Uncategorized

Your supervisor has asked that the memo focus on Odenton’s information systems, and specifically, securing the processes for payments of services. C

Jason King jr

6 min read
  • The IT department for Anne Arundel County is meticulous about keeping payment terminalsoftware,operatingsystemsandothersoftware(includinganti-virussoftware)updated.
  • Assessmentofprotection fromremoteaccessandbreachestotheAnneArundelnetwork: OdentonTownshipaccessesthedatabasesystemfortheCountywhenupdatingresident’s accounts for services.It is not clear whether a secure remote connection (VPN) is standard policy.
  • AssessmentofphysicalsecurityattheOdentonTownshiphall:theonlycurrentformof physical security are locks on the two outer doors; however, the facility is unlocked Monday-Friday, 8am-5pm (EST), excluding federal holidays.
  • Employeeawarenesstrainingondatasecurityandsecurepracticesforhandlingsensitive data (e.g., credit card information) are not in place.
  • TheoverarchingconclusionoftheriskassessmentwasthatOdentonTownshipisnot fully compliant with thePCI Data Security Standards(v3.2).

Note: The Chief Executive for Anne Arundel County has asked for specific attention be paid to insider threats, citing a recent article about an administrator from San Francisco (see Resources). Anne Arundel County wants to understand insider threats and ways to mitigate so that they protect their resident’s personal data as well as the County’s sensitive information. These are threats to information systems, including malware and insider threats (negligent or inadvertent users, criminal or malicious insiders, and user credential theft).

Expectations and Format

Using the resources listed below, you are to write a 2-page Professional Informational Memo to the Chief Executive for Anne Arundel County that addresses the following:

  • Risk Assessment Summary:Provide an overview of your concerns from the risk assessment report.Include broad ‘goal’ of the memo, as a result of the risk assessment, thebroadrecommendations.SpecificActionStepswillcomelater.Thesummaryshould be no more than one paragraph.
  • Background: Provide a background for your concerns. Briefly highlight why the concerns are critical to the County of Anne Arundel and Odenton Township.Clearly statetheimportanceofdatasecurityandinsiderthreatswhendealingwithpersonalcredit cards.Be sure to establish the magnitude of the problem of insider threats.
  • Concerns, Standards, Best Practices:The body of the memo needs tojustify your concerns and clarify standards, based on the resources listed below, at minimum.The PCI DSS standards are well respected and used globally to protect entities and individual’ssensitivedata.Thebodyofthememoshouldalsohighlightthreecurrent controls that are considered best practice; that is, you should highlight the positive, what is currently in place, based on the risk assessment.
  • Action Steps:Provide a conclusion establishing why it is important for Anne Arundel County to take steps to protect residents and county infrastructure from insider threats based on your concerns.Recommenda minimum of three (3)practical action steps, includingnewsecuritycontrols,bestpracticesand/oruserpoliciesthatwillmitigatethe concerns in this memo.Be sure to include cost considerations so that the County is

getting the biggest bang for the buck. The expectations are not for you to research and quote actual costs, but to generalize potential costs. For instance, under the category of physical security, door locks are typically less expensive than CCTV cameras.

  • BesuretoreviewthePowerPointpresentation(inpdfformat)EffectiveProfessional Memo Writingthat accompanies these instructions.
  • UsetheProfessionalMemotemplatethataccompaniestheseinstructions.
    • Usefoursection subtitles, inbold.
      • RiskAssessmentSummary
      • Background
      • Concerns,Standards,BestPractices
      • ActionSteps
    • Donot changethefont sizeor typeor pagemargins.
    • Donotincludeanygraphics,imagesor‘snips’ofanycontentfromcopyrighted sources.The PCI Standards (PCI DSS) document is copyrighted material.
    • ParagraphtextshouldbesinglespacedwithONE‘hardreturn’(Enter)aftereach paragraphand after each section subtitle.Note:Donotcreate anew ‘paragraph’ after each sentence.A single sentence is not a paragraph.
    • ‘Subject’isthesubject of yourmemo,notthecoursenameornumber.
    • Besuretoremoveanyremaining‘placeholder’textinthetemplatefilebeforesubmitting.
    • ThelengthofthetemplatewhenyoudownloaditisNOTtheintendedlengthof the entire memo.Your completed memo should be between 1.5 pages and 2 pages (total document, including the To:/From:/Re:/Subject header).

*Note: the Professional Memo is to be in a MS Word file and all work is to be in the student’s own words (no direct quotes from external sources or the instructions) *

APAdocumentationrequirements:

  • Asthisisaprofessionalmemo,aslongasyouuseresourcesprovidedwithorlinked from these instructions,APA documentation is NOT required.
  • Citingmaterialorresourcesbeyondwhat isprovidedhereisNOTrequired.
  • However, you should usebasic attributionand mention the source of any data, ideas orpoliciesthatyoumention,whichwillhelpestablishthecredibilityandauthorityof the memo.
    • For example, mentioning that thePayment Card Industry Data Security Standards(PCIDSS)identifyacertaincontrolasbestpracticeholdsmore weight than simply stating the control is a best practice without basicattribution.
    • Mentioning thatWired Magazine reportedthat a City of San Francisco IT technicianeffectivelyhijackedandlocked60%ofthecity’snetworkcapacity, is more effective than saying “I read somewhere that…”

Resources

Examples of Security Breaches Due to Insider Threats

SanFranciscoAdminChargedWithHijackingCity’sNetwork

Microsoftdatabaseleakedbecauseofemployeenegligence

GeneralElectricemployeesstoletradesecretstogainabusinessadvantage Former Cisco employee purposely damaged cloud infrastructure

Twitterusersscammedbecauseofphishedemployees

  1. PCIDSSGoals:

(source:https://www.pcisecuritystandards.org/merchants/process)

References

FBI.(2021).TheInsiderThreat:AnIntroductiontoDetectingandDeterringanInsiderSpy. https://www.fbi.gov/file-repository/insider_threat_brochure.pdf/view

PCIDSS.(2021,Feb.12).PaymentCardIndustrySecurityStandards. https://www.pcisecuritystandards.org/

JingguoWang,Gupta,M.,&Rao,H.R.(2015).Insider threatsinafinancialinstitution:Analysis of attack-proneness of information systems applications.MIS Quarterly,39(1), 91-A7. https://search-ebscohost- com.ezproxy.umgc.edu/login.aspx?direct=true&db=bth&AN=100717560&site=ehost- live&scope=site

ProfessorMesser.(2014).Authorizationandaccesscontrol[Videofile].YouTube. https://www.youtube.com/watch?v=6aXMuJPkuiU

U.S.DHS.(2021).InsiderThreat.https://www.dhs.gov/science-and-technology/cybersecurity- insider-threat

Wizuda.(2017).Dataanonymisationsimplified[Videofile].YouTube. https://www.youtube.com/watch?v=m9UxV4XaXwg

Yuan,S.,&Wu,X.(2021).Deeplearningforinsiderthreatdetection:Review,challengesand opportunities.Computers & Security. https://doi- org.ezproxy.umgc.edu/10.1016/j.cose.2021.102221

Keywords: risk assessment, insider threats, data security

SubmittingYourAssignment

SubmityourdocumentviayourAssignmentFolderasMicrosoftWorddocument,oradocumentthatcan bereadyusingMSWord,withyourlastnameincludedinthefilename.UsetheGradingRubricbelowto be sure you have covered all aspects of the assignment.

GRADINGRUBRIC:

Criteria

Far
Above
Standards

Above
Standards

Meets
Standards

Below
Standards

Well
Below
Standards

Possible
Points

Summary
of Risk
Assessment

15
Points

Summary
is
highly
effective,
thorough and
professional.

12.75
Points

Summary
is effective,
thorough and
professional.

10.5
Points

Summary
is somewhat
effective,
thorough and
professional.

9
Points

Summary
is lacking.

0-8
Points

Stated
requirements for
this
section are
severely lacking or absent.

15

Background
and
Importance
(to
the
Client) of
Data Security and Insider
Threats

10
Points

Discussion
of ba5ckground,
data
security and insider threats is highly effective, thorough, and
professional.

8.5
Points

Discussion
of background, data security
and
insider
threats
is
effective,
thorough, and professional.

7
Points

Discussion
of background,
data
security and insider threats is somewhat
effective, thorough,
and

professional.

6
Points

Discussion
of background,
data
security and insider threats is lacking.

0-5
Points

Stated
requirements for
this
section are
severely lacking or absent.

10

Concerns,
Standards, Best
Practices:
Justify
Concerns and
Clarify
Standards

15
Points

Discussion
of concerns and standards
is
highly
effective,
thorough,
and professional.

12.75
Points

Discussion
of concerns and standards is effective,
thorough,
and professional.

10.5
Points

Discussion
of concerns and standards is somewhat
effective, thorough,
and

professional.

9
Points

Discussion
of concerns
or standards is lacking.

0-8
Points

Stated
requirements for
this
section are
severely lacking or absent.

15

Concerns,
Standards, Best
Practices:
Three current practices
identified
and justified as best practice

15
Points

Three
highly relevant current practices are offered and justified as
best practices.
Overall
presentation is clear,
concise,
and

professional.

12.75
Points

Section
may be lacking
in
number of
recommendations
or relevancy
or justification or overall
presentation.

10.5
Points

Section
is lacking in number of recommendations
or relevancy
or justification or overall
presentation.

9
Points

Section
is lacking in
two
or
more
of the
following: number of recommendations
or relevancy
or justification or overall

presentation.

0-8
Points

Stated
requirements for
this
section are
severely lacking or absent.

15

Action
Steps: Three
recommendati ons
minimum identified and justified
including
some
discussion
of cost
considerations

20
Points

Three
highly relevant
recommendations are
offered and justified, with effective
discussion
of
cost
considerations.

Overall
presentation
is clear,
concise,
and

professional.

17
Points

Section
may be lacking
in
number of
recommendations
or relevancy
or justification or a discussion
of
cost
considerations or overall
presentation.

14
Points

Section
is lacking in number of recommendations
or relevancy
or justification or a discussion
of
cost
considerations or overall
presentation.

12
Points

Section
is lacking in
two
or
more
of the
following: number of recommendations
or relevancy
or justification or a discussion
of
cost
considerations or overall
presentation.

0-11
Points

Stated
requirements for
this
section are
severely lacking or absent.

20

Basic
Attribution (overall)

10
Points

Overall
use of basic
attribution
is highly
effective in establishing
credibility
and authority.

8.5
Points

Overall
use
of
basic
attribution is effective in establishing
credibility
and authority.

7
Points

Overall
use of basic
attribution
is partially
effective in establishing credibility and authority.

6
Points

Overall
use of basic
attribution
is partially effective in establishing
credibility
and authority.

Additional
basic
attribution
may

have
been needed.

0-5
Points

Overall
use
of basic
attribution was
minimally
effective or not used.

10

Overall
Format: APA

documentatio
n needed
only if sources external
to
the
assignment
are
introduced

15
Points

Submission
reflects
effective organization and sophisticated
writing;
follows instructions
provided;
uses correct structure, grammar, and spelling;
presented in
a professional format; any references used are appropriately
incorporated and

cited
using
APA style.

12.75
Points

Submission
reflects effective
organization
and clear writing; follows instructions provided; uses correct
structure, grammar, and spelling; presented in a professional
format; any references
used
are
appropriately
incorporated
and cited using APA style.

10.5
Points

Submission
is adequate, is somewhat
organized,
follows instructions
provided;
contains
minimal grammar and/or spelling errors;
and
follows APA
style for any references and citations.

9
Points

Submission
is
not well
organized, and/or does not follow
instructions
provided;
and/or contains
grammar
and/or spelling errors; and/or does not follow APA style for any
references and citations. May demonstrate

inadequate
level of
writing.

0-8
Points

Document
is poorly
written and
does not convey the necessary
information.

15

TOTAL

Points
Possible

100

100

Read more

My assignment paper- This week, you will develop a mini business plan for a new service or product within your healthcare facility or a healthcare facility you are familiar with (e.g., a hospital, a healt

Rubric Based on your research, write a 9-10 page paper EXCLUDING title page and references that addresses the following questions: NOTE: All submitted assignments are required to follow APA guidelines. “Current research” is considered within 5-years. Your Turnitin Score typically should be under 24%.  Refrain from using AI software to

By Jamez Blake

The purpose of this assessment is to demonstrate your understanding of and ability to analyze a root cause of a specific safety concern in a healthcare setting. You will create a plan to improve the safety of patients

For this assessment, you can use a supplied template to conduct a root-cause analysis. The completed assessment will be a scholarly paper focusing on a quality or safety issue in a healthcare setting of your choice as well as a safety improvement plan. The purpose of this assessment is to

By Jamez Blake

DATCB/565 Competency 1 Assessment and Rubric Course Title: Data Analysis and Business Analytics Assessment Title: Competency 1 Assessment Points: 100

DATCB/565 Competency 1 Assessment and Rubric Course Title: Data Analysis and Business Analytics Assessment Title: Competency 1 Assessment Points: 100 Assignment Directions Read the scenario, part 1, part 2, and the rubric before beginning your assignment. Scenario Pastas R Us, Inc. is a fast-casual restaurant chain specializing in noodle-based

By Jamez Blake

Write My Paper Button

WhatsApp Widget