Categories
Writers Solution

Computer Security Technology Planning Study (Volume II)

MXS Cloud SDK

Multi-X Security

Software Development Kit

Multi-Level

Multi-Category

Multi-Nation

Maxus Cloud SDK, the Multi-X Security Software Development Kit Hello, and welcome to the Maxus cloud software development kit briefing. This briefing will cover the basics of the Maxus Cloud SDK. If you’d like to hear more information about what you’ve seen in this brief, please contact Major Kyle Stewart at kyle dot stewart dot 5 @ US dot AF dot mil. MXS, pronounced “maxus”, stands for Multi-X security. The maxus project objectives are to provide secure multi-level, multi-category, and multi-nation environments. Categories are the maxus term for what some might call a compartment, caveat, or program.

1

Historical Context

2

The major problems of the USAF stem from the fact that there is a growing requirement to provide shared use of computer systems containing information of different classification levels and need-to-know requirements in a user population not uniformly cleared or access-approved. …

Users are permitted and encouraged to directly program the system for their applications. It is in this latter kind of use of computers that the weakness of the technical foundation of current systems is most acutely felt.

Computer Security Technology Planning Study (Volume II)

October 1972

https://csrc.nist.rip/publications/history/ande72.pdf

2

Challenges & Solutions

MXS Reference Architecture

MXS Security Model

Challenges

Current commercial cloud infrastructure does not provide a multi-level / multi-category environment out-of-the-box; it must be provided by workload owner

It is difficult for vendors and mission owners to create multi-level / multi-category aware software

Unclear approach to data labeling impedes interoperability and complicates development of software solutions that function across the enterprise

Solution

Execute project that develops a standard security model, data model, reference architecture, and Software Development Kit (SDK)

Conduct prototyping in an unclassified cloud environment to demonstrate feasibility of using the MXS SDK to develop multi-level / multi-category software solutions

When successful, utilize the MXS SDK to address IT requirements related to enterprise software development

3

3

Enterprise View

4

4

System View

5

5

What is MXS Cloud SDK?

Increasing Technical Opinion

Documentation

Security Model

Data Model

Reference Architecture

Reference Implementation

Cost Model

Human-centric terms and definitions with concepts modeled in a well-defined visual language

Machine readable data formats for access control information and metadata aligned to security model

Organization of COTS/GOTS components into solution which supports security and data models

Executable form of reference architecture that runs inside government owned cloud environment

Provide cost predictions for reference implementation including licenses, compute, store, and network

Acquisition and developer centric documentation that covers requirements, use cases, testing, etc.

6

6

Business Processes

Multiple organizations participate and contribute via DI2E DevTools based on Atlassian tools (Confluence, JIRA, BitBucket) + Jenkins Milestones are 4-week planning periods (i.e., sprints) All work is drafted, approved, and tracked via JIRA tickets Clear “definition of done” with deliverable required for ticket approval Documentation (including this briefing) is all tracked and built from version control

7

7

Generic Security Model

8

8

Claims 0.1

{ “urn:us:gov:ic:uias:digitalIdentifier”: “CN=Lastname Firstname Middle personId, OU=PE, OU=DoD, OU=DoD, O=U.S. Government, C=US”, “sub”: “7fbdecb9-7b1c-4663-bf7e-3e70b57f681e”, “urn:us:gov:ic:uias:aICP”: false, “urn:us:gov:ic:uias:dutyOrganization”: “ABMC”, “urn:us:gov:ic:uias:dutyOrganizationUnit”: “CIO:APPS:EASPO”, “urn:us:gov:ic:uias:entityType”: “CTR”, “email_verified”: false, “iss”: “http://localhost:8080/auth/realms/hello-world”, “preferred_username”: “Firstname.Lastname”, “urn:us:gov:ic:uias:clearance”: [“TS”, “S”, “C”, “U”], “aud”: “siteapp”, “urn:us:gov:ic:uias:countryOfAffiliation”: [“USA”], “urn:us:gov:ic:uias:adminOrganization”: “ABMC”, “urn:us:gov:ic:uias:entitySecurityMark”: “U”, “urn:us:gov:ic:uias:auditRoutingOrganization”: “Routing Org”, “urn:us:gov:ic:uias:authorityCategory”: “ICD503”, “urn:us:gov:ic:uias:group”: [“my-group”, “my-group-two”, “your-group”], “urn:us:gov:ic:uias:region”: [“EMEA”], “urn:us:gov:ic:uias:role”: [“DoD-MXS-Admin”, “NATO-Liason”], “urn:us:gov:ic:uias:topic”: [“HLTH”], “urn:us:gov:ic:uias:certificateAuthority”: “DoDPKI”, “urn:us:gov:ic:uias:originatingNetwork”: “NET1″, “email”: “Firstname.Lastname@world.com”, “urn:us:gov:dod:contractorOrg”: “ACME Inc.”, “urn:us:gov:dod:contractorOrgId”: “91749”, “urn:us:gov:dod:authorizationSet”: { “XMS”: { “M”: { “CAT1″: [“ABC:1234″] }, “H”: { “CAT1″: [“APPLES”], “CAT2″: [“DEF:9876″], “CAT3″: [“BANANAS”], } } } }

Claims are represented by Open ID Connect JSON Web Token (JWT)

Design is split into “heavy” JWT (backend authorization) and “light” JWT (held by client)

Leverages semantics from IC UIAS standard as well as from OSD SAP CIO

Format depicted here includes explicit, long namespaces to make it clear the origin of the semantic

All labels and markings are notional and for illustrative purposes only.

9

Clearance Owner:->“XMS”: { Level:—>“M”: { Category Type:——->“CAT1″: Categories:—————>[“ABC:1234″]

9

Information Security Marking

Multi-Level Markings (MLM) occur when there is a mixture of classification levels and categories portion marked within a document

Standards like ISM potentially can misrepresent the aggregate precisely, resulting in over classification at the root level

MXS is working with OSD SAP CIO and Common Metadata Standards Tiger Team (CMSTT) on possible implementation strategies and policies

10

All labels and markings are notional and for illustrative purposes only.

10

Label 0.1

Derived from ISM semantics including JSON-LD distributed controlled value enumeration files

Added additional structure in key areas of concern to address challenges with mixed classification level, categories, coalition data, and developer ergonomics

Works together with MXS Claims JWT

Designed to accept, produce compliant ISM labeled data

Stepping-stone to next-generation labeled infrastructure based on OPA/REGO

Moving the label to application-level protocols (like HTTP) that leverage JSON makes the shared data model more easily exchanged and validated

Better aligned with modern development techniques and knowledge base in industry

{ “classification”: { “XMS”: “H” }, “categories”: { “XMS”: { “M”: { “CAT1″: [“ABC:1234″] }, “H”: { “CAT1″: [“APPLES”], “CAT2″: [“DEF:9876″], “CAT3″: [“BANANAS”], } } }, “disseminationControls”: [“REL”, “DISPLAYONLY”], “ownerProducer”: [“XMS”], “geoPolitical”: { “FGIsourceOpen”: [“AUS”, “CAN”, “GBR”], “FGIsourceProtected”: [“FGI”], “releasableTo”: [“USA”, “AUS”, “CAN”, “GBR”], “displayOnlyTo”: [“ABW”], “joint”: true },

“classDeclass”: { “derivativelyClassifiedBy”: “MXS Developer mxs@dod.gov”, “derivedFrom”: “Pursuant to SCG ABC version 1.2 dtd 01/01/2020”, “declassDate”: “2070-02-18”, “declassEvent”: null, “declassException”: [“AEA”], “classifiedBy”: null, “classificationReason”: null }, “metadata”: { “DESVersion”: “201903.201909”, “ISMCATCESVersion”: “201909”, “resourceElement”: null, “compliesWith”: “USGov”, “createDate”: “2021-02-19”, “exemptFrom”: “IC_710_MANDATORY_FDR”, “noAggregation”: “false”, “externalNotice”: null, “noticeType”: “DoD-Dist-X”, “noticeDate”: “2021-02-18”, “noticeReason”: “Contains CUI DCRIT”, “unregisteredNoticeType”: null, “pocType”: “ICD-710”, “hasApproximateMarkings”: null, “compilationReason”: “Language”, “excludeFromRollup”: null } }

11

All labels and markings are notional and for illustrative purposes only.

11

Access Control

MXS implements an attribute-based access control (ABAC) model that in turn needs to support mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC) Data model focuses on modern production environments like the service meshes in a Kubernetes environment, deploying “sidecars” via COTS tools like Grey Matter Leverages open tools like Open Policy Agent, and the REGO policy language to express and enforce access control policies Combines the claims and labeling standardization in JSON to create a zero-trust architecture with rigid enforcement throughout the mesh

package mxs default allow = false allow { # has_necessary_attributes sufficient_clearance all_categories } # Ensure that the user has sufficient clearance to view the marking on # the document. sufficient_clearance { # UIAS data has an array of clearances, not the highest clearance doc_classification_num := input.label._classification._classId clearance_number[user_clearances[_]] >= doc_classification_num } …

https://docs.greymatter.io/use-cases/zero-trust
https://www.openpolicyagent.org/docs/latest/

12

12

Towards 1.0 – MXS ABAC Data Model

Top-down design after gathering taxonomy of existing data semantics from IC and SAP communities

Core specification that deals with the attributes required for access control to support MAC, DAC, and RBAC

Priorities / Trade-offs

Keep data going over the WAN small

Keep data structures as normalized and regular as possible

Follow principle of least surprise

Interoperability with legacy formats

Leverages JSON based JavaScript Object Signing and Encryption (JOSE), JSON Web Tokens (JWT), and SPIFFE for security and certificate management

Future expansion to binary formats like Concise Binary Object Representation (CBOR), or other formats like XML

13

13

Three Tier Architecture

https://en.wikipedia.org/wiki/Multitier_architecture

14

14

Reference Architecture

Government owned architecture with focus on use of commercial products and standards

Example open / commercial products:

Example open / commercial standards:

Initial focus is on single-level, multi-category; aligns with cloud architecture

Hooks to facilitate cloud hosted or on-premise cross domain solution

Compatible with MLS data stores and services

Managed, labeled data management and application hosting environment designed to integrate well with K8s DevSecOps pipelines like Platform One

JSON

Schema

System for Cross-domain

Identity Management

15

15

Reference Implementation

Automation Stack

(*) Will support full DevSecOps lifecycle of hosted applications (via GitOps) and service mesh

Used to automate deployment of packages on K8s

Used for orchestration of executable capability

Used to configure the baseline and deploy K8s

Used to create, manage, and destroy baseline infrastructure

Prototype / Experimentation

Hosted in Cloud One Development (C1D) on top of Amazon Web Services (AWS) Used for COTS evaluation, prototype, experimentation, and scalability testing Leverages full C1D guard-railed environment to support potential future expansion to C1 production

Development

U-FEN is primary development environment Minimizes delta to other *-FEN targets Allows connectivity to unclassified identity store to enable ICAM solution Already aligned with Platform One as DevSecOps environment

16

16

Next Steps

Integration with Platform One Integration with Grey Matter Automated Security Analysis

MITRE Caldera for automated pen testing framework

MITRE SAF (Heimdall) for automated compliance monitoring

Deployment to U-FEN Government Functional Testing Groundwork for Operational Pilots

MITRE Security Automation Framework (https://saf.mitre.org

MITRE Caldera (https://github.com/mitre/caldera)

MITRE Heimdall (https://github.com/mitre/Heimdall)

17

17

MXS Roadmap

MXS Cloud SDK FY21 Deliverables

Security Model / Data Model

Reference Architecture

Unclassified Prototype Cloud Implementation

Legacy Integration Guidance

Cost Model

Fences Integration

FY20

FY21

FY22

FY23+

Prototype • GTRI as Prime ⁃ 2371B OTA via AFRL ⁃ 9-month POP • Cloud One Dev / U-Fences + Platform One • Early involvement from AO and test communities • Demo Days June / Oct 2021

Transition & Mature • MXS Data Labeling Standard 1.0 (NIEM / CMSTT) • Upstream to Platform One (Iron Bank / Big Bang) • Enterprise ICAM Pilot • Operational Pilots

Enterprise Software Factory • Sustained Capability Development ⁃ Leverage DevSecOps ⁃ Built on Platform One ⁃ MXS SDK (Cloud / Edge) • Production Cloud Environments ⁃ Cloud One (IL5, IL6) ⁃ *-FEN ⁃ C2S

Impact • Empowers customers with DevSecOps as-a-Service • Lowers bar for third party developers to create multi-level, multi-category, multi-nation aware applications in the cloud or on premise • Government owned architectures supported with COTS products

18

18

MXS SDK Future Architecture

Baked-in resiliency to denied, disrupted, intermittent, and limited environments Takes advantage of strengths of both cloud and on-premise data centers Builds upon the use of commercial and government standards


WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

Multi-X Security Software Development Kit Hello

TO BE RE-WRITTEN FROM THE SCRATCH

Categories
Writers Solution

Using the Malthusian model, explain why a one-off improvement in technology does not increase living standards in the long-run

 two paragraphs each

1.Using the Malthusian model, explain why a one-off improvement in technology does not increase living standards in the long-run.

2. how do the law of one price and studies of market integration shed light on the causes of the Great Divergence

3. Explain the relationship between the EMP and the development of labor markets according to De Moor and Van Zanden.

bottow below ( 800 words each) choose one — whichever easier

4. What is the Great Divergence debate about?  What do the various sides in this debate agree and disagree about? What does the latest empirical evidence suggest about the timing of the Great Divergence?

5.What is Smithian economic growth? Provide some examples of societies that experienced Smithian economic growth. Discuss why these episodes did not give rise to sustained economic growth

WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

GET SOLUTION FOR THIS ASSIGNMENT

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers- Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Delivery– primewritersbay.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction- Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Confidential- It’s secure to place an order at primewritersbay.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts- Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy Please Note-You have come to the most reliable academic writing site that will sort all assignments that that you could be having. We write essays, research papers, term papers, research proposals Using the Malthusian model, explain why a one-off improvement in technology does not increase living standards in the long-run

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG
Categories
Writers Solution

A large Information Technology company is currently undergoing planning to develop a research innovation lab.

A large Information Technology company is currently undergoing planning to develop a research innovation lab. This lab will bring in industry, government, and academic leaders from across the world to develop transformative products and solutions. This lab will be on-site at the IT Company, and the internal IT department has been placed in charge of outlining an information technology architecture and then implementing an information technology infrastructure for the space.As we move forward in our thinking, security is a major concern. As this facility is on-site, it potentially increases our risk tremendously, as now we have several untrusted individuals from a variety of domestic and international organizations potentially having access to our physical and digital assets. Our leadership has indicated that we must mitigate this risk as much as possible, but still have a fully functioning lab where individuals have the tools and capabilities they need and do not feel restricted in their creativity or in a way that would diminish the vision for the lab.The CIO is very concerned about supporting this lab, as our team will need to provide access and support to users on systems, provide network connectivity, provide access to storage, and various other requests that will be part of individual innovation projects, and we do not want to put other business systems or services at risk.Your assignment as the new security leader is to:

  1. Design a strategy and architecture that will allow the goals of our leadership to be reached in building the lab, while mitigating risk to the remainder of the facility.
  2. Develop an IT plan for the lab that could be presented to leadership for approval.
  3. Consider possible threats posed by the launching of the innovation lab, possible vulnerabilities to the lab and the core business, the type of policies we need to consider (both for the lab, and amendments to current organizational policies), what type, what mechanisms we might think about to meet the policy requirements, and assurance we can provide that the mechanisms will be effective in meeting requirements. Also, please consider how we should respond to an incident in the lab, and what we should have in place to mitigate the impact to the overall business.
  4. Describe any other considerations you think relevant, and make any assumptions necessary (though please be ready to explain these). Please do not consider financial considerations at this time. Submit any questions about the project or innovation lab requirements through the discussion board.

Your paper should be between 6-10 pages in length (excluding reference and title pages and any graphic representations you choose to include) supported through your research by citing a minimum of 2 credible and/or scholarly resources formatted according to APA style,  and employing  standard size fonts and margins for APA guidelines

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

GET SOLUTION FOR THIS ASSIGNMENT

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers- Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Deliveryprimewritersbay.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction- Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Confidential- It’s secure to place an order at primewritersbay.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts- Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy Please Note-You have come to the most reliable academic writing site that will sort all assignments that that you could be having. We write essays, research papers, term papers, research proposals A large Information Technology company is currently undergoing planning to develop a research innovation lab.

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG
Categories
Writers Solution

A large Information Technology company is currently undergoing planning to develop a research innovation lab

A large Information Technology company is currently undergoing planning to develop a research innovation lab. This lab will bring in industry, government, and academic leaders from across the world to develop transformative products and solutions. This lab will be on-site at the IT Company, and the internal IT department has been placed in charge of outlining an information technology architecture and then implementing an information technology infrastructure for the space.As we move forward in our thinking, security is a major concern. As this facility is on-site, it potentially increases our risk tremendously, as now we have several untrusted individuals from a variety of domestic and international organizations potentially having access to our physical and digital assets. Our leadership has indicated that we must mitigate this risk as much as possible, but still have a fully functioning lab where individuals have the tools and capabilities they need and do not feel restricted in their creativity or in a way that would diminish the vision for the lab.The CIO is very concerned about supporting this lab, as our team will need to provide access and support to users on systems, provide network connectivity, provide access to storage, and various other requests that will be part of individual innovation projects, and we do not want to put other business systems or services at risk.Your assignment as the new security leader is to:

  1. Design a strategy and architecture that will allow the goals of our leadership to be reached in building the lab, while mitigating risk to the remainder of the facility.
  2. Develop an IT plan for the lab that could be presented to leadership for approval.
  3. Consider possible threats posed by the launching of the innovation lab, possible vulnerabilities to the lab and the core business, the type of policies we need to consider (both for the lab, and amendments to current organizational policies), what type, what mechanisms we might think about to meet the policy requirements, and assurance we can provide that the mechanisms will be effective in meeting requirements. Also, please consider how we should respond to an incident in the lab, and what we should have in place to mitigate the impact to the overall business.
  4. Describe any other considerations you think relevant, and make any assumptions necessary (though please be ready to explain these). Please do not consider financial considerations at this time. Submit any questions about the project or innovation lab requirements through the discussion board.

Your paper should be between 6-10 pages in length (excluding reference and title pages and any graphic representations you choose to include) supported through your research by citing a minimum of 2 credible and/or scholarly resources formatted according to APA style,  and employing  standard size fonts and margins for APA guidelines

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

GET SOLUTION FOR THIS ASSIGNMENT

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers- Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Deliveryprimewritersbay.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction- Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Confidential- It’s secure to place an order at primewritersbay.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts- Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy Please Note-You have come to the most reliable academic writing site that will sort all assignments that that you could be having. We write essays, research papers, term papers, research proposals A large Information Technology company is currently undergoing planning to develop a research innovation lab

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG
Categories
Writers Solution

Blockchain Technology can address a significant challenge within Finance industry

Present a business use case where Blockchain Technology can address a significant challenge within Finance industry.

PPT Overview:

  • A overview of the Finance industry
  • Key industry players in the industry
  • What are three to five major business problems in the industry today?
  • Select ONE of these problems that can be solved using blockchain technology? (This is the overview to the use case)
  • What are five ways ways the problem can be solved using blockchain technology? (This is the details to the use case)
  • Who will the blockchain innovation impact in the organization? 
    • You must explain – the what, how, why for each. 
  • What is the cost associated with the innovation?
  • What do you foresee the outcome to be should the organization implement the blockchain technology innovation?
  • Are  there any technical challenges/roadblocks that the organization should  be aware of that may prevent a successful implementation?
  • Provide a clear and convincing closing to why this solution is the best way forward for the organization. 

 PPT Overview 2: 

  • Create a 10-12 slide PowerPoint presentation 
  • Keep your content focused! Simple, concise facts on the presentation. (Content presentation counts for 50% of your total grade)

     The presentation must be attractive and business savvy. (This will count for 20% of your grade). 

  • Make sure you present your content without any spelling or grammatical errors. Also cite where appropriate (20% of your grade)

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

GET SOLUTION FOR THIS ASSIGNMENT

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers- Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Deliveryprimewritersbay.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction- Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Confidential- It’s secure to place an order at primewritersbay.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts- Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy Please Note-You have come to the most reliable academic writing site that will sort all assignments that that you could be having. We write essays, research papers, term papers, research proposals. Blockchain Technology can address a significant challenge within Finance industry

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG  
Categories
Writers Solution

Identity theft is becoming more common as technology continues to advance exponentially

Project 2: Identity Theft ResponseStart Here

Transcript

Identity Theft Response

Identity theft is becoming more common as technology continues to advance exponentially. Mobile devices, applications, and email make it more convenient for individuals to access records and financial accounts, but also increase the risk of identity theft.

As the CISO, you will be drafting an incident response plan to address identity theft for your financial organization.

Identity Theft Response is the second of four sequential projects in this course. The final plan will be about 10-12 pages in length. There are 16 steps in this project and it should take about 14 days to complete. Begin with Step 1, where you will identify types of cyberattacks in which personally identifiable information could be vulnerable.

Competencies

Your work will be evaluated using the competencies listed below.

·         1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.

·         2.2: Locate and access sufficient information to investigate the issue or problem.

·         8.4: Design an enterprise cybersecurity incident response plan.

Project 2: Identity Theft ResponseStep 1: Identify Potential PII Attacks

Since this project will require an enterprise cybersecurity incident response plan with considerations specifically to identity theft, types of attacks must be identified. In a table or spreadsheet, identify the types of attacks that could result in denial of access to or theft of PII (personally identifiable information). Consider both internal and external incidents and those associated with employees and/or customers. Submit your list of potential PII attacks for feedback from your CIO (course instructor).

Submission for Project 2: Potential PII Cyber Incident List

Previous submissions

0

Top of Form

Drop files here, or click below.

Add Files

Bottom of Form

You will build upon this list of identified attacks throughout this project to form your Incident Response Plan. In the next step, industry-specific standards related to these types of attacks will be addressed.

Step 2: Align Industry-Specific Standards

Now that you have identified potential attacks in the previous step, you should research and identify state or federal government standards established for the protection of PII (where they exist) as well as industry codes. Keep in mind that while you are concerned in particular about standards that govern the financial industry, there are different standards specific to other industries. As a CISO, you need to be aware that regulations can vary—for example, standards are different in the health care field.

Add an additional column to the prepared list of potential types of PII attacks from the previous step. In this second column, note what standards might be required when addressing each incident type. You should align government-mandated and sector-voluntary standards to the PII attacks identified.

Refer to the provided industry-specific regulations for additional background on existing regulations. As you consider standards for your organization, continue building upon this table in the next step.

Step 3: Exceed Policy Standards to Fulfill Company Demands

In the previous step, you identified the policy standards for relevant PII attacks. In this step, address any types of attacks that were not aligned in the previous step or those in which given standards are considered inadequate by senior leadership. As CISO, you are aware of your organization’s expectations to guarantee the highest level of security for the organization and individuals in regards to theft of PII (personally identifiable information).

To complete this phase of the project, you will add an additional one to two columns to include upgraded or superior solutions on items considered to still be vulnerable. The alternatives that you add should reflect your organizational demands, initiatives, and vision. You will assess and prioritize this list of solutions in the next step.

Step 4: Assess Alternatives

Now that you have created a list of alternative solutions, assess your recommendations and prioritize them in a final column. Prioritize each alternative by placing a number “1” next to the first priority, a number “2” next to the second, and so on.

To the right of the prioritized solutions, in a sentence or two, state why you selected that alternative in that particular position. Submit the updated PII Solution Alternatives Table for feedback.

Submission for Project 2: PII Solution Alternatives Table

Previous submissions

0

Top of Form

Drop files here, or click below.

Add Files

Bottom of Form

This table will be used as an appendix in your final Incident Response Plan. In the next step, you will begin to develop a strategy for breach management.

Step 5: Complete the Executing the Response to a Cyberattack eLearning Module

So far, you have identified potential PII attacks and developed a set of PII solution and prevention alternatives. Before outlining a strategy for breach management, review Executing the Response to a Cyberattack. A response to cyberattack typically includes prevention measures, which you have already considered, but it also includes defense, detection, recovery, and response concerns. These areas should be developed with business considerations and subject to the advice of company leaders.

Now that you have become more familiar with an overview of how to execute a response to a cyberattack, proceed to the next step to outline a breach management strategy.

Step 6: Outline Breach Management Strategy

The next several steps will fit the alternatives into a breach management strategy. Strategic thinking can be challenging in a project environment. A “project” is work- and task-oriented, and it includes specific deliverables produced within a defined timeframe. Such projects have a limited budget and are developed to exact specifications. This project’s charter is to present a strategic view of responding to a potential breach in the area of the system containing PII.

This section of the planning should explore areas other than cyber technology. It is about policies, required and recommended, that expand the project notes you have been creating to address corporate concerns outside of the technology realm, such as legal implications, reporting, etc.

Briefly outline, for use in the next few steps, a strategic approach in response to a breach allowing access to PII—customers and/or employees. Think of the policy aspects that will have to be addressed. You will continue to use the findings determined here and over the next few steps to produce a breach management strategy.

Breach management options will be considered in the next step.

Step 7: Determine Breach Management Options

Using the outline of the strategic approach developed in the previous step, determine both the technical and strategic options available in addressing a breach of PII. The eventual goal is to help senior management understand the level of effort required in an appropriate response to a breach. Take note of these options for future use.

Once complete, you will be ready to research legal issues in the next step.

Step 8: Research Breach Management Legal Issues

With breach management options identified in the last step, begin to research associated legal issues. Breach management in response to exfiltration of PII is well documented in a legal context. Multiple resources are available that address the issue. This section of your research and breach management strategy report should carefully identify all the concerns being raised in the courts surrounding previously documented cases.

The idea is to find evidence of court cases being litigated that are a result of a PII breach—not necessarily the outcomes of those legal proceedings. Identify the issues that your policy strategy should address and draft a discussion. This discussion will be used in a future report. After considering legal issues, move to the next step, which will be a look at cyber insurance.

Step 9: Research Breach Management Cyber Insurance Options

Redirect the research from legal issues in the last step to cyber insurance options in this step. As the number of PII breaches grows, so does the new industry of cyber insurance. Draft several paragraphs that state the options now available for this component of risk mitigation. Be sure to include what is covered by most readily available insurance policies, as well as what is not covered.

As an example: Is the institution covered for a customer PII breach if it is determined the breach was caused by an employee? The intent is not to make you a cyber insurance expert, but to offer senior leadership some of the strategic, big-picture options. This draft will be used in a future report.

In the next step, you will research the regulatory requirements of breach management.

Step 10: Research Breach Management Reporting and Other Requirements

Publicly traded enterprises and health care organizations are subject to governmental regulations and requirements where PII is concerned. In addition, some industries voluntarily impose standards upon their members. This is the section of the breach management strategy to address those issues.

What are the minimum reporting requirements applicable to financial institutions (in this case)? What standards are in place that must be met to prevent additional damage to the institution in the way of fines, warnings, or other sanctions as a result of noncompliance with regulations on reporting the breach?

Actual requirements for other industries could be similar, overlapping, or not, determined by the business sector, inclusion in critical infrastructure classification, and a number of other factors. The financial sector is our example for this project and not to be considered comprehensive or all-inclusive across all sectors.

In the next step, you will compile the report on breach management strategy.

Step 11: Compile the Breach Management Strategy Report

After considering the elements of breach management strategy over the last several steps, compile all drafts and revise into a complete five- to seven-page Breach Management Strategy that will present policies to senior leadership for the response to a PII breach.

You will need to include an overview of your strategic approach, options available, legal issues, cyber insurance, reporting and other requirements, and finally the proposal. Your proposal should identify issues/impacts with mitigation strategies, and include regulatory responses where they exist. Note how financial industry reporting requirements differ from health care or other industries.

Submit the Breach Management Strategy for feedback. This report will help complete your work on the final incident response plan.

Submission for Project 2: Breach Management Strategy

Previous submissions

0

Top of Form

Drop files here, or click below.

Step 12: Compose Policy Components of an Incident Response Plan (IRP)

Now that you have a proposed breach management strategy, you are ready to begin development of an incident response plan (IRP) specific to a breach of PII. Compose the key policy components of an incident response plan in a list to be used as a basis for the next step.

Step 13: Itemize the Steps of an IRP

Start at the key policy component list from the last step and add postincident requirements already identified to itemize the actions it will take to accomplish these goals. Keep in mind the level of effort required and time involved to accomplish each element of the IRP.

You now have all the information necessary to create a comprehensive IRP. To get your mind set in the right direction, imagine that a breach affecting PII has occurred. It is the organization’s worst cyber incident. What do you do? How does the organization respond? What steps need to be taken to meet all the requirements you have identified in the Breach Management Strategy?

This step is to create a list or an outline; the use of a spreadsheet is recommended to facilitate subsequent steps in the project. The primary column is all of the actions or tasks that need to be completed in the IRP. As part of this first list, identify what department is responsible for what action by considering the functional areas of a financial institution.

You will build upon this list in the next step by adding the element of time to your spreadsheet documentation.

Step 14: Assign a Typical Timeline for an IRP

As a result of your Breach Management Strategy, are there specific timelines required by the regulatory compliance you referenced? If so, that should be your starting point for creating the IRP timeline. These are referred to as project “milestones.” Look at the list you created in the previous step and put those milestones in a required response time sequence.

When building the timeline, pay attention to elements that depend on previous elements—things that must be completed before a following action can be started. In project management, these are referred to as “critical path” items.

This section of creating the IRP must have all critical path items covered within regulatory milestones. It is not mandatory to assign perfect values to the actual time it takes to accomplish each action item. It is mandatory to show the milestone dates.

As an example, one reporting requirement for a financial institution suffering a PII breach is likely to be to notify all affected customers within 72 hours of the breach. That means you will have a customer notification milestone at three days in the IRP.

After you have added the milestone dates to your spreadsheet documentation, you will plan for implementation of the incident response plan in the next step.

Step 15: Plan for the IRP Implementation

This is the step where you tie together the requirements (milestones), the timeline (critical path), and which department will be responsible for what elements in the plan (accountability). Ensure all of the rows and columns in the spreadsheet are in alignment to accomplish the goal of minimizing the impact of the PII breach. It is the final step in creating the IRP. This spreadsheet will be included in your final IRP.

Now, it is time for the final step, in which you will explain the results of all your hard work on the IRP to senior leadership.

Step 16: Complete the Incident Response Policy Plan (IRP)

The resulting IRP should be a total of 10 to 12 pages that present an actionable plan to fully address a breach of the organization’s PII. It should include a final paragraph on your thoughts about how the recommendations are likely to be received.

This final step is to bring all the work together. Use what has been created in the previous steps as detail to support your completed plan on incident response. Synthesize the material and include all CIO (instructor) feedback received.

Include in your comprehensive IRP the review and findings from a policy approach to maintain or exceed compliance with all regulatory demands. In addition, demonstrate your adherence to the best possible outcome for victims of a PII breach.

Remember, confidence in and approval of the approach is mandatory. It has already been determined that a breach of the organization’s PII is a serious matter. The CEO and the rest of the executives are depending on your expertise to address the situation quickly and effectively. This IRP is that plan of action.

Submit the complete report to the CIO for approval and delivery to the senior leadership team.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

·         1.3: Provide sufficient, correctly cited support that substantiates the writer’s ideas.

·         2.2: Locate and access sufficient information to investigate the issue or problem.

·         8.4: Design an enterprise cybersecurity incident response plan.

Submission for Project 2: Incident Response Plan

Previous submissions

0

Top of Form

Drop files here, or click below.

Bottom of Form

Bottom of Form

GET SOLUTION BELOW

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. A verdict was rendered against three parent chaperones. How was the third parent included in the case?
  • Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services Identity theft is becoming more common as technology continues to advance exponentially

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG Our Zero Plagiarism Policy | New Essays
Categories
Writers Solution

Supporting business and technology strategies behind those businesses

  • Introduction: Amazon and the Case Study
  • Current State of the Business
  • Amazon Businesses
  • Supporting business and technology strategies behind those businesses
  • Three portions of the business that will drive the future of the business
  • Supporting business and technology strategies behind those future businesses 
  • Summary
  • Assignment Format: MS Powerpoint Slide Deck; APA format
  • Length: 9 slides
  • Citations Required: 5-7 References

GET SOLUTION BELOW

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. A verdict was rendered against three parent chaperones. How was the third parent included in the case?
  • Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services Supporting business and technology strategies behind those businesses

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG Our Zero Plagiarism Policy | New Essays
Categories
Writers Solution

explain what your vision of the future of the world with technology is and why

In 750+ words essay after watching the video, explain what your vision of the future of the world with technology is and why.

  • Include 4 quotes from our TED talks or readings this quarter
  • Include a Works Cited

Here is the website for the video

GET SOLUTION BELOW
CLICK HERE TO MAKE YOUR ORDER
TO BE RE-WRITTEN FROM THE SCRATCH
NO PLAGIARISM
Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. A verdict was rendered against three parent chaperones. How was the third parent included in the case?
Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services explain what your vision of the future of the world with technology is and why
Get Professionally Written Papers From The Writing Experts 








Categories
Writers Solution

identify and recommend technology needs, hours of operation, and services offered for the health care organization

  1. Review the Business Plan scenario. Write a 1,050-word paper in which you identify and recommend technology needs, hours of operation, and services offered for the health care organization. Your paper should:
    • Recommend which services should be provided at the center and describe why they are appropriate at this site.
    • Describe the hours of operation and why you recommend those hours.
    • Describe the major equipment and technology needed to provide the recommended service. Include a projected cost for that equipment.
    • Discuss the type of corporation you think the center should consider (e.g., a department of the hospital or an LLC) and why.
    • Cite at least 2 peer-reviewed, scholarly, or similar references.

GET SOLUTION BELOW

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. A verdict was rendered against three parent chaperones. How was the third parent included in the case?
  • Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services identify and recommend technology needs, hours of operation, and services offered for the health care organization

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG Our Zero Plagiarism Policy | New Essays
Categories
Writers Solution

The impact of mobile technology (applications + gadgets) on business communications.

The impact of mobile technology (applications + gadgets) on business communications. (its my group topic) please make 3 main questions and their 2 small questions and 6 biblography) make 2 biblography of each question

This assignment is the second part of your Team Project. At this stage, you already have your team and topic assignment. You have completed your Course Project Plan and Agreement, and you are now ready to begin the planning of your report. The assignment will be developed through two steps. The first step is writing the research questions, and the second step is conducting research and completing an annotated references list (bibliography).

Instructions

Step 1: Complete the unit readings, including the Yorkville Write a Report.

Step 2: Your team will write 5 research questions. Your research questions will identify the key dimensions of your overall topic, which has been assigned by your instructor. The unit 6 reading describes how to write research questions. (Each person presents 1 RQ + 1/2 sub questions)

Step 3: If you have not already done so in the Team Plan and Agreement, ensure that you assign research questions and tasks to individual team members, so everyone is clear about their contribution to the final report.

Step 4: Begin collecting research in the YU Library guided by your research questions. For each research question, identify three (3) academic references from the YU library.

Step 5: Review the research and create an annotated references list. (You will find instructions about how to create an annotated reference list in the unit 6 readings.)

Step 6: Draft the report introduction including the statement of the purpose of the report.

Submission Details

Your overall submission should include:

1.      Title page (page 1) (include assignment title and topic, name, date, course code/title, instructor name). If you have team members who didn’t contribute to this assignment, do not include their names on the title page.

2.      Research Questions (page 2)

Research Questions

My Questions:

1.      What are the………………………….?

1.1.  ……………………..?

1.2.  …………………………….?

* Suggestion: Write at least 2 or 3 questions first n then select one final one.         

3.      Annotated References List (full references with annotations). The references page must be completed for this assignment and should be APA formatted.

* Each annotated bibliography should be placed on ONE page only.

* Please highlight the 3 sections in your bibliography (Gray + White + gray)

4.    A reference list (sorted alphabetically) References

*How many annotated bibliography for each research question? TWO

Submit on the unit 6 assignment page. Submit all assignments in this course as MS Word documents.

Helpful Hints

·        Papers written with double-spacing allow easier review and editing.

·        Use APA referencing guidelines for citations and references. Click here to review “APA Style”.

·        Do not write in first person; write in third person (he, she, they).

·        Ensure all references are academic sources. If an article is found in an academic journal in one of the library databases, then you can assume it has been peer reviewed and thus acceptable. Many articles found readily online may not have been exposed to any editorial vetting process, and thus should not be used as a resource.

Late Submission Policy

·        This assignment is subject to the Late Submission penalty policy, namely 5% per day for three days.

·        This page will close and will not allow further submissions after this Late Submission period has expired.

·        In the event of an emergency preventing you from submitting within this time frame, special permission must be obtained from your instructor. Documentation substantiating emergency is required. In such a circumstance, if the extension is granted, the professor will reopen the submission function for you on an individual basis.

·        Please do not email your submissions to your professor, either before or after the due date; all coursework should be submitted through the online course (Moodle).

GET SOLUTION FOR THIS ASSIGNMENT, Get Impressive Scores in Your Class

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

GET SOLUTION FOR THIS ASSIGNMENT

CLICK HERE TO MAKE YOUR ORDER

TO BE RE-WRITTEN FROM THE SCRATCH

NO PLAGIARISM

  • Original and non-plagiarized custom papers- Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
  • Timely Deliveryprimewritersbay.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
  • Customer satisfaction- Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
  • Confidential- It’s secure to place an order at primewritersbay.com We won’t reveal your private information to anyone else.
  • Writing services provided by experts- Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
  • Enjoy Please Note-You have come to the most reliable academic writing site that will sort all assignments that that you could be having. We write essays, research papers, term papers, research proposals. The impact of mobile technology (applications + gadgets) on business communications.

Get Professionally Written Papers From The Writing Experts 

Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG Our Zero Plagiarism Policy | New Essays