Sunday, January 26, 2020

Creating an IT Infrastructure Asset List

Creating an IT Infrastructure Asset List Abstract This document was created following Lab #1 titled Creating an IT Infrastructure Asses List and Identifying Where Privacy Data Resides in the laboratory manual that accompanies Legal Issues in Information Security. The lab focuses on creating an IT assets/inventory checklist organized within the seven domains of IT infrastructure. Identifying assets and applying classifications to each asset and explaining how data classification standard is linked to customer privacy data and security controls. In addition to answering questions presented in the lab, I will also identify 1 piece of hardware, software, or firmware and provide a technical, operational, and managerial control as defined in SP 800-53 R4. Keywords: Asset List, Privacy Data, SP 800-53 R4, Data Classification Creating an IT Asset List and Identifying Where Privacy Data Resides Organizations who handle customer data are increasingly being attacked by unscrupulous actors. One of the most sought after and stolen data is the organizations private customer data. The theft of this information can be used for a variety of reasons including identity theft. The protection of this important privacy data is best implemented with a well-planned strategy focused on minimizing the risk of improper disclosure. An asset is anything that contains value to the organization. Inventory is considered part of an asset. The purpose for identifying assets and inventory is to quantify them and provide insight of threats to each asset. This is accomplished by using Risk Management. Asset Identification is more than creating a list of the hardware and software in the computer, it must include the information, or data, that is processed on those computers (Kadel, 2004). Part of the identification should not only be what the assets are, but also who in the organization is responsible for the asset. Once an organization has identified all the assets they can assign a value, and classification to the asset. It is important to keep asset and inventory documentation updated when assets are added or removed from the organization. Asset classification is a process in which each asset identified is given a classification. The organizations security policy should make mention of relevant labels for classification. The lab manual offers the following three classifications Critical, Major, and Minor. One purpose of asset classification is to label an asset so it receives an appropriate level of protection. This label needs to be defined by upper level management but the IT and security staff is then responsible for implementing the required controls. It is important that senior management make this decision. Without data classification information protection decisions are being made every day at the discretion of security, system, and database administrators (Fowler, 2003). An organizations Web site would be classified as minor in this scenario because it is required for normal business functions and operations. The e-commerce server on the other hand would be considered critical because of what the asset does and the type of data it holds. In the lab manual, the web server Linux Server #2 is responsible for hosting the web site. Its function is required for normal business functions but does not contain any information to warrant it being classified as Major and does not represent an intellectual property asset or generate revenue. The e-commerce server on the other hand does generate revenue and is considered as an intellectual property asset. It also contains a customer database subset which contains information that needs to be protected. One reason customer privacy data would be classified as critical is to meet compliance guidelines. For example, the Gramm-Leach-Biley Act (GLBA) is a law that was passed in 1999 by congress. It requires financial institutions to protect Nonpublic Personal information. One section, known as the safeguards rule required federal bank regulatory agencies to issue security standards to organizations they regulate. If an organization does not follow the law, they can be penalized. The most compelling reason to classify information is to satisfy regulatory mandates. For example, the Gramm Leach Bliley and the Health Insurance Portability and Accountability Acts mandate information protection controls for financial and medical organizations, respectively. Although information classification is not specified as a required protection measure, it is implied by special handling requirements for sensitive, medical and financial information (Fowler, 2003). Intellectual property would be considered critical because it is intellectual property. Intellectual property by its nature should be handled as critical. Assume the following example, your organization makes the best widgets, because they are the best, consumers are willing to pay extra for your widgets. This is because they perform better, and last longer than all other widgets being offered by your competitors. If the competitors had access to your widgets design and manufacturing process, your company would lose its competitive advantage over that competitor. Consumers would no longer rate your widgets as the best, and would buy competitors widgets. Loss of this intellectual property would result in your organizations loss of their competitive advantage and revenue. Some security controls for HIPAA compliance is subcategory PR.DS-5: Protections against data leaks are implanted this can be mapped to the NIST SP 800-53 Rev. 4 controls of AC-4, AC-5, AC-6, PE-19, PS-3, PS-6, SC-7, SC-8, SC-13, SC-32, and SI-4 (HHS, 2016). AC-4 as defined by the NIST SP 800-53 Rev. 4 is referred to as information flow enforcement. Flow control restrictions include, for example, keeping export-controlled information from being transmitted in the clear to the Internet, blocking outside traffic that claims to be from within the same organization (NIST, 2003). A data classification standard helps with asset classification because it sets a framework for uniformly assignment of classification. This in turn gives the organization guidance on what assets are most important and need to have the highest security controls implemented. This is also beneficial because it gives members of the organization an easy way to determine how to handle such assets. Under the SI family of the NIST 800-53 Rev 4, you could implement SI-16 known as Memory Protection. You could implement data execution prevention, and address space layout randomization. You could also implement SI-7 known as Software, Firmware, and Information Integrity. The intent of this control is to protect against unauthorized changes to software, or firmware. This should be implemented using an integrity verification tool, that reports any inconsistencies or changes that were not approved. In the IA family, you could implement Identifier Management or IA-4. In this case the organization could user role based access to the server. If your user account does not have access to the resource, you will not be able to access it. I would recommend implicating two factor authentications for all users in the Mock infrastructure. This is important because one factor authentication such as something you know is considered a weak form of authentication. A solution such as a device that generates a random token that is also used would make the customer data much more secure. I would also implement a encrypted VPN solution for users that connect over to the ASA_student switch. A VPN uses a secure tunnel and all traffic through the tunnel will be encrypted. Last, I would make modifications to the network layout, the current layout does not allow for protective isolations. For example, the web server should be positioned in a DMZ and separated from the other components of the network. An organization can use risk analysis to help mitigate risks, threats, and liabilities. A risk assessment is used to document the identity of assets, threats, and how the organization wants to mitigate the risk. The overall purpose of risk analysis is to identify the assets within a company and their value so that you can identify threats against those assets (Clark, 2014). The risk assessment is broken in to separate phases. The first phase is the identification of assets in this phase the organization identifies the assets. The second phase, focuses on identification of threats to each asset. It is important to understand that most of the threats come from the fact that weaknesses, or vulnerabilities, exist in the assets of the business (Clark, 2014). The third phase known as the impact analysis phase. The goal of impact analysis is to identify what the result of the threat occurring would be on the business (Clark, 2014). The fourth phase known as threat prioritization. In this ph ase the organization needs to prioritize the threats against each asset. You must prioritize the threats based on their impact and probability of occurring (Clark, 2014). The fifth phase, known as mitigation is the step that in most cases implements a security control to lower the risk associated with a threat. This is the phase where a control is implemented to reduce the risks, threats and liabilities. The last and final step, is evaluation of residual risk. This is looking at the remaining threats and deciding if the organization has properly mitigated the risk. It is critical to express this residual risk to management and decide if you are willing to accept that residual risk or need to implement additional solutions (Clark, 2014). True, under both HIPAA and GLBA it calls for an implementation of IT security policies, standards, procedures, and guidelines. GLBA is comprised of the Privacy Rule, Safeguard Rule, and Pretexting Rule. The safe guards rule calls for each of the regulatory agencies to establish security standards. The FTC Safeguards Rule requires financial institutions to create a written information security program (Grama , 2015). HIPAA also calls for a similar implementation of security policies. 45 C.F.R. 164.316 calls for covered entities and business associates to, implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart, taking into account those factors specified in statute 164.306(b)(2). It is important to identify where privacy data resides so that proper controls can be placed on that privacy data. This is also important so that management and staff know if any changes made to places where privacy data resides, they leave the protections planned for and implemented in place. This is important for those organizations who are required to follow legislation such as the GLBA and HIPPA. I choose the workstations in the user domain indicated in B in the lab manual. The operational control I choose is AC-9 which informs the user upon successful login, the last day and time of login. This is important because it give the user information relative to the last time their credentials were used. If a user was not at work or did not logon on the last logon shown they would be aware that their credentials have been used by someone else. The one technical control I choose for this piece of hardware is AU-3 which lays out the ground work in regards to audit records. This is important because unsuccessful, and successful logins will be recorded in the audit logs. The managerial control I choose to apply, is AC-2 which involves controls on account management. This is important for workstations to control access. It also defines who should have access to different resources and monitors the use of the information system accounts. References Fowler, S. (2003, February 28). Information Classification Who, Why and How. Retrieved March 11, 2017, from https://www.sans.org/reading-room/whitepapers/auditing/information-classification-who-846 Kadel, L. A. (2004, March 24). Designing and Implementing an Effective InformationSecurity Program: Protecting the Data Assets of Individuals, Small and Large Businesses. Retrieved March 11, 2017, from https://www.sans.org/reading room/whitepapers/hsoffice/designing-implementing-effective-information-security- program-protecting-data-assets-of-1398 Grama, J. L. (2015). Legal Issues in Information Security; Second Edition. Jones and Bartlett Learning. Clark, G.E. (2014). CompTIA Security+ Certification Study Guide (exam SY0-401). Mcgraw-Hill Education. Stewart, J. M. (2014). Network Security; Firewalls and Vpns: Second Edition. Jones and Bartlett Learning.

Saturday, January 18, 2020

DBQ Essay: Green Revolution Essay

The researches that formed and became the Green Revolution changed the agricultural technologies of many places and peoples. The Green Revolution was an introduction of a new technology of scientifically bred crops that went worldwide. In 1945 the Green Revolution started as leaders addressed the issues of hunger and starvation with the Green Revolution as the solution, and although it helped many people at the time, the Green Revolution is debated today whether it environmentally crushed many societies or was a worldwide helpful event. The Green Revolution was caused by the people seeing their need to overcome starvation and advance technologically within their communities. In document 3 Harry Truman addresses the issue of poverty and starvation in other countries. He talks to the people that the United States should help them realize their aspirations for a better life through technological knowledge. This document is taken from Harry Truman’s inaugural address in Washington D.C., in 1949. His speech provides an insight into Truman’s deep concern for the people of the world and the evident need for a change. In document four Dr. Norman states that hunger is a serious issue and vital attribute to a country’s survival, and that the new technology of the Green Revolution could be the solution. This document is taken from the point of view of Dr. Norman Borlaug, a United States scientist involved in Green Revolution research, who is a Nobel Peace Prize winner at a Nobel Lecture in 1970. Dr. Norman is a very creditable source with his first hand knowledge of the Green Revolution. In document five Chidambaram, India’s minister for food and agriculture from 1964-1967, describes in his interview the farmers in Punjab and their role in starting the revolution there in attempt to save their people. The world at this time was desperate for a solution to their starvation problems and the Green Revolution was the solution. The Green Revolution obtained many beneficiaries of its easy and productive style. When examining the charts in documents one and two, coming from the very reliable source of Food and Agriculture Organizations of the Untied Nations (FAO), you see the substantial growth of wheat yields in India and Mexico, and the populations along with the food supply index. In document 6 there is  a conversation about the Mexicans and how they have chosen to use their riches benefitted from the Green Revolution. This document is written from Mrs. Dula’s opinionated point of view, a wife of a Mexican agricultural official. She condescendingly makes a remark about how the Mexican woman love to save the money, only to go out once a month to spend it all shopping in Tuscon. In document nine taken from the Human Development Report issued by the State of Punjab, India in 2004, it shows us the positive social effect that occurred there because of the Green Revolution. The caste system disappeared as the middle and peasantry classes arose because of farming. Also within the Punjab communities, the new lifestyle attained from the Green Revolution produced a more nuclear and close-knit family that benefited Punjab. The Green Revolution saved many from starvation, increased success in various places, and positively affected the societies. Alongside many benefits of the Green Revolution, some documents conclude many problems that negatively affected people who participated in the Green Revolution. In document seven, taken from the FAO newsletter circa 1987, the role of women is clearly shown to change within the household. Women now had to be forced into low paid or unpaid agricultural labors because of the increased needs for cash incomes. In document eight Dr. Vandana Shiva wrote in her article about how Punjab has suffered from the Green Revolution. Although Punjab is known as one of the most successful places because of the Green Revolution, she explains how two decades of the revolution have left them with conflict over diminishing wate r sources and indebted and discontented farmers. In document 10 the Mayans are largely saddened by the misuse of their precious seeds. The Green Revolution sterilized and contaminated the seeds that were a proud aspect of Mayan heritage, leaving the Mayans unhappy after standing firm defending the seeds after five thousand years. These negative effects of the Green Revolution stay with some places still today and are considered to have altered beautiful farming lands. The documents given gave an insight far into the Green Revolution and what really happened within the areas it took place, although other additional documents would be helpful as well. A document of a letter or interview of the farmers in Punjab at the time of the revolution would be helpful to clarify how the farmers felt about the work of the Revolution, if it was strenuous or simple. This would allow an accurate idea of how the revolution affected the people who made it  possible. Another document of journal or interview of an impoverished person within the places that starvation took hold would be helpful. This would allow insight on whether the countries really wanted the help of the Green Revolution, not just the acknowledgement by other countries, like in document three, of their impoverished state. The documents given about the Green Revolution provide evidence about the truth of the causes and consequences of it. The Green Revolution began in 1945 because of our realization of the issues that prevented countries from aspiring to their true potential, and with that acknowledgement the Green Revolution came into play as a hug advancement in agricultural technology that helped many people as it also negatively affected others. Whether the Green Revolution was good or bad for the areas it took hold in, its effects can be seen today and analyzed.

Friday, January 10, 2020

Brief Article Teaches You the Ins and Outs of Tsi Essay Sample Topics and What You Should Do Today

Brief Article Teaches You the Ins and Outs of Tsi Essay Sample Topics and What You Should Do Today Every college campus in Texas presents prospective students an opportunity to take a complimentary TSI practice test, which indicates how well a student is probably going to score on the comprehensive exam. Colleges also use the TSI results to help determine the degree of courses and any crucial interventions that are essential to assist you succeed. A student may retake the test at any moment if he or she's not pleased with the consequence of the assessment. The custom is allowed in some states, but it's frowned upon and illegal in a lot more states. TSI Practice Tests are the perfect method to get ready for your upcoming TSI exam. As a consequence of which there isn't development of the poor people as it isn't possible for them to invest money for absolutely any innovative purpose by owing financing from the bank. Mechanical Conventions The degree to which you express ideas utilizing Standard Written English. Today the most fundamental problem that's engulfing the society is the matter of unemployment. There are lots of difficulties which arise as a result of unemployment like terrorism in the society that is dangerous for the humankind. One of the serious causes of obesity is absence of a balanced diet. The very first source of obesity is too obvious and it's a huge intake food. Whenever there is cholesterol present in the body of someone, it results in obesity generally. The folks who suffer from obesity frequently have a v ery low quality of life too. Even some work you can do on your computer and there's no need to visit the workplace. The majority of them also offer Internet access and texting. After repeatedly facing a bully, a kid may start to refuse to visit school. You may trust us to offer expert assistance for many of your academic writing needs. Possessing fantastic research abilities and selecting an excellent topic is vital. If you want more help on writing, consider learning plain writing. The goal of brainstorming is to aid you in getting ideas. Learning from examples is among the perfect ways in regards to writing articles. Thus, the career preference culminates to the impact of disease vulnerability and threats in the area. Take your time to cautiously examine our cause and effect topics list till you locate a prompt that you're excited to write about. In summary, the consequences of obesity that are physical, psychological, and social can cause many troubles, but the chief point it can offer many suffering and cause death. The significance of research in persuasive writing cannot be overstated. The group of skilled essay writers is always prepared to aid you with that in no moment! In case the project is quite substantial and important, then you are going to require an in-depth comprehension of the topic. It's possible to find assistance and deliver top-notch essays. As any guide on how best to compose a persuasive essay will inform you, your essay has to be organized in paragraphs with a logical progression from 1 paragraph to the next. Weave in your perspective to produce your essay unique. An essay is going to be asked to fulfill the writing part of the test. Sample persuasive essays can also offer inspiration on topics to write on in addition to serve as examples about how to compose your essay. Thus, you can ride on their professionalism to steer you on both the structure and content which should go into your write-ups. The sort of content that you provide depicts what sort of thesis statement you need to have. A great structure will cause a great paper, therefore it's important to get a plan before starting. Examples might also be included in every one of the body paragraphs to additional support and clarify your principal points. Finding the Best Tsi Essay Sample Topics When something happens it produces an outcome. Before you commence working on cause and effect essay outline the very first thing you have to do is to select a winning topic. X is utilized to indicate a cause, whilst Y is utilised to indicate the result. Individuals that have a smoking authority figure in their lives (for example, a parent) are a lot more likely to begin smoking later in life.

Wednesday, January 1, 2020

Schizophreni Living With Schizophrenia - 1623 Words

Running Head: Living with Schizophrenia Hrustanbegovic 1 Living with Schizophrenia Amra Hrustanbegovic Concordia University April 14, 2014 Abstract This paper will cover the symptoms, causes and treatments to the disorder schizophrenia. Also how lifestyle is tougher on those with the terrible illness of schizophrenia. Living with Schizophrenia In the world today, there are many illnesses and disorders that affect people each and every day. One illness in particular that is very big in the US and all around the world is Schizophrenia. It is also the most researched topic. A person who is diagnosed with Schizophrenia lives a very different lifestyle than someone who is not. Many people would consider a person with schizophrenia to be â€Å"crazy.† Sadly enough, people with this illness do posses symptoms that might come off as crazy or insane. There are many different causes that come along with schizophrenia. A person who is diagnosed may not know it at first but they do later realize that they have some interesting thoughts, depending on the type of symptoms they posses while having this illness. Although the symptoms may be very brutal and causes cannot be controlled, there still is hope and treatments for individuals who have schizophrenia. The symptoms of schizophrenia vary from person to person. Symptoms also do range in severity and consistency. They may come on very strong at once or they can