Category: Technology

Determine the impact of systems on an organization. You must create a 5- to 7-slide presentation that shows how the existing system functions and how it could be improved. refer to the attached rubric for directions.

Student Name:
Date:
Part 1: Risk Assessment Policy
Locate and read the Risk Assessment Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare the NIST policy template with the template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
1. The Risk Assessment Policy is implemented for which NIST function and sub-categories? [5 points]
Answer:
2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the specific organization? Describe two occurrences of the customization in detail. [10 points]
Answer:
5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
Part 2: Access Control Policy

Locate and read the Access Control Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
1. The Access Control Policy is implemented for which NIST function and sub-categories? [5 points]
Answer:
2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe one occurrence of the customization in detail. [5 points]
Answer:
5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
6. If specified in the example policy, how frequent is the policy reviewed for potential modifications? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
References
1.
2.
3.

Student Name:
Date:
Part 1: Security Awareness and Training Policy
Locate and study the Security Awareness and Training policy in the NIST Cybersecurity Framework Policy Template Guide you downloaded in Week 1. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
1. The Security Awareness and Training Policy is implemented for which NIST functions and sub-categories? [5 points]
Answer:
2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe one occurrence of the customization in detail. [5 points]
Answer:
5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
6. If specified in the example policy, how frequent is the policy reviewed for potential modifications? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
Part 2: Contingency Planning Policy
Locate and read the Contingency Planning Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the policy and compare it with the NIST policy template side by side.
Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.
1. The Contingency Planning Policy is implemented for which NIST function and sub-categories(s)? [5 points]
Answer:
2. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]
Answer:
3. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]
Answer:
4. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe two occurrences of the customization in detail. [10 points]
Answer:
5. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]
Answer:
References
1.
2.
3.

This week, you will consider the historical and ethical contexts of your Course Project topic. This will provide a factual foundation to help guide your analysis in the coming week.
For this assignment, complete the following.
Definition: Explain your selected technology. What is it? How does it work? What is its purpose?
Timeline: Provide a timeline of major events concerning your technology. Include major developments, regulations, successful events, controversies, or issues.
Ethical Lens: Identify one to two ethical theories that you think will help you further develop your analysis of your selected technology. We discussed these theories in Week 1 (Divine Command, Kantianism, Utilitarianism, Social Contract Theory, Egoism, etc.).
As part of this assignment, you must consult and cite at least three high-quality academic sources. These sources should be from reputable publications that can be found in the DeVry Library or industry publications. Blogs and consumer-oriented “news” sources should be avoided.
A successful assignment will
be at least 300 words in length (about one page, not including title page or references page);
be composed using Microsoft Word and using 12-point Times New Roman;
apply APA format and citation guidelines;
include a minimum of three sources; and
include properly formatted and cited sources using the seventh edition of APA.
Don’t forget to submit your assignment for grading.

Please pay attention to the 3 points in the Module Learning Objectives. All of them need to be answered.

Scenario:
Advanced persistent threats (APTs) have been thrust into the spotlight due to their advanced tactics, techniques, procedures, and tools. These APTs are resourced unlike other types of cyber threat actors.
Your chief technology officer (CTO) has asked you to develop a detailed analysis and presentation of a specific APT(China).
TITLE: The Cybersecurity Threat Landscape
Report Requirements:
Part 1: Threat Landscape Analysis
• Provide a detailed analysis of the threat landscape today.
• What has changed in the past few years?
• Describe common tactics, techniques, and procedures to include threat actor types.
• What are the exploit vectors and vulnerabilities threat actors are predicted to take advantage of?
Part 2: APT Analysis
• Provide a detailed analysis and descriiption of the APT(China) you were assigned. Describe the specific tactics used to gain access to the target(s).
• Describe the tools used. Describe what the objective of the APT(China) was/is. Was it successful?
Part 3: Cybersecurity Tools, Tactics, and Procedures
• Describe current hardware- and software-based cybersecurity tools, tactics, and procedures.
• Consider the hardware and software solutions deployed today in the context of defense-in-depth.
• Elaborate on why these devices are not successful against the China APT.
Part 4: Machine Learning and Data Analytics
• Describe the concepts of machine learning and data analytics and how applying them to cybersecurity will evolve the field.
• Are there companies providing innovative defensive cybersecurity measures based on these technologies? If so, what are they? Would you recommend any of these to the CTO?
Part 5: Using Machine Learning and Data Analytics to Prevent APT
• Describe how machine learning and data analytics could have detected and/or prevented the APT(China) you analyzed had a victim organization deployed these technologies at the time of the event. Be specific.
Part 6: Ethics in Cybersecurity. Ethical issues are at the core of what we do as cybersecurity professionals. Think of the example of a cyber defender working in a hospital. They are charged with securing the network, medical devices, and protecting sensitive personal health information from unauthorized disclosure. They are not only protecting patient privacy but their health and perhaps even their lives. Confidentiality, Integrity, Availability – the C-I-A triad – and many other cybersecurity practices are increasingly at play in protecting citizens in all walks of life and in all sectors. Thus, acting in an ethical manner, is one of the hallmarks of a cybersecurity professional.
• Do you think the vulnerability(ies) exploited by the APT (China) constitute an ethical failure by the defender? Why or why not?
• For the APT scenario you studied, were there identifiable harms to privacy or property? How are these harms linked to C-I-A? If not, what ethically significant harms could result from the scenario you researched?
Notes
• Use additional sources of information but also describe the concept in layman’s terms.
• Use visuals where appropriate.
• While quality is valued over quantity

Paper outline:
Page 1 – Abstract
Page 2 – Thesis Statement & beginning of thesis
Last page – “Conclusions” and you should tell what you learned and how that information could be used to better the situation you were studying.
Here is the outline:
Title: Enhancing Software Security: Exploring DevSecOps Practices
Introduction: This research project aims to explore the effectiveness of DevSecOps in enhancing software security. DevSecOps is an emerging approach that integrates security practices throughout the software development lifecycle. By analyzing its core principles, challenges, and benefits, this research will provide practical recommendations for successful adoption.
Research Objectives:
1. Literature Review: Establish a solid theoretical foundation by reviewing scholarly articles, industry reports, and case studies on DevSecOps.
2. Analysis of Implementation Strategies: Investigate diverse implementation strategies used by organizations when adopting DevSecOps, identifying key success factors and challenges.
3. Identification of Security Challenges: Identify common security challenges in software development and analyze how DevSecOps addresses them effectively.
4. Evaluation of Tools and Automation: Assess the efficacy of security tools and automation technologies for seamless integration within the DevSecOps workflow.
5. Quantitative Analysis: Measure the impact of DevSecOps on software security using relevant metrics and statistical analysis techniques.
6. In-Depth Case Studies: Conduct case studies on organizations successfully implementing DevSecOps, exploring tangible effects and associated benefits and challenges.
Conclusion: This research project aims to contribute to software security by exploring DevSecOps practices. By providing practical insights and recommendations based on literature review, analysis of implementation strategies, and in-depth case studies, this research will help organizations adopt and implement DevSecOps effectively, leading to enhanced software security and reduced vulnerabilities.

Instructions
For this assignment, you will be required to read multiple academic resources that include books, articles, presentations, patents, etc. to present your findings. Once you have researched the topic, please write a one to two page paper that summarizes the sources that you discovered and provides an analysis of the emerging technology. You should follow APA guidelines for formatting this assignment. Please review the rubric and syllabus for specific guidelines. This week’s topic is artificial intelligence.
Objectives
1. Compose the basic functions of AI
2. Explain the value-added bye AI
3. Suggest possible applications
4. Analyze potential risks of AI
5. Predict which industries will benefit from AI

CREATE AN ERB SUBMISSION
Using ER Assistant (recommended) or Visio, create an ER diagram (ERD) that has at least 5 entities but no more than 6 entities. Each entity must have a minimum of 5 attributes that full describe that entity. The 5 attribute minimum includes the primary key only (see note below about foreign keys in ER diagrams).
All entities must be connected with suitable relationship that describe not only the cardinality (1:1, 1:M, M:M) but also whether the relationship is mandatory or optional.
Every entity and relationship in your diagram must have comments describing your business rules, i.e. the purpose of the entity and attributes, its relationship cardinality, and if it is mandatory or optional. You may embed these comments into the ERD using ‘Design Notes’/‘Design Justification’ inserts or provide them in a separate Word document.
Crow’s Feet notation style is required for all relationships. If you use ER Assistant, this is the default notation style. If you use Visio, you must ensure that you properly set the use of Crow’s Feet notation prior to submitting your final ERD.
Your ERD must be free of errors to receive full points. Hint: ER Assistant provides automated checks to ensure the ERD error free using the ‘Check Diagram’ function.
NOTE:
See Project Learning Demonstration (under Hands-On Resources) for examples on describing entities, attributes, and relationships. Examples –
Entity Name: EMPLOYEE
Entity Desсrіption: employees who work in an organization
Main attributes of EMPLOYEE:
Attribute Name: L_NAME
Attribute Desсrіption: last name.
Attribute Name: F_NAME
Attribute Desсrіption: first name.
Attribute Name: DOB
Attribute Desсrіption: date of birth.
Relationship: works between EMPLOYEE and DEPARTMENT
Cardinality: 1:M between DEPARTMENT and EMPLOYEE
Business rule: a department can have zero to many employees; an employee works for one and only one department
Deliverable:
Submit the ER diagram you created as an .ERD (ER Assistant) or .VSD (Visio) file.
Note: Foreign keys are not explicitly added in ER diagrams because foreign keys are not a construct of entity models but rather relational models. This means that you will not add a foreign key attributes to your entities. Your suitable relationships are all that is needed to determine where the foreign key is designed to go.
For example, say you have a CUSTOMER and ORDER entity each with their own primary key (CUST_ID and ORDER_ID) with a 1:M relationship such that one and only one customer places zero, one, or many orders. It follows then that CUST_ID is a foreign key within the ORDER entity without explicitly placing a CUST_ID foreign key as an attribute on the ORDER entity.

Attached Word document with instructions and week 1 essay for reference. The organization for assignment is U.S. Army