Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

1. Why is it necessary to define policy elements?

2. Discuss the terms confidentiality, integrity, and availability as they relate to information systems. Why are they important?

Student one:

Greetings class,

Information systems are not simply a place in which information or data is stored. Information systems are complex structures that do store information, but that information needs to be protected, send and received capabilities exist and those need to be regulated, the software, users, and abusers all need to be considered when it comes time to drafting a comprehensive plan to ensure proper employment of the whole thing. Because it is so complex and there are so many parts within the whole, every organization that has information systems needs to have an information system security policy in place. To accomplish this, every element within the system needs to be reviewed so its role in the system is understood, as well as how any potential challenges it may encounter so that those challenges can be prevented or mitigated as best as possible.

Confidentiality, integrity, and availability, also known as the CIA Triad, play a large role when considering the way an organization should go about protecting its information systems. Some questions to ask might be:

Confidentiality: Who should have access to different types of information? What access policies and procedures are in place? What information needs to be protected by law? What information needs to be protected based on the policies of the organization? How does that information stay protected against unauthorized use? How will we know if unauthorized users attempt or successful access data that should be protected? What equipment or software do we need? How often should the system be assessed to find any weaknesses in that area?

Integrity: What type of information needs to be protected from unauthorized modifications? How do bad actors accomplish this and what needs to be done to prevent it?

Availability: How can our organization’s systems be disrupted? What incident response plans will be enacted should this happen?

In my opinion, it’s a great idea to start asking questions to make the best plan forward because knowing what is at stake will help drive the next steps of effort.

Have a great week,

Ashley

Student two:

Hello Class,

1. Why is it necessary to define policy elements?

Policies provides instructions on dictate the parameters on how businesses operate and their transactions with other organizations. Information Security Systems policies are written to define parameters to minimize threats and ultimately to keep the organization functioning and productive. So it’s important to define policy elements so that everything is known, clear, and understood by everyone. Defining policy elements thoroughly minimizes confusion and helps with ensuring that the policy elements are adhered to. It also helps people who fall under these policies, recognize certain actions or when someone else isn’t meeting the policy element specifications. This will provide those employees or members with the knowledge of what to do and who to contact if the policies aren’t being followed.

2. Discuss the terms confidentiality, integrity, and availability as they relate to information systems. Why are they important?

Information systems access, process, contain all sorts of data. Some information is more sensitive or confidential than other information. There is often private and proprietary data contained on information systems. Organizations most assuredly used information systems to process transactions and conduct business overall. So whether it’s a personal information system or if it belongs to an organization, both people and organizations alike want their information to be kept confidential. They don’t want their data to be modified unless they are the one who is change it and they want to be able to use their system. Putting these parameters in place forms the CIA triad, confidentiality, integrity, and availability. The CIA triad is the goal for securing data on information systems. Confidentiality, integrity, and availability are essential for information systems because owners of the systems want to be able to access their information whenever they want and ensure that it isn’t being accesses or altered by outsiders.

Reference:

Johnson, R. (2015). Security Policies and Implementation Issues, 2nd Ed. VS Burlington: Jones & Bartlett Learning ISBN: 9781284055993. Retrieved from https://online.vitalsource.com/#/books /9781284070637/cfi/42!/4/4

Metivier, B. (2017). Fundamental Objectives of Information Security: The CIA Triad. Retrieved from https://www.sagedatasecurity.com/blog/fundamental-…

-Kimberly

Instructions: There are three (3) topic areas listed below that are designed to measure your knowledge level specific to learning outcome (LO 4) shown in your course syllabus. You must respond to #2 and select any other one topic area providing appropriate responses in essay form. In most cases the topic area has several components. Each must be addressed to properly satisfy requirements.

State-wide and in most professional industries, there has been a mandate that college students be more proficient in their writing. While this is not a writing class, all writing assignments will be graded for grammar, syntax and typographical correctness to help address this mandate.

Pay attention to what you are being asked to do (see Grading Rubric below). For example, to describe does not mean to list, but to tell about or illustrate in more than two or three sentences, providing appropriate arguments for your responses using theories discussed in our text. Be sure to address all parts of the topic question as most have multiple parts. A verifiable current event (less than 4 years old) relevant to at least one of the topics you respond to is a fundamental component of your quiz as well. You cannot use information from the text book or any book/article by the author of the text book as a current event. Make sure that your reference has a date of publication. For each chapter quiz and final quiz you are required to find and include at least one reference and reference citation to a current event less than 4 years old (a reference with no date (n.d.) is not acceptable) in answer to at least one question. This requires a reference citation in the text of your answer and a reference at the end of the question to which the reference applies. You must include some information obtained from the reference in your answer. The references must be found on the internet and you must include a URL in your reference so that the reference can be verified.

You should type your responses directly under the appropriate question. Be sure to include your name on your quiz. Only the first two (2) questions with an answer will be graded.

1. Do you believe that a coherent and comprehensive code of conduct for computer professionals is possible? (b) If so, which of the codes mentioned in this chapter roughly resembles such a code? Explain your choice. Please elaborate (beyond a yes or no answer) and provide your “theoretical” rationale in support of your responses (knowledge)
2. You have been working for the XYZ Computer Corporation as an entry-level software engineer since you graduated from college last May. You have done very well so far; you are respected by management, well-liked by your fellow employees, and have been assigned to a team of engineers that has consistently worked on the most critical and valued projects and contracts that XYZ Computer Corporation has secured. Their most recent contract is for a United States defense project involving the Missile Defense System, and again, you have been assigned to the team that will develop software for this project. However, you are staunchly opposed to the project objectives, so you ask to be reassigned. Your supervisor and coworkers, as well as upper management, are disappointed to learn of your strong feelings about this project. You are asked to reconsider your views, and you are promised a bonus and a substantial pay increase if you agree to work on this project during the next year. You also discover from a colleague that refusing to work on this project would greatly diminish your career advancement at XYZ and may even make you vulnerable to future layoffs. To compound matters, you and your spouse are expecting your first child in about three months and you recently purchased a home. (a) What would you do (elaborate)? (b) Describe the process of ethical deliberation that you would undertake in trying to resolve this dilemma. Please elaborate (beyond a yes or no answer) and provide your “theoretical” rationale in support of your responses (knowledge, comprehension)
3. According to Gotterbarn some of the criticism leveled against professional codes might be eliminated if we think of them as serving three important, but distinct, functions. Name and discuss them. Please elaborate (beyond a yes or no answer) and provide your “theoretical” rationale in support of your responses knowledge)

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Questions (both questions must be answered):

1. Find an online article regarding Disaster Recovery OR Business Continuity.

2. Summarize the article.

Student one:

DRAAS-Disaster Recovery As A Service

Sandra Gittlen

Network World

31 Jan 2019

A disaster recovery plan is part of the business continuity plan that describes how business operations will recover quickly in the event of a disaster (Techopedia, n.d.), but focuses on the IT functions. The plan is developed to assist the IT department to get up and back running critical systems in order to support operations at a minimal resource level. Disaster recovery plans are critical to business sustaining after an unforeseen tragedy to its IT infrastructure, especially to the amount of reliance businesses place on their information systems. Sandra Gittlen writes on AutoNation hybrid approach to their disaster recovery plan.

AutoNation operates over 300 locations and had experienced failed attempts trying to implement an on-premises only solution and a cloud-only recovery solution however both were too expensive to sustain as a long term plan. So AutoNation settled for a DRaaS, Disaster Recovery as a Service, approach that backs up and replicates virtual servers, applications, and data to their Colorado location which operates as the colocation facility and responsible for replacing the sites AWS information during recovery. “The new disaster-recovery plan that features a blend of colocation-based and as-a-service-based disaster recovery, with 75 percent of applications targeted to recover from a Denver colocation facility and 25 percent from Amazon Web Services” (Glitten, 2019), creating a hybrid recovery plan.

DRaaS has grown in providers since cloud services have taken off. DRaaS has the ability to focus on backup virtual servers, physical servers, or on-site backup appliances. Many organizations are transferring the whole responsibility to the growing third party industry to provide fail-over services in the event of a service disruption or disaster. “Market research firm Technavio predicts the global DRaaS market will expand at a compound annual growth rate of nearly 36 percent between 2018 and 2022” (Gittlen, 2019). DRaaS provides the comfort of quick recovery at the flip of a switch.

Reference

Gittlen, S. (2019, January 31). Disaster recovery as a service: Options grow to fit needs. Retrieved from https://www.networkworld.com/article/3337463/draas-options-grow-but-no-one-size-fits-all.html.

Techopedia. (n.d.). What is a Disaster Recovery Plan (DRP)? – Definition from Techopedia. Retrieved from https://www.techopedia.com/definition/1074/disaster-recovery-plan-drp.

-Shayla

Student two:

Hello Class,

The article I reviewed centers around IBM and the city of Los Angeles. IBM and LA cyber labs have teamed up to help local businesses fight cybercrimes. Cyber Crimes are an issue for bigger companies with huge infrastructures that are designed to combat cybercrimes, so they are an even bigger problem from a smaller local business with fewer resources. LA Cyber Lab will offer two new cybersecurity tools to the city of LA’s commercial movers and shakers. The first tool is a mobile app that will allow for suspicious emails to be analyzed. The second tool which is the centerpiece of the exchanges is the cloud-based threat intelligence sharing platform developed by Trustar. This platform will allow users to circulate their spear-phishing and educate themselves on the lasts business email compromise or ransomware campaigns.

This is a great approach by IBM for several reasons. The first is that IBM and the developers of cybersecurity will be able to gather information on new spyware, ransomware, and social phishing. All of the information gathered can be used by companies with more resources to develop ways of securing their assets against these threats. The second advantage of this is the detection of newer threats. By giving this technology out to smaller businesses more threat information is being collected compared to if this technology was only available to bigger companies or it had to be purchased. The second piece of software that is going to be given away is the TISP with is a platforming. A platform is built to share information, information that could help a smaller business continue to operate if they run into a threat because information on this threat could have been shared weeks ago when it was first identified by another business that was using the TISP.

Announcements. (n.d.). Retrieved October 2, 2019, from https://newsroom.ibm.com/2019-09-17-IBM-Works-With-City-of-Los-Angeles-to-Combat-Cybercrime.

-Tahime

Instructions

CSCI 415 Ethics, Law and Cybersecurity

Chapter 3 Quiz

NAME: _______________________________DATE: _________________

Chapter 3 – Quiz 3

Instructions: There are two (2) topic areas listed below that are designed to measure your knowledge level specific to learning outcome (LO 3) shown in your course syllabus. Please provide appropriate responses in essay form for both. In most cases the topic area has several components. Each must be addressed to properly satisfy requirements.

State-wide and in most professional industries, there has been a mandate that college students be more proficient in their writing. While this is not a writing class, all writing assignments will be graded for grammar, syntax and typographical correctness to help address this mandate.

Pay attention to what you are being asked to do (see Grading Rubric below). For example, to describe does not mean to list, but to tell about or illustrate in more than two or three sentences, providing appropriate arguments for your responses using theories discussed in our text. Be sure to address all parts of the topic question as most have multiple parts. A verifiable current event (less than 4 years old) relevant to at least one of the topics you respond to is a fundamental component of your quiz as well. You cannot use information from the text book or any book/article by the author of the text book as a current event. Make sure that your reference has a date of publication. For each chapter quiz and final quiz you are required to find and include at least one reference and reference citation to a current event less than 4 years old (a reference with no date (n.d.) is not acceptable) in answer to at least one question. This requires a reference citation in the text of your answer and a reference at the end of the question to which the reference applies. You must include some information obtained from the reference in your answer. The references must be found on the internet and you must include a URL in your reference so that the reference can be verified.

You should type your responses directly under the appropriate question. Be sure to include your name on your quiz. Only the first two (2) questions with answers will be graded. Include your name in the document filename. Your completed quiz must be uploaded into the appropriate eCollege Dropbox, no later than 11:59pm on the due date. Do well.

1. Based on what you have learned in this chapter and using appropriate components, properly construct an argument to: (1) support or refute the view that all undergraduate students should be required to take a course in cyberethics; and (2) apply the seven steps (in Section 3.8) to your argument. Please elaborate (beyond a yes or no answer) and provide your rationale in support of your responses (comprehension)

1. Using appropriate components construct an argument for or against the view that privacy protection should be improved in e-commerce transactions. Next evaluate your arguments against the rules for valid, inductive, and fallacious arguments. Does your argument contain any of the common or “informal” fallacies discussed in Section 3.9? If so, elaborate. Please elaborate (beyond a yes or no answer) and provide your rationale in support of your responses (knowledge)

Grading Rubric for Quizzes

Grading criterion Unit Points Total Points

Uploaded to correct Dropbox 2 2

Submitted on time 15 15

Document Filename:

Your Last Name,first and middle initial with correct quiz number 5 5

(Example only: Creider_RD_q1)

Rationally expressed opinions, experiences (personal or observed), 8

arguments and premises (where appropriate) to support responses

(did not simply restate/summarize author/textbook

Clearly presented classical ethics theories relative to topic 8

Included ‘URL’ for appropriate verifiable current event 12 28

(i.e., example of topic being discussed WITH EXPLANATION)

NOTE: Must be less than 4 years old

Grammatically correct and appropriate tone 10

(professional, non offensive language)

Typographically correct 10 20

Included full citations as needed 3

Used correct APA format 7 10

Addressed each item within selected topic area 20 20

Maximum grade 100 100

NOTE: POINTS WILL BE DEDUCTED FROM TOTAL ASSIGNMENT GRADE IF EACH QUESTION YOU SELECTED IS NOT INCLUDED IMMEDIATELY BEFORE EACH ANSWER.

Please show all of your work/steps

Provide a complete integrated set of normalized (3NF required) relations for The Data Structuring/Normalization Scenario in this link. Use the format displayed in An Example of Normalization below.

Note that entities are in all caps, attribute names with multiple words

are connected by an underline character joining each word, primary keys

are underlined and

listed first within the attributes in Third Normal Form (see textbook

Chapter 9 for explanatory information on the normalization process).

An Example of Normalization:

Here is a relatively simplistic example of a normalization process:

An “un-normalized” relation:

STUDENT(Last_Name, First_Name, Course_Name, Instructor_Name, Semester, Year)

The “normalized” version in Third Normal Form:

STUDENT(Student_ID, Last_Name, First_Name)

INSTRUCTOR(Instructor_ID, Last_Name, First_Name)

COURSE(Course_ID, Course_Name)

SEMESTER(Semester_ID, Term, Year)

COURSES_TAKEN(Student_ID,Course_ID,Instructor_ID,Semester_ID)

The Data Structuring/Normalization Scenario:
Your Team has been hired by a manufacturing company with multiple manufacturing facilities to perform the logical design of a relational database to manage their roster of available temporary workers and their subsequent assignments to fill workforce needs. The temporary workers are needed on a seasonal basis to fill a number of job roles such as materials management, van driver, loading/shipping dock worker, assembly line worker, packaging/shipping support, etc. Each manufacturing facility is configured with three different work areas, which are raw materials management, assembly line productions, and packaging/shipping. Here are the requirements that you have identified after interviewing company management:
1. The company would like to record and maintain complete information on each temporary worker, including full name, home address, mailing address (which may or may not differ from the home address), preferred and secondary telephone numbers, email address, date of birth, gender, initial date of employment.

2. The manufacturing facilities all operate on a 24-hour daily basis, three 8-hour shifts a day, six days a week, Monday through Saturday. They would also like to maintain information on each temporary worker’s work shift availability in terms of days of the week and work shift, which is first shift, second shift, third shift, or “bridge” shift. A bridge shift is composed of the last 4 hours of first shift and first 4 hours of second shift on the specified days. Workers may specify availability for one or more shifts during specified days of the week.

3. In addition, they will need to maintain complete information on each temporary worker’s job certifications and information on certification instructors. The information for certification instructors is the same information as for temporary workers identified in item 1 above, information on which courses they are qualified to teach, and their teaching histories for the company. A temporary worker must be certified for a job role by completing a required training program for that role and can be certified to perform one or more job roles. For job certifications, the company would like to maintain the identification of the certification, identification of the temporary worker participating in the certification training, the dates of certification training (certification training ranges from 4 to 16 hours depending on the type of certification), the certification trainer’s identification, and a pass/fail designation for the temporary worker completing the certification training. The company would also like to maintain complete information on available job role certification training program courses. 4. Temporary workers are also required to specify prioritized work area location preferences for one or more manufacturing locations. 5. Finally, they have stated the requirement for maintaining a complete record of each temporary worker’s assignments, including manufacturing facility location and work area assignment, date worked, shift(s) worked, and job role(s) filled by shift.
The company intends to use the completed database design to support the identification of temporary workers to fill needed assignments and to produce comprehensive reports on the use of temporary workers.