Category: Cyber security

Complete the Week 8 assignment for your Final Paper: Finalize your paper by addressing provided instructor feedback on the weekly submitted work, develop an introduction and conclusion for the paper. Check for APA correctness, reference page, and grammar. Submit your paper.  

I need these assignments done on short notice in this book 
Kroenke, D., Auer, D., Vandenberg, S., and Yoder, R. (2022), Database Processing: Fundamentals, Design, and Implementation.  16th edition, Pearson/Prentice Hall.
Submission for Assignment 1 in Chapter 10
Submission for Assignment 2 in Chapter 10
Submission for Assignment 3 in Chapter 10
Submission for Assignment 4 in Chapter 10
Submission for Assignment 5 in Chapter 10

The paper will need to be 4 to 5 pages double spaced, font 11, times the Roman. The paper will use footnotes. See Chicago manual style to cite sources. Paper will present an argument about a topic. In intelligence and national/homeland security. Cited sources should support the argument. Sources should ideally be from scholarly or professional sources, but reputable news sources are acceptable.
Also should include examples like 9/11 and the Boston Marathon bombing and how these were results of the Bureaucratic Divisions. 

The following are some sources related to the 2019 SolarWinds incident: Tech Target article
Wired Magazine article US Government Accountability Office article
Reuters article
Suppose you are the security lead for an IT team. Your manager has asked you to share information about the SolarWinds incident with the leadership team and recommend actions to prevent a similar attack from taking place.
In the leadership briefing, you’ll need to create a presentation with three to five slides summarizing key incident information and your recommendations. You can refer to this PowerPoint exemplar of a leadership briefing as an example of what your report might look like and what type of content it might contain. If you don’t have PowerPoint, you may need to use Google Slides or another app to open the file.
Be sure to do the following key tasks, which you learned about above, as you prepare for the leadership presentation: Provide a briefing of the incident. Your slides should provide the key facts, and the story of the incident should be explained by you during the presentation.
Describe the significance of the incident above. Your response should include who or what systems are affected, the scope of the issue, etc.
Describe the known information about the threat actors involved. State your recommendation. Imagine yourself in the role of a cybersecurity analyst. Summarize your recommendation for the next steps. List your information sources. Include specific common vulnerabilities and exposures (CVE) information.
Grading requirements
Remember, this is a graded lesson. That means that someone from the Chegg Skills team will review your work using the rubric provided below. Here are the specifics:
Grading rubric: The graders will use the criteria in the following rubric when grading your work. All questions use a yes-no framework, unless otherwise indicated.
Additional feedback: Graders will also use the rubric to provide you with feedback. This feedback does not affect whether you pass or fail; it is there to help you revise your work or improve upon it.
Passing score: This assessment requires a passing score of 80%. Therefore, at least 5 of the 6 items on the grading rubric must be marked Yes for you to pass. It isn’t expected that all students will pass the assessment on their first attempt. Use the feedback provided by the graders to improve your assessment and resubmit if needed.
Did the student prepare a 3-5 slide presentation?Yes
No
Question 2 – Did the student provide a professional briefing on the incident?Yes
No
Question 3 – Did the student describe the significance of the incident, including who or what systems are affected, the scope of the issue, and any other relevant information?Yes
No
Question 4 – Did the student provide information on the threat actors involved?Yes
No
Question 5 – Based on the synthesized threat information, did the student make appropriate recommendations for next steps and enhanced security?Yes
No
Question 6 – Did the student list reputable sources including specific CVE Information?Yes
No

Scenario
The Entertainment Team (ET — part of Resort Operations
at Padgett-Beale, Inc.) is excited about a new event management platform and is
ready to go to contract with the vendor. This platform is a cloud-based service
that provides end-to-end management for events (conferences, concerts,
festivals). The head of Marketing & Media (M&M) is on board and
strongly supports the use of this system. M&M believes that the data
collection and analysis capabilities of the system will prove extremely valuable
for its efforts. Resort Operations (RO) also believes that the technology could
be leveraged to provide additional capabilities for managing participation in
hotel sponsored “kids programs” and related children-only events.
The arm of a hotel guest wearing an RFID band while
sitting poolside
For an additional fee, the event management platform’s
vendor will provide customized Radio Frequency Identification (RFID) bands to
be worn by attendees. 
The RFID bands and RFID readers use near-field
communications to identify the wearer and complete the desired transactions
(e.g. record a booth visit, make a purchase, vote for a favorite activity or
performer, etc.).
The RFID bands have unique identifiers embedded in the
band that allow tracking of attendees (admittance, where they go within the
venue, what they “like,” how long they stay in a given location,
etc.). 
The RFID bands can also be connected to an attendee’s
credit card or debit card account and then used by the attendee to make
purchases for food, beverages, and souvenirs. 
For children, the RFID bands can be paired with a
parent’s band, loaded with allergy information, and have a parent specified
spending limit or spending preauthorization tied to the parent’s credit card
account.
The head of Corporate IT has tentatively given approval
for this outsourcing because it leverages cloud-computing capabilities. IT’s
approval is very important to supporters of this the acquisition because of the
company’s ban on “Shadow IT.” (Only Corporate IT is allowed to issue
contracts for information technology related purchases, acquisitions, and
outsourcing contracts.) Corporate IT also supports a cloud-based platform since
this reduces the amount of infrastructure which IT must support and manage directly.
The project has come to a screeching halt, however, due
to an objection by the Chief Financial Officer. The CFO has asked that the IT
Governance Board investigate this project and obtain more information about the
benefits and risks of using RFID bands linked to an external system which
processes transactions and authorizations of mobile / cashless payments for
goods and services. The CFO is concerned that the company’s PCI Compliance
status may be adversely affected.
The Chief Privacy Officer has also expressed an objection
about this project. The CPO is concerned about the privacy implications of
tracking both movement of individuals and the tracking of their purchasing
behaviors.
The IT Governance Board agreed that the concerns
expressed by two of its members (the CFO and CPO) have merit. The board has
requested an unbiased analysis of the proposed use cases and the security and
privacy issues which could be reasonably expected to arise. 
The IT Governance Board has also agreed to a request from
the Chief of Staff that the management interns be allowed to participate in
this analysis as their final project. Per the agreement, their involvement will
be limited to providing background research into the defined use cases for
cashless purchases.
Case:
Task
Purchases for craft
materials and snacks by children (under the age of 13) attending a hotel
sponsored “kids club” program.
Research one or more of the Use Cases
E. (2024, June 17). What benefits of RFID wristbands for
hotels, resorts & theme parks? RFIDSilicone. Retrieved June 17, 2024, from https://www.rfidsilicone.com/blog/industry-news/what-benefits-of-rfid-wristbands-for-hotels-resorts-theme-parks.html
(see section 4: Family Freedom)
Zougar, Y. (2018, July 27). An introduction to RFID.
INFOSEC. Retrieved June 13, 2024, from https://www.infosecinstitute.com/resources/general-security/an-introduction-to-rfid/#:~:text=RFID%20stands%20for%20Radio%20Frequency,order%20to%20transmit%20and%20receive
A. W. (2019, June 15). TAPPIT LAUNCHES NEW RFID WRISTBAND
SAFETY FUNCTIONALITY. TAPPIT. Retrieved June 17, 2024, from https://tappit.com/resources/blog/rfid-wristband-safety
4. Find and review at least two additional
resources on your own that provides information about privacy and security
related laws that could limit or impose additional responsibilities upon
Padgett-Beale’s collection, storage, transmission, and use of data about
guests. (Note: laws may differ with respect to collecting data from or about
children.) You should also investigate laws, regulations, or standards which
impact the use of the RFID bands for mobile purchases.
5. Using all of your readings, identify and
research at least 7 security and privacy issues which the IT Governance Board
needs to consider and address as it considers the implications of your chosen
use case upon the adoption or rejection of the proposed IT project (Event
Management Platform & RFID bands).
6. Then, identify 7 best practices that you can
recommend to Padgett-Beale’s leadership team to reduce and/or manage risks
associated with the security and privacy of data associated with the event
management platform.
Write
Write a five to seven (5-7) page report using your research.
At a minimum, your report must include the following:
An introduction or overview of event management systems and
the potential security and privacy concerns which could arise when implementing
this technology.  This introduction
should be suitable for an executive audience. Provide a brief explanation as to
why three major operating units believe the company needs this capability.
An analysis section in which you address the following:
Identify and describe your chosen Use Case
·        
Identify and describe 7 or more types of
personal / private information or data that will be collected, stored,
processed, and transmitted in conjunction with the use case.  
·        
Identify and describe 5 or more compliance
issues related to the use of the RFID bands to make and track mobile purchases.
·        
Analyze and discuss 7 or more privacy and
security issues related to the use case.
·        
Identify and discuss 3 or more relevant laws,
regulations, or standards which could impact the planned implementation of the
event management system with RFID wrist bands.
A recommendations section in which you
identify and discuss 8 or more best practices for security and privacy that
should be implemented before the technology is put into use by the company.
Include at least 2 recommendations in each of the following categories: people,
processes, policies, and technologies.
A closing section (summary) in which you summarize
the issues related to your chosen use case and the event management platform
overall. Include a summary of your recommendations to the IT Governance Board.
Must incorporate at least 5 of these resources into
your final deliverable. You must also include 2 resources that you found on
your own.
Research report should use standard terms and definitions
for cybersecurity.
References
GOV, U. (n.d.). Protecting Intellectual Property in the
United States: A Guide for Small and Medium-Sized Enterprises in the United
Kingdom. STOPfakes:Uspto.gov. Retrieved June 9, 2024, from https://www.uspto.gov/sites/default/files/documents/UK-SME-IP-Toolkit_FINAL.pdf
Alto, P. (n.d.). What is an Exploit Kit? Palo Alto.
Retrieved June 9, 2024, from https://www.uspto.gov/sites/default/files/documents/UK-SME-IP-Toolkit_FINAL.pdf
Z. (n.d.). Anatomy of APT: Advanced Persistent Threat
Guide. Zenarmor. Retrieved June 9, 2024, from https://www.zenarmor.com/docs/network-security-tutorials/what-is-advanced-persistent-threat-apt
Limacher, M.,
& Fauconnet, L. (n.d.). The Legal and Ethical Guardrails for Sound
Competitive Intelligence. Pragmatic Institute. Retrieved June 13, 2024, from https://www.pragmaticinstitute.com/resources/articles/product/the-legal-and-ethical-guardrails-for-sound-competitive-intelligence/
Radar, C. (n.d.). The Legal and Ethical Guardrails for
Sound Competitive Intelligence. CI Radar. Retrieved June 13, 2024, from https://ciradar.com/competitive-intelligence-blog/insights/2017/12/22/the-ethics-of-competitive-intelligence-where-uber-crossed-the-line
Zougar, Y. (2018, July 27). An
introduction to RFID. INFOSEC. Retrieved June 13, 2024, from https://www.infosecinstitute.com/resources/general-security/an-introduction-to-rfid/#:~:text=RFID%20stands%20for%20Radio%20Frequency,order%20to%20transmit%20and%20receive
Awati, R. (2022, June 12). Segregation of duties (SoD).
WHATIs. Retrieved June 13, 2024, from https://www.techtarget.com/whatis/definition/segregation-of-duties-SoD
Counsel, U. (2022, October 27). Intellectual Theft:
Everything You Need to Know. UpCounsel. Retrieved June 9, 2024, from https://www.uspto.gov/sites/default/files/documents/UK-SME-IP-Toolkit_FINAL.pdf
Miller, M. (2023, June 13). What Is Least Privilege &
Why Do You Need It? BeyondTrust. Retrieved June 13, 2024, from https://www.beyondtrust.com/blog/entry/what-is-least-privilege
S. (2023, June 27). Data Exfiltration: Prevention, Risks
& Best Practices. Splunk’. Retrieved June 9, 2024, from https://www.splunk.com/en_us/blog/learn/data-exfiltration.html
M. D. (2023, August 31). An IP Guide for the Corporate
Legal Practitioner: IP Theft and the Major Threats to Your Client’s IP.
DILWORTH. Retrieved June 13, 2024, from https://www.dilworthip.com/resources/news/threats-to-intellectual-property/
A. W. (2023, October 3). The Top 3 Cyber Attack Vectors.
ARTICWOLF. Retrieved June 9, 2024, from https://arcticwolf.com/resources/blog/top-five-cyberattack-vectors/

Answered in your own words to these two discussion questions. You may use any legitimate resource from the web, textbook, lecture, etc., but use your own analytical thought process to ensure evidence of understanding of the material. Your response to each question must be at least one page in length.
QUESTIONS:
Q1.  Discuss the issues with the Case of Mary, Queen of Scots including the factors related to the encryption methods, the failures of Mary and her cohorts, the importance of this case to the field of encryption, and the lessons of the case.
Q2.  Explain the concept of Cryptanalysis, what it is, how it is linked to encryption, what the three sub-system methods for breaking crypto-systems (hint: assigned reading) are, and its relevance in the modern realm of encryption.

Review
NIST guidance for required / recommended security controls (see NIST SP 800-12,
NIST SP 800-53, and NIST SP 800-100).
Find and review additional authoritative /
credible sources on your own which provide information about IT security issues
(related to data breaches / responses, shadow IT, and/or social media use) which
require policy solutions.
Min. of 4 Authoritve/ Credible Sources 
Additionaly information provided upon taking the job.

Each week, we will have a “This Week in Cybersecurity” discussion that focuses on developing issues in Cybersecurity. This discussion will provide you the opportunity to stay ‘attuned’ to current Cybersecurity issues in the news and share at least one event, activity, or development with the class. For example, if a major cyber-attack on a nation-state or major company (i.e., Russian-linked cybercrime group DarkSide attack on Colonial Pipeline) were to occur, this would be the type of story to share.
Find a recent Cybersecurity-related current event, activity, or development in the news (within the past week). In your discussion post, briefly summarize the event and reflect on its significance. You should use any legitimate news source (television, internet, periodicals, etc.) to support your topical input. (A few sites related to cybersecurity are suggested on the Student Resources page, but you are not limited to these.) Questions to address must include:
How does the event relate to issues addressed in class?
How might similar situations be mitigated?
What is the broader impact of the event (e.g., nationally, globally, etc.)?
Include a link to the story or a citation so that others may read the story.  Try not to duplicate the same event that another student has posted.

Please Seperate Each Response
Discussion 1: (205 Words)
Every cybersecurity program requires policies. They must be consistent, and optimally flow from an established standard. Policies are often reviewed and audited, so they all must contain not only key elements that are designed to secure data, but high level things like purpose, scope, etc.
Create a policy template. What elements should it contain? Here are a few items that it must contain. For each section, provide guidance on what a person would need to do to successfully create a policy based on the template. To be clear – this is a template that is to be used for all policies that would be created for an organization. This is to be delivered as an MS Word document, and attach it to the DB post. Summarize your key elements in the body of your DB post.
Sections that would always need to be required include:
Purpose
Scope
Roles and Responsibilities (who does it apply to and their general responsibilities)
Policy Statements (this is a list of multiple policy clauses)
Enforcement/Exceptions (how it will be enforced, and how exceptions are granted)
Discussion 2: (110 Words)
Agree or Disagree? Why? (Use attached Word Document)
It contains the purpose and scope of this policy. The roles and responsibilities include the CISO, IT security manager, IT security team, Employees, and contractors and third-party associates. The policy statements (thus far) include secure network and system maintenance and development, data protection, incident response, access controls, physical security, cloud integration, and audits/compliance. It also contains enforcement and exceptions. For someone to be successful in implementing a policy based on this template one would most likely need to review and update the policy as time goes on to ensure changes are made over time. One would also need to find a way to implement training throughout the organization to ensure there is an understanding of this policy. 
One would need to find out the purpose for the policy they are creating and why it is important and what it adheres to. One would then need to find out who or what should be abiding by the policy within the organization. One would then need to find out who the policy applies to and create some definition on what they should do or need to do. There should be policy statements to ensure the policy is addressing all the correct material. There should also be ways to enforce the new policy AS WELL AS there being exceptions to the rule due to unconventional circumstances. 
Discussion 3: (205 Words)
When an organizational asset is handed to an employee, it is important that they know the rules of use of that asset – hence, the Acceptable Use Policy.
Create a draft of a user Acceptable Use Policy. For this DB – just the components are necessary to be placed into the DB itself – don’t attach anything just yet. What actions are acceptable? What are actions that are expressly prohibited? (Note – generally policies are written where all statements should be positive – but this is a draft, we are getting all ideas on the table. We will turn those into positive statements when we create the final version).
Create at least 10 policy clauses
Discussion 4: (110 Words)
Agree or Disagree? Why?
The acceptable use policy (AUP) is a policy that governs how a user can access the network and the internet. It applies restrictions on what the user should and should not be able to do and ensures the user is aware of safe practices. The acceptable use policy does not stop the user from engaging in malicious activity, but it will state what is acceptable and unacceptable employee behavior while utilizing resources. The AUP will also state that if employees do violate the AUP, the employee will be subject to disciplinary actions which include and are not limited to verbal warning, written warning, being downgraded in access privileges, and even termination (Kirvan, 2022).
1) Clean Desk
This ensures that there is to be no sensitive data on your desk as paperwork may pile up. Your desk should be tidy with sensitive data out of reach from other individuals and/or locked in a file or cabinet that only certain individuals have access to
2) Internet Use
The use of the internet should only be applicable for the purposes of the organization. Employees should be using the internet to conduct work, send e-mails, collaborate with other teams, and aid in the organization.
3) Email Use
Email usage should be used for primarily business-related purposes.
Employees should avoid sending unnecessary emails in communication.
Please remain professional in your emails and refrain from using offensive or inappropriate language.
4) Network Security
Employees must not attempt to deactivate, evade, or tamper with any security mechanism that has been put in place on the network. This includes but is not limited to firewalls, intrusion detection/prevention systems, anti-virus software, etc.
5)Device Security
If a device is lost or stolen, please notify the IT department immediately. IT will need to ensure data is secure on the device and quick response time is impeccable.
Devices must be enrolled in multi-factor authentication (if possible).
Devices must be locked after a certain period of use/inactivity.
Devices must be secured with strong passwords.
6) Physical Security
Employees must lock their device to prevent unauthorized access.
Employees must ensure their devices are out of reach and use of other individuals if not being used by themselves. Devices can be stored or locked in a cabinet at a desk.
7) Incident Reporting
Employees must report any suspicious activity to the IT security department. The quicker an employee is to report something, the faster it can have actions taken against the incident.
Employees are required to co-operate with investigation for security related incidents.
8) Personal Devices
Employees will not use their own personal devices to access organizational data UNLESS usage of organizational data has been approved for usage on the specified device.
The device must adhere to the organizations policies on password complexity, encryption, and the appropriate security stack.
9) Social Media Usage
(For purposes of this AUP, I will say the use of social media is prohibited on organizational devices ALTHOUGH some organizations allow social media access) Employees will not be allowed to access social media platforms on organizational devices.
Any employee who uses social media on their device will be subject to disciplinary actions.
10) Audit and Monitoring
Employees will be informed that the organization has the right to monitor and report anything the user uses the device for. The organization has the right to monitor email use, internet use, all logs on the user’s machine, and anything else that might jeopardize the safety of the organization.
FRSecure (2021) <- The outline of my work was sourced and referenced from here.  References: FRSecure. (2021, July 29). Acceptable Use Policy Template | FRSecure. Frsecure.com. https://frsecure.com/acceptable-use-policy-template/ Kirvan, P. (2022, June). What is acceptable use policy (AUP)? - Definition from WhatIs.com. WhatIs.com. https://www.techtarget.com/whatis/definition/acceptable-use-policy-AUP

For the Using Rhetorical Devices assignment, you will create an advertisement that uses at least two rhetorical ploys (CO1 and CO4). The list is available in Chapter 2 of Bowell and Kemp.
To complete the assignment, you will need to complete, Part I: Advertisement Transcript and Part II: Explanation using the attached worksheet.
Note, if you choose to construct an audio or video component it may enhance your score, but there will be no penalty for submitting just the worksheet.
Part I: Advertisement Transcript
The advertisement transcript will include the following:
State intended product or position (what are you selling) DO NOT use a trademarked product.
enough words to take between 30 seconds and one minute (80-150 words) to verbalize.
A word-for-word “script” you could use to create an actual advertisement [this is what a transcript is].
Use at least 2 Rhetorical Ploys from Chapter 2 of Bowell and Kemp (pages 46-58) intended to manipulate the audience (minimum).
List and define each Rhetorical Ploy used from the textbook and how it was intended to manipulate the audience.
Finally, add a few sentences on what you feel you learned from this exercise. Be reflective and discuss your feelings toward such ploys and whether you will be more manipulation-resistant after this assignment.