ERM Road Map

Overview

The following material may be useful for the completion of this assignment. You may refer to the documents Embracing Enterprise Risk Management: Practical Approaches for Getting Started and Developing Key Risk Indicators to Strengthen Enterprise Risk Management at the Committee of Sponsoring Organizations of the Treadway Commissionwebsite.Imagine you are an information technology manager employed by a business that needs you to develop a plan for an effective enterprise risk management (ERM) program. ERM has not been a priority for the organization, but failed corporate security audits, data breaches, and recent news stories have convinced the board of directors that they must address these weaknesses. As a result, the CEO has asked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program to address this area.

Instructions

Write a 3–4 page paper in which you:

  1. Summarize the COSO Risk Management Framework and COSO’s ERM process.
  2. Recommend the approach management should take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
  3. Analyze the methods for establishing key risk indicators (KRIs).
  4. Suggest the approach that the organization should take to link the KRIs with the organization’s strategic initiatives.
  5. Use at least three quality resources in this assignment (in addition to—and which support—the documents from the COSO website referenced in this assignment). Note:Wikipedia and similar websites do not qualify as quality resources.

This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.The specific course learning outcome associated with this assignment is:

  • Propose a risk management program based on the COSO framework.

oldm wk dis

  1. Discuss what power in the context of leadership is and how it relates to bullying within organizations.  Also note how this impacts productivity.
  2. Discuss what organizational culture is and how it impacts work productivity.  Also, note how organizational culture impacts the success of innovation implementation.
  3. How does culture impact leadership? Can culture be seen as a constraint on leadership?

Database – Discussions

Create a discussion thread (with your name) and answer the following question(s):

Discussion 1 (Chapter 3):  

Consider the ER diagram shown in Figure 3.22 for part of a BANK database (also below for reference). Each bank can have multiple branches, and each branch can have multiple accounts and loans.

(a) List the strong (nonweak) entity types in the ER diagram.

(b) Is there a weak entity type? If so, give its name, its partial key, and its identifying relationship.

(c) What constraints do the partial key and the identifying relationship of the weak entity type specify in this diagram?

(d) List the names of all relationship types, and specify the (min,max) constraint on each participation of an entity type in a relationship type. Justify your choices.

Instructions:  Your response to the initial question should be 250-300 words.  Next respond to two postings provided by your classmates. The first post should be made by Wednesday 11:59 p.m., EST. I am looking for active engagement in the discussion.  Please engage early and often. You are require to create your initial thread in order to view and respond to the threads posted by other students.  There must be at least one APA formatted reference (and APA in-text citation) to support the thoughts in the post as needed.  Do not use direct quotes, rather rephrase the author’s words and continue to use in-text citations.

Culminating Assignment Concept Paper: Red Team Assessment Strategies in Cybersecurity

 

Culminating Assignment

Concept Paper:   Red Team Assessment Strategies in Cybersecurity

Directions:

1.  Read the scenario, access the resources, and review the rubric below to help you understand the assignment.  The final paper will be due in Week 7.  You should begin working on the assignment right away, and you will share your progress in Week 6.  

2.  Write a paper that follows the listed parameters, addresses the important concepts, and includes the required sections:

Parameters:  

  • Ranges from 4 – 5 double-spaced pages and use IEEE formatting style. 
  • Uses Times New Roman font (size 12), with one-inch margins on all sides.
  • Includes at least three (3) quality resources to support your ideas.  You may use the resources provided and/or others of your choosing.  They must be cited appropriately.

Important Concepts:

  • Compare and contrast red teaming versus penetration testing based on the presented case.
  • Describe the approach to red team assessment.
  • Discuss how different types of organizations are utilizing red teaming.

Required Sections:

  • Title 
  • Introduction:  Clear description of the topic, including a summary of what is already known about that topic.
  • Body:  
    • Address important concepts.  
    • What evidence do you have to support your topic?  
  • Conclusion:  Why is it important to study this topic? Why is this worth investigating further?
  • Reference Page:  IEEE style

3.  Your paper should enable a casual reader to understand this topic and its importance.  Please make sure the following outcomes are addressed within your paper:

  • Explain the common tools and tactics used in red teaming.
  • Use technology and information resources to research the evolution of red team assessment techniques.

Due:  In week 7 with the specific date posted in Blackboard.  You will be directed to complete and share parts of this assignment in Week 6.  

Scenario:  A large multinational fintech wanted to conduct a Red Team Assessment to evaluate its ability to detect and respond to a real-world cybersecurity attack.

The read team started their assessment by sending a phishing email that persuaded the victim to log in to a fake portal hosted on a server to obtain valid credentials. While a small number of users clicked on the malicious link sent in the email, none of them submitted their credentials. This could be attributed to the regular social engineering tests and security awareness training delivered to staff.

After the failed phishing campaign, the team went back to the drawing board to come up with a new plan of attack.  Reviewing the company’s Twitter account, the team discovered that they host a monthly community event at one of their buildings. The team registered for the event to deploy a purpose-built device into their internal network. The device will allow the team to gain remote access to the network using either an independent wireless connection or a 3G/4G mobile connection.

Two members of the red team attended the event. They managed to slip away from the main event to see if there were any unlocked offices or conference rooms. Once a room had been found. One team member acted as a lookout while the other plugged the device and checked that he could reach it from his mobile phone. Shortly afterward the testers left the event and joined the rest of the team in a coffee shop down the road.  Once connected to the network, the team started mapping the internal network and gathering additional information. Over the next couple of days, the team captured several password hashes, which were achieved by exploiting a weakness in Windows’ broadcast protocols. However, users appeared to be using strong complex passwords and it was not possible to crack the hashes to recover clear-text passwords. The team then decided to relay a captured hash belonging to a user and use it to log in into a workstation where they had local administrative privileges. This allowed them to extract the clear-text password of the currently logged-in users from memory.

Resources to help you complete this assignment:

Rubric:

Points: 

Assignment: Red Team Assessment Strategies in Cybersecurity

Criteria

Needs Improvement

Below 60-70 F

Fair

70-79 C

Proficient

80-89 B

Exemplary

90-100 A

1. Compare and contrast red teaming versus penetration testing based on the presented case. Met outcomes.

Weight: 25%

Did not submit or incompletely compared and contrasted red teaming versus penetration testing based on the presented case.  Did not meet outcomes.

Partially compared and contrasted red teaming versus penetration testing based on the presented case.  Partially met outcomes.

Satisfactorily compared and contrasted red teaming versus penetration testing based on the presented case.  Met outcomes.

Thoroughly compared and contrasted red teaming versus penetration testing based on the presented case. Exceeded outcomes.

2. Describe the approach to red team assessment.

Weight: 30%

Did not submit or incompletely described the approach to red team assessment.

Partially described the approach to red team assessment.

Satisfactorily described the approach to red team assessment.

Thoroughly described the approach to red team assessment.

3. Discuss how different types of organizations are utilizing red teaming.

Weight: 30%

Did not submit or incompletely discussed how different types of organizations are utilizing red teaming.

Partially discussed how different types of organizations are utilizing red teaming.

Satisfactorily discussed how different types of organizations are utilizing red teaming.

Thoroughly discussed how different types of organizations are utilizing red teaming.

5. 3 References

Weight: 5%

No references were provided.

Does not meet the required number of references; some or all references poor quality choices.

Meets the number of required references; all references high-quality choices.

Exceeds the number of required references; all references high-quality choices.

6. Clarity, writing mechanics,  formatting.

Weight: 10%

More than 6 errors present

replays to discussion post

 

In each response, ask questions and share ideas. Responses should again be detailed, thoughtful & substantial.  Justify your responses.

Responses has to me a minimum of 5 sentences and 1 question each response. 

The 2 posts to replay are in the attachment. Each post needs 1 response. 

computer – lab work on python

Do the following assignment. please check the attach document.

 Temperature-Conversion ProgramDevelop a Python program to

  • Ask the user whether to convert from celsius to fahrenheit or from fahrenheit to  celsius 
  • If the user enters  celsius to fahrenheit, then
    • Ask the user to enter a value for  celsius
    • Use the following formula to convert from  celsius to fahrenheit:
      • Fahrenheit = 9.0 / 5.0 x Celsius +  32
    • Display the entered value for  celsius and the calculated value for fahrenheit, along with appropriate messages
      • See the attached sample program run output to see how data is displayed
  • If the user enters  fahrenheit  to celsius , then
    • Ask the user to enter a value for  fahrenheit
    • Use the following formula to convert from   fahrenheit  to celsius:
      • Celsius = (Fahrenheit − 32) x  5.0 / 9.0
    • Display the entered value for fahrenheit  and the calculated value for celsius, along with appropriate messages.
      • See the attached sample program run output to see how data is displayed.
  • If neither fahrenheit to celsius  nor  celsius  to  fahrenheit  is entered, then
    • Display an error message, such as “Illegal input data was entered.”

 NOTE: When setting up the above formulas, ensure to use the right Python operators! 

 You need to set up a  Python solution that is  complete and  workable.  

For your solution to be  complete, you must

  • Prompt the user for the specific input data asked for within the problem statement
  • Set up a correct formula to process the input data, arriving at the output data
  • Provide the output data asked for within the problem statement to the user

For your solution to be  workable,

  • Your solution should be free of any type of errors (syntax, run-time, logic)
  • You may want to develop an algorithm first, using pseudocode or flowchart
  • You do NOT need to turn in any algorithm

================================================================================Grading rubric:

  • You’ll receive full credit, if 
    • your program
      • compiles and runs with no problems 
      • produces the expected output
  • You’ll receive partial credit, if 
    • your program
      • compiles and runs with no problems 
      • produces partial output (that is, incomplete output)
  • You’ll receive 25% of the points, if your program will not compile
  • You’ll receive 30% of the points, if your program compiles but has a run-time problem
  • You’ll receive 40% of the points, if your program produces logic error(s)

Survey Instrument

One of the ways in which usability professionals collect data, and for that matter academic professionals, is the use of a Survey Instrument

Create a paper-based survey instrument evaluating the Amazon Website. 

In the assignment, you are expected to include: 

1. Participant Demographic Data (Name, Age, Gender, Location, Education etc.) 

2. Participation Consent

3. 8 – 10 Measurable Quantitative Questions (Using a scale to support measurement, i.e., Likert)

4. 2 – 4 Qualitative Questions 

This survey is a PAPER PROTOTYPE not to be completed using a survey instrument such as Survey Monkey.