Monthly Archives: June 2023

What were some of the blunders that were illustrated in the video above? Please explain your thought process.Submit a post of at least two to three paragraphs and make sure to follow-up on the posts of a minimum of two other classmates. 

Part 1: Research Separation of Duties Policies (0/1 completed)

Note: In this part of the lab, you will review scholarly research on separation of duties policies in order to form a basis for their purpose and usage. Understanding the reason behind a SoD policy is key to understanding the component policies and procedures. Please take time to review the research thoroughly and think through the concepts of the policy itself.

1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing separation of duties policies.

Lu, J., Li, R., Lu, Z., & Jin, Y. (2009, December 31). Dynamic Enforcement of Separation-of-Duty Policies. Paper presented at the International Conference on Multimedia Information Networking and Security. http://dx.doi.org/10.1109/MINES.2009.102

2. Write a brief summary of the article. In your summary, focus on the need for a Separation of Duties policy and its key elements.                                                                                                    

Part 2: Create a Separation of Duties Policy (0/6 completed)Note: In Part 1 of this lab, you learned about the motivating factors that inform a separation of duties policy. In this part of the lab, you will create your own separation of duties policy for a given scenario. As you prepare your policy, remember that no one individual or team should have too much authority or power to perform a function in a business or organization and that understanding where responsibilities begin and end is critical to effective separation of duties. However, just because one individual or team has decidedly too much authority or power does not necessarily mean that management should apply separation of duties to mitigate the risk given that truly separated duties often means additional labor and/or costs. Instead, management might decide to accept the risk or address the risk by other means.

1. Review the following scenario for the fictional Bankwise Credit Union:

• The organization is a local credit union that has multiple branches and locations throughout the region.
• Online banking and use of the internet are the bank’s strengths, given its limited human resources.
• The customer service department is the organization’s most critical business function.
• The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
• The organization wants to monitor and control use of the Internet by implementing content filtering.
• The organization wants to eliminate personal use of organization-owned IT assets and systems.
• The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
• The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
• The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security.

2. Create a security management policy with defined separation of duties for the Bankwise Credit Union.

Bankwise Credit Union

Separation of Duties Policy

Policy Statement
(Define your policy verbiage.)

Purpose/Objectives
(Define the policy’s purpose as well as its objectives.)

Scope
(Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?)

Standards
(Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.)

 Procedures
(Explain how you intend to implement this policy for the entire organization.)

Guidelines
(Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.)

Challenge Exercise (0/1 completed)Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.

For this portion of the lab, you will complete additional research of a case study in separation of duties and provide your own overview of the problem and solution. 

Locate and read the following research article:

Ballesteros, S., Pan, L., Batten, L., & Li, G. (2015). Segregation-of-Duties Conflicts in the Insider Threat Landscape: An Overview and Case Study. Paper presented at the Second International Conference on Education Reform and Modern Management. https://doi.org/10.2991/ermm-15.2015.96

Discuss how a separation of duties policy would help to resolve the issues at Bankwise Credit Union, as discussed in this case study. Assume your audience is the CEO and Board of Bankwise Credit Union.

Describe how you would build a PC. Identify the parts used to build the PC and their alignment to the PC’s primary use. Be specific with details for each component. What component would you invest in the most? Explain why.

ATTACHED IS THE COMPUTER THAT I’M BUILDING

Answer the following questions based on this scenario.

Problem: Write a program that reads 10 username and password values into parallel arrays. After the arrays have been loaded, the program should behave like a login screen, prompting for a username and a password. Based on the data read and stored in the arrays, the program should respond appropriately with one of three output messages: “Username not found.”, “Username and password does not match.” or “Access granted.”

Question 1: Would you write this program asking a user to enter the usernames and passwords or would you use a file that contains all the username and passwords as input?  Explain why you would choose one over the other.  

Question 2: Will your answer remain the same if the number of username and password values change to 40, and why?

NIST Cybersecurity Framework (CSF) has implementation Tiers to provide context on how an organization view cybersecurity risk and the processes in place to manage that risk.

Review the NIST Cybersecurity Framework (CSF) and answer the following questions 
Resource: NIST Cybersecurity Framework V1.1
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

Question 1: What are the Framework Core Functions

Question 2: What are the four Framework Implementation Tiers? 
And, Explain the following three categories for each Tier 
Risk Management Process
Integrated Risk Management Program 
External Participation

Question 3:  How do you implement NIST security controls?

Question 4: What are the five steps in NIST Cybersecurity Framework?
Resource: https://www.cybersaint.io/blog/nist-cybersecurity-framework-core-explained

Instruction in file

Publishing a policy and standards library depends on the communications tools available within an organization. Some organizations keep documents in Word format and publish them in PDF format. Other organizations use Governance, Risk, and Compliance (GRC), a class of software for supporting policy management and publication.

In addition to authoring documents, GRC software typically includes a comprehensive set of features and functionality, such as assessing the proper technical and nontechnical operation of controls, and mitigating/remediating areas where controls are lacking or not operating properly (governance).

Answer the following question(s):

1. 1. Why might an organization use the Word and PDF approach rather than GRC software, and vice versa?

Please use the proper citation and references.

 IT workers have many different relationships, including those with employers, clients, suppliers, other professionals, IT users, and the society at large, and that in each relationship, an ethical IT worker acts honestly and appropriately. IT workers must set an example and enforce policies regarding the ethical use of IT. IT workers are in a unique position because they have the skills and knowledge to abuse systems and data or to allow others to do so.

Discuss an ethical issue IT organizations face today. Have you been personally affected by an IT ethical issue? Provide examples

refer to the attached document in uploads

 Topic : From my organizational behavioral course . You can either do “Stress at work” or “Cultural Differences” both topics must include “on the job” experiences and information. I also have a link to my book if needed. I must have this to me at 5/22/2022 9 pm.