Why is cyber security not an absolute?

 
A utility company’s website is attacked by a botnet, a program built specifically to replicate malicious software on the Web. It was spreading rapidly online by injecting itself into vulnerable websites and then waiting for unsuspecting users to click on the site. When they did, the code copied itself on their computers. In a few months, 360,000 sites had been infected. The botnet was diabolically engineered to sniff out the Achilles heel in SQL. The botnet co-opted an application on the company Website and injected itself directly into a company database. The fear was that in the process, it could get past the utility’s larger security perimeter and have its way with the company’s software portfolio of applications, database tools and other code. It also had the potential to install itself on the computers of anyone who visited the utility’s website. The attack was a legitimate risk to the utility company.
The utility knew it wanted (needed) a new culture for how it engineered, developed and tested its software. It also knew it wanted that culture grounded in widely accepted standards. That way, coders could learn from one another, and the company would not be re-inventing its cultural wheel to make its software more secure. The catch was, no one on staff knew much about how to make applications safer.
The design phase of the cyber security development lifecycle (CSDL) requires developers to create something called a cyber threat model. That is, a sense of the cyber attacks an application might face. What kind of exploits might a cyber attacker use? How would hackers gain access to an application running on a computer network? What older, existing pieces of code associated with the new application might be vulnerable? This overall feel for the risks an application might come under allows coders to anticipate risks. Threat models need not be complex: Even high-quality ones can be done on the back of cocktail napkins.
Once the standard was set, critical areas were addressed and basic training was completed, next up was spreading the new cyber security culture inside the utility. Two basic lines of work emerged: remediation on the existing code where needed, and maximizing the cyber security of all new code created from that point on. The company-wide remediation was a copy of the early, high-level work on the website: carefully anticipating threats identified by the utility‘s version of CSDL, analyzing each threat and then refactoring code where necessary. This strategic work was buttressed by scanning tools that helped identify high, medium and low risks. But, despite this automatic assistance, it was immediately clear the work ahead would not be easy.
Time was something the utility’s coders had little of. Its IT department was designed to be an internal resource for the coding needs of various departments: providing the company’s energy traders with a new way to manage their inventory, helping human resources manage employee benefits, and planning how utilities route their electricity or gas. But, under a mandate from the top, they found a way. And, slowly, cyber software security at the utility moved from afterthought to top-of-mind. Under CSDL, the utility now started with cyber security. Step one in the process was identifying a well-thought-out set of cyber threats that showed where a piece of software might be weak. How would the code be used? What was at risk? Then, using its new test tools and protocols, the entire development team became responsible for keeping the code within the standard. The utility had even gone so far as to install a last step — a human review to triple check that all new code cleared the cyber security bar before it went live.

1.What does the design phase of the cyber security development lifecycle (CSDL) require developers to create?
2. Once the standard was set (critical areas were addressed and basic training was completed; next up was spreading the new cyber security culture inside the utility), what were the two basic lines of work that emerged?
3.Why is cyber security not an absolute?
 
Topic:  Cyber Security Development Lifecycle
Link to Presentation: http://booksite.elsevier.com/9780123918550/casestudies/Chapter_04.html
Name 3 Ways
Paper Organization (300pts)
Use Times New Roman 12 font and double spaced. Ensure you are familiar with current APA guidelines  as it relates to  writing research paper.

Cover page (Use sample paper as a guide) (10pts)
Need introduction paragraph with thesis statement (50pts)
Three different paragraphs with each practice (90pts)
Concluding paragraph (50pts)
Reference page (50pts)
Follow APA Guidelines (50pts)
5 to 6 pages total

PPT Presentation (About 30 minutes Long; 200pts)

Wear Business Attire (10pts)
Slide 1-Cover page with title (10pts)
Slide 2– Group Names
Slide 3- Table of content (5 pts)
Slide 4-Introduction (20pts)
Slide 5-Thesis statement (20pts)
Slides 6, 7, and 8- Different ideas in different paragraphs (75pts)
Slide 9-Summary (20pts)
Slide 10-References (40pts)

In what situations would individuals be more effective decision-makers than groups, and in what situations would groups be better than individuals?

 
Lesson 4 Discussion Forum
Communication and Team Decision Making
Part 1: Sharpening the Team Mind: Communication and Collective Intelligence
A.    What are some of the possible biases and points of error that may arise in team communication systems? In addition to those cited in the opening of Chapter 6, what are some other examples of how team communication problems can lead to disaster?
B.      Revisit communication failure examples in Exhibit 6-1. Identify the possible causes of communication or decision-making failure in each example, and, drawing on the information presented in the chapter, discuss  measures that might have prevented problems from arising within each team’s communication system.
Part 2: Team Decision-Making: Pitfalls and Solutions
A.    What are the key symptoms of groupthink? What problems and shortcomings can arise in the decision-making process as a result of groupthink? 

B.    Do you think that individuals or groups are better decision-makers? Justify your choice. In what situations would individuals be more effective decision-makers than groups, and in what situations would groups be better than individuals?

Read the above topic and discuss it in 300 words using APA format.

Explain What is the difference between designing with CRC cards and designing with sequence diagrams?

  
1. Describe a fully developed use case for Receive new book in the university library system and then:
o Describe (UML) Activity diagram for the Enter new patient information use case
o Develop a first-cut sequence diagram that only includes the actor and problem domain classes.
o Develop a design class diagram based on your solution. Be sure to include your controller class.
o Add the view layer classes and the data access classes to your diagram. You may do this with two separate diagrams to make them easier to work with and read.
o Explain What is the difference between designing with CRC cards and designing with sequence diagrams?
o Explain the syntax of a message on a sequence diagram.
o What is the purpose of the first-cut sequence diagram? What kinds of classes are included?
o What is the purpose of the use case controller?
2. Using RMO that is the case in your text book answer the following:
Assume that RMO will begin asking a random sample of customers who order by telephone about purchases made from competitors. RMO will give customers a 15 percent discount on their current order in exchange for answering a few questions. To store and use this information, RMO will add two new classes and three new associations to the class diagram. The new classes are Competitor and ProductCategory. Competitor has a one-to-many association with ProductCategory, and the existing Customer class also has a one-to-many association with ProductCategory. Competitor has a single attribute called Name. ProductCategory has four attributes: Description, DollarAmountPurchased, MonthPurchased, and YearPurchased. Revise the relational database schema shown in Figure 12-10 to include the new classes and associations. All tables must be in 3NF.
3. Read this narrative and then make a list of system capabilities and describe how the project could be developed  for the company:
The new direct sales and accounting system for Especially for You Jewelers will be an important element in the growth and success of the jewelry company. The direct sales portion needs to track every sale and be able to link to the inventory system for cost data to provide a daily profit and loss report. The customer database needs to be able to produce purchase histories to assist management in preparing special mailings and special sales to existing customers. Detailed credit balances and Aged accounts for each customer would help solve the problem with the high balance of accounts receivables. Special notice letters and credit history reports would help management reduce accounts receivable.

Describe some factors that increase computer efficiency.

 
Write a minimum of 100 words for each question. Provide Citation and reference for each question.
Provide two answers for each question.

 Q1: Describe some factors that increase computer efficiency. For example, increasing the number of CPU processors. Consider different computer components, not just hardware components. 

 
Q2. UMUC recruits both full time and part-time staff. How will you illustrate this scenario using a specialization hierarchy (include some sample attributes).

Q3. From your understanding and reading of the lecture notes what is the difference between partial and total completeness. Illustrate with examples.

Explain why best practices in a policy would be an effective mitigation strategy.

 Find an article on the WWW that discusses a recent (within the last 2 years) security breach or Cyberattack. Provide a link to the article and suggest 2 Best practices for a user Domain Policy that would mitigate against the type of breach or Cyberattack you have shared. Clearly explain why those best practices in a policy would be an effective mitigation strategy. 

Decide how an organization should house its backups.

1. Your Organization has approximately 10 TB of data, and you need to decide if your organization should have on-site or off-site tape storage.
2. Your organization must be able to easily recover data no older than one month, as an operational requirement.
3. Your organization’s further requirement is that recovery operations must resume at minimal levels for all systems within two weeks of a total catastrophe at the data center.
4. Decide how your organization should house its backups. 
500 words APA format and no plagiarism

What are the key differences between cloud security threats and on-premise security threat?

 
Understanding how cloud security differs from on-premise data center security is crucial for organizational success. What are three (3) key differences between cloud security threats and on-premise security threat? In three (3) ways how are mitigation strategies differ for Web security threats from that of on-premise?
DQ requirement: Note that the requirement is to post your initial response no later than Thursday and you must post one additional post during the week (Sunday). I recommend your initial posting to be between 200-to-300 words. The replies to fellow students and to the professor should range between 100-to-150 words. All initial posts must contain a properly APA formatted in-text citation and at least one (1) scholarly reference.

Explain how you understand individual, organizational, and collaborative processes.

  
Assignment Instructions:
· 1000+ words and at least three references other than text
· no polemics or personal attacks and avoid the rote repetition of platitudes or dogma
· State your hypothesis and then attempt to prove it with facts not wants or feelings.
APA

Chapter 5 Summary Essays
1. Explain how you understand individual, organizational, and collaborative processes. Discuss why individual green processes are short-term strategies, whereas collaborative green processes are long-term strategies.
2. Discuss how “Green” BPR can improve (an) organization’s efficiency and aid in achieving better carbon efficiency.
3. What is the relevance of process modeling in Green BPR? What techniques would you use to undertake green process modeling?
4. What are the advantages of Cloud computing in the context of Green IT? What are the challenges and risks associated with Cloud computing in the same context?

1 2 3 158