports security and data models

Executable form of reference architecture that runs inside government owned cloud environment

Provide cost predictions for reference implementation including licenses, compute, store, and network

Acquisition and developer centric documentation that covers requirements, use cases, testing, etc.

6

6

Business Processes

Multiple organizations participate and contribute via DI2E DevTools based on Atlassian tools (Confluence, JIRA, BitBucket) + Jenkins Milestones are 4-week planning periods (i.e., sprints) All work is drafted, approved, and tracked via JIRA tickets Clear “definition of done” with deliverable required for ticket approval Documentation (including this briefing) is all tracked and built from version control

7

7

Generic Security Model

8

8

Claims 0.1

{ “urn:us:gov:ic:uias:digitalIdentifier”: “CN=Lastname Firstname Middle personId, OU=PE, OU=DoD, OU=DoD, O=U.S. Government, C=US”, “sub”: “7fbdecb9-7b1c-4663-bf7e-3e70b57f681e”, “urn:us:gov:ic:uias:aICP”: false, “urn:us:gov:ic:uias:dutyOrganization”: “ABMC”, “urn:us:gov:ic:uias:dutyOrganizationUnit”: “CIO:APPS:EASPO”, “urn:us:gov:ic:uias:entityType”: “CTR”, “email_verified”: false, “iss”: “http://localhost:8080/auth/realms/hello-world”, “preferred_username”: “Firstname.Lastname”, “urn:us:gov:ic:uias:clearance”: [“TS”, “S”, “C”, “U”], “aud”: “siteapp”, “urn:us:gov:ic:uias:countryOfAffiliation”: [“USA”], “urn:us:gov:ic:uias:adminOrganization”: “ABMC”, “urn:us:gov:ic:uias:entitySecurityMark”: “U”, “urn:us:gov:ic:uias:auditRoutingOrganization”: “Routing Org”, “urn:us:gov:ic:uias:authorityCategory”: “ICD503”, “urn:us:gov:ic:uias:group”: [“my-group”, “my-group-two”, “your-group”], “urn:us:gov:ic:uias:region”: [“EMEA”], “urn:us:gov:ic:uias:role”: [“DoD-MXS-Admin”, “NATO-Liason”], “urn:us:gov:ic:uias:topic”: [“HLTH”], “urn:us:gov:ic:uias:certificateAuthority”: “DoDPKI”, “urn:us:gov:ic:uias:originatingNetwork”: “NET1″, “email”: “Firstname.Lastname@world.com”, “urn:us:gov:dod:contractorOrg”: “ACME Inc.”, “urn:us:gov:dod:contractorOrgId”: “91749”, “urn:us:gov:dod:authorizationSet”: { “XMS”: { “M”: { “CAT1″: [“ABC:1234″] }, “H”: { “CAT1″: [“APPLES”], “CAT2″: [“DEF:9876″], “CAT3″: [“BANANAS”], } } } }

Claims are represented by Open ID Connect JSON Web Token (JWT)

Design is split into “heavy” JWT (backend authorization) and “light” JWT (held by client)

Leverages semantics from IC UIAS standard as well as from OSD SAP CIO

Format depicted here includes explicit, long namespaces to make it clear the origin of the semantic

All labels and markings are notional and for illustrative purposes only.

9

Clearance Owner:->“XMS”: { Level:—>“M”: { Category Type:——->“CAT1″: Categories:—————>[“ABC:1234″]

9

Information Security Marking

Multi-Level Markings (MLM) occur when there is a mixture of classification levels and categories portion marked within a document

Standards like ISM potentially can misrepresent the aggregate precisely, resulting in over classification at the root level

MXS is working with OSD SAP CIO and Common Metadata Standards Tiger Team (CMSTT) on possible implementation strategies and policies

10

All labels and markings are notional and for illustrative purposes only.

10

Label 0.1

Derived from ISM semantics including JSON-LD distributed controlled value enumeration files

Added additional structure in key areas of concern to address challenges with mixed classification level, categories, coalition data, and developer ergonomics

Works together with MXS Claims JWT

Designed to accept, produce compliant ISM labeled data

Stepping-stone to next-generation labeled infrastructure based on OPA/REGO

Moving the label to application-level protocols (like HTTP) that leverage JSON makes the shared data model more easily exchanged and validated

Better aligned with modern development techniques and knowledge base in industry

{ “classification”: { “XMS”: “H” }, “categories”: { “XMS”: { “M”: { “CAT1″: [“ABC:1234″] }, “H”: { “CAT1″: [“APPLES”], “CAT2″: [“DEF:9876″], “CAT3″: [“BANANAS”], } } }, “disseminationControls”: [“REL”, “DISPLAYONLY”], “ownerProducer”: [“XMS”], “geoPolitical”: { “FGIsourceOpen”: [“AUS”, “CAN”, “GBR”], “FGIsourceProtected”: [“FGI”], “releasableTo”: [“USA”, “AUS”, “CAN”, “GBR”], “displayOnlyTo”: [“ABW”], “joint”: true },

“classDeclass”: { “derivativelyClassifiedBy”: “MXS Developer mxs@dod.gov”, “derivedFrom”: “Pursuant to SCG ABC version 1.2 dtd 01/01/2020”, “declassDate”: “2070-02-18”, “declassEvent”: null, “declassException”: [“AEA”], “classifiedBy”: null, “classificationReason”: null }, “metadata”: { “DESVersion”: “201903.201909”, “ISMCATCESVersion”: “201909”, “resourceElement”: null, “compliesWith”: “USGov”, “createDate”: “2021-02-19”, “exemptFrom”: “IC_710_MANDATORY_FDR”, “noAggregation”: “false”, “externalNotice”: null, “noticeType”: “DoD-Dist-X”, “noticeDate”: “2021-02-18”, “noticeReason”: “Contains CUI DCRIT”, “unregisteredNoticeType”: null, “pocType”: “ICD-710”, “hasApproximateMarkings”: null, “compilationReason”: “Language”, “excludeFromRollup”: null } }

11

All labels and markings are notional and for illustrative purposes only.

11

Access Control

MXS implements an attribute-based access control (ABAC) model that in turn needs to support mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC) Data model focuses on modern production environments like the service meshes in a Kubernetes environment, deploying “sidecars” via COTS tools like Grey Matter Leverages open tools like Open Policy Agent, and the REGO policy language to express and enforce access control policies Combines the claims and labeling standardization in JSON to create a zero-trust architecture with rigid enforcement throughout the mesh

package mxs default allow = false allow { # has_necessary_attributes sufficient_clearance all_categories } # Ensure that the user has sufficient clearance to view the marking on # the document. sufficient_clearance { # UIAS data has an array of clearances, not the highest clearance doc_classification_num := input.label._classification._classId clearance_number[user_clearances[_]] >= doc_classification_num } …

https://docs.greymatter.io/use-cases/zero-trust
https://www.openpolicyagent.org/docs/latest/

12

12

Towards 1.0 – MXS ABAC Data Model

Top-down design after gathering taxonomy of existing data semantics from IC and SAP communities

Core specification that deals with the attributes required for access control to support MAC, DAC, and RBAC

Priorities / Trade-offs

Keep data going over the WAN small

Keep data structures as normalized and regular as possible

Follow principle of least surprise

Interoperability with legacy formats

Leverages JSON based JavaScript Object Signing and Encryption (JOSE), JSON Web Tokens (JWT), and SPIFFE for security and certificate management

Future expansion to binary formats like Concise Binary Object Representation (CBOR), or other formats like XML

13

13

Three Tier Architecture

https://en.wikipedia.org/wiki/Multitier_architecture

14

14

Reference Architecture

Government owned architecture with focus on use of commercial products and standards

Example open / commercial products:

Example open / commercial standards:

Initial focus is on single-level, multi-category; aligns with cloud architecture

Hooks to facilitate cloud hosted or on-premise cross domain solution

Compatible with MLS data stores and services

Managed, labeled data management and application hosting environment designed to integrate well with K8s DevSecOps pipelines like Platform One

JSON

Schema

System for Cross-domain

Identity Management

15

15

Reference Implementation

Automation Stack

(*) Will support full DevSecOps lifecycle of hosted applications (via GitOps) and service mesh

Used to automate deployment of packages on K8s

Used for orchestration of executable capability

Used to configure the baseline and deploy K8s

Used to create, manage, and destroy baseline infrastructure

Prototype / Experimentation

Hosted in Cloud One Development (C1D) on top of Amazon Web Services (AWS) Used for COTS evaluation, prototype, experimentation, and scalability testing Leverages full C1D guard-railed environment to support potential future expansion to C1 production

Development

U-FEN is primary development environment Minimizes delta to other *-FEN targets Allows connectivity to unclassified identity store to enable ICAM solution Already aligned with Platform One as DevSecOps environment

16

16

Next Steps

Integration with Platform One Integration with Grey Matter Automated Security Analysis

MITRE Caldera for automated pen testing framework

MITRE SAF (Heimdall) for automated compliance monitoring

Deployment to U-FEN Government Functional Testing Groundwork for Operational Pilots

MITRE Security Automation Framework (https://saf.mitre.org

MITRE Caldera (https://github.com/mitre/caldera)

MITRE Heimdall (https://github.com/mitre/Heimdall)

17

17

MXS Roadmap

MXS Cloud SDK FY21 Deliverables

Security Model / Data Model

Reference Architecture

Unclassified Prototype Cloud Implementation

Legacy Integration Guidance

Cost Model

Fences Integration

FY20

FY21

FY22

FY23+

Prototype • GTRI as Prime ⁃ 2371B OTA via AFRL ⁃ 9-month POP • Cloud One Dev / U-Fences + Platform One • Early involvement from AO and test communities • Demo Days June / Oct 2021

Transition & Mature • MXS Data Labeling Standard 1.0 (NIEM / CMSTT) • Upstream to Platform One (Iron Bank / Big Bang) • Enterprise ICAM Pilot • Operational Pilots

Enterprise Software Factory • Sustained Capability Development ⁃ Leverage DevSecOps ⁃ Built on Platform One ⁃ MXS SDK (Cloud / Edge) • Production Cloud Environments ⁃ Cloud One (IL5, IL6) ⁃ *-FEN ⁃ C2S

Impact • Empowers customers with DevSecOps as-a-Service • Lowers bar for third party developers to create multi-level, multi-category, multi-nation aware applications in the cloud or on premise • Government owned architectures supported with COTS products

18

18

MXS SDK Future Architecture

Baked-in resiliency to denied, disrupted, intermittent, and limited environments Takes advantage of strengths of both cloud and on-premise data centers Builds upon the use of commercial and government standards


WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

Multi-X Security Software Development Kit Hello

TO BE RE-WRITTEN FROM THE SCRATCH