Unit 3 Assignment - John Perkins

In Safety Specifications, Risk decomposition = Select one: a. Hazard analysis b. Hazard identification c. Hazard assessment d. Safety requirements specification

After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. 1. Discussion Questions Do you think the response of the company so far indicates any flaws in company policy or practices that are revealed in the incident?

Effective metrics are the most obvious technique to ensure policy compliance. Metrics can be used to demonstrate how well compliance is performing. You have a measure on how many people have read, acknowledged, and accepted a policy if you create a rule to determine if it has been read, acknowledged, and accepted by signature. The number of employees who have accessed the system would be a statistic if the policy is based on system access. Please respond to the following question(s): Exactly what sort metrics related to knowledge testing following cybersecurity would be useful? The metrics could be collected right after training or at regular intervals over a period of months.

- There are many types of cybersecurity liability policies covering a host of eventualities. What insurance you should buy depends on your business model and your company board's risk appetite. For this discussion, pick one of the five cybersecurity laws, regulations, or policies you wrote about in the Module 5 assignment, and discuss what types of insurance you would recommend in case your company fails at compliance for that requirement. Discuss the risk-reward trade offs, and explain why you think your insurance recommendation is worth the cost.

For this assignment, you will create a plan to put into place in Capstone County to communicate with citizens about the H5N1 flu that is occurring in our fictional case.   Instructions Formulate a SINGLE communication strategy that the Capstone County Health Department could put into place in Capstone County. Remember, a real pandemic response would include dozens of different activities, but we are focusing on only one. Fill out the worksheet below. A Communication Plan What is the recent, scholarly, peer-reviewed article that is serving as a guide for your project? [write full, APA-formatted reference below.]   Using your imagination and what you’ve learned from your reading, create your own plan for a single communication activity you would put into place to address the H5N1 pandemic flu in Capstone County. Choose one of the following: My communication plan focuses on: Communicating with residents before the virus arrives in Capstone. Communicating with residents during an…

If something is not clear in the description and you need to make assumptions to make a decision, document the assumptions you make. Please read it carefully The department of public works for a large city has decided to develop a Web-based pothole tracking and repair system (PHTRS). The department hired a new system analyst to analyse and design the web-based PHTRS. The analyst came up with the following description of their requirement: Citizens can log onto a website to view and make potholes report. The report contains the location and severity of potholes. As potholes are reported they are logged with a "public works department repair system" and are assigned with the given data. The recorded potholes consist of information as follows: an identifying number, stored with street address, size (on a scale of 1 to 10), location (middle, curb, etc.), district, and repair priority (determined from the size of the pothole). Further, a work order data is generated for each newly added…

At least two examples/scenarios are required to back up your response and highlight the most important SDLC stage.

A security policy is a document that provides employees with clear instructions about acceptable use of company confidential information, explains how the company secures data resources and what it expects of the people who work with this information. Most importantly, the policy is designed with enough flexibility to be amended when necessary. You are working in organization X, and you are supposed to develop an issue-specific security policy, you can pick one issue from Table.1 [1] (In the photos) Your Task is: To develop the different sections of your policy and adequate procedure(s), you can refer to SANS Policy Templates [2]. References: [1] Developing an Information Security Policy: A Case Study Approach, Fayez Hussain Alqahtani. 4th Information Systems International Conference 2017, ISICO 2017, 6-8 November 2017, Bali, Indonesia. [2] https://www.sans.org/information-security-policy/

CMU SE 17-627 Nancy Mead READINGS: SQUARE Technical Report DISCUSSION/EXERCISE: Objectives: Software Security Engineering Case Study #2 Due: Date shown on syllabus To experience most aspects of security requirements engineering Assignment: 1. Using the SQUARE Technical Report as a guide, apply SQUARE steps 1, 2, 3,4 (you just need to identify risks, you don't have to do a formal risk analysis), 5, 6, 7, and 8 to your Case Study project. Note: You do not need to interview your actual stakeholders for purposes of this exercise. 2. Develop attack trees and selected corresponding misuse cases as part of this exercise. . 3. Turn this assignment in on Blackboard BEFORE the next class.

Have you ever seen someone being harassed or bullied by someone else over the internet? When you initially learned of the issue, what was the very first thing that went through your head? How did you get at the conclusion that the individual had been the target of bullying conduct prior to your intervention? In other words, how did you come to that conclusion?

After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?

Chain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…

How would you describe specific approaches for dealing with and mitigating hazards associated with a particular slide?

You are needed to discuss each of the themes listed below in your own words, using your own terminology. You must keep your discussions on each subject to a maximum of 200 to 400 words in length each. Risk Management Techniques in the Field of Software Engineering

While society expects businesses to be prepared for disasters and to recover using their own resources, it does not appear that individuals are equipped to endure a crisis. Should we expect the government, at any level, to be in charge of catastrophe recovery, whether at the personal or commercial level? If so, why or why not? What kind of concessions would a company have to make if the catastrophe recovery process was handed over to a government agency?

Are you able to tell the difference between dangers that are unavoidable and those that can be avoided or mitigated?

What does it mean to you to be on the safe side of things? Maintaining one's safety in the real world is becoming an increasingly challenging endeavor. Is it conceivable for a single assault on the infrastructure of an organization to take on a number of diverse forms?

Determine the most critical step of the SDLC and support your response with at least two examples/scenarios.

solve the questions: Tony and his team identified some risks during the first month of the Recreation and Wellness Intranet Project. However, all they did was document the risks in a list. They never ranked the risks or developed any response strategies. Because the project has had several problems, such as key team members leaving the company, users being uncooperative, and team members not providing good status information. Tony has decided to be more proactive in managing risks. He also wants to address positive risks as well as negative risks. the quation is : 1- Plot the six risks on a probability/impact matrix.  2-  assign a numeric value for the probability and impact of each risk on meeting the main project objective.

Let's say you've been asked to act as the JAD session's facilitator. If you were in charge of a JAD session, what ten guidelines would you establish for the attendees to follow?

Is there any government surveillance on organizations to ensure they aren’t invading, selling, or sharing personal information to outsiders? Since the process of building a software for safety critical systems is expensive, does that mean there is a high demand for professional who focus on safety and systems ?

A recommended approach is that the people assigned to implement a risk management program should begin by studying the models presented earlier in this chapter and identifying what each offers to the envisioned process. Once the organization understands what each risk management model offers, it can adapt one that is a good fit for the specific needs at hand. Which risk control strategy would you consider the most effective and why? When should the strategy be used and why should it not be used for all risks?