Get help from the best in academic writing.

INFORMATION AND RISK MANAGEMENT African History Assignment Help

INFORMATION AND RISK MANAGEMENT

Information is an asset to most organizations across the globe whose information stored in their computer servers, web portals, hard drives and cloud storage locations is always under threats from hackers and prompting countermeasures for protection of the data. Therefore Risk Management Systems are employed to the threats and vulnerabilities of the information with an economic and operational balance between the value of the information and the structures to be put in place to safeguard the information. Risk management architecture is a very complex structure with different levels of risk management steps that follows guidelines and objectives and methodology which vary according to organizations information systems requirements, cost of the technology, a culture of the organization and size of the information systems. The Information Risk Management Process (IRMP) focuses on technology, process and humans for a practical organization level.

Qualitative and quantitative risk assessments are used to identify, approximate and highlight risks most likely to occur with the use and operation of computational or cloud information systems. Regular assessments are encouraged to be performed primarily on orders that are based on the cloud. The framework on cloud computing involves the cloud provider as a third party hence increased threats and vulnerabilities on the information. Therefore, organizations are encouraged not to relax when it comes to security assessments to reduce risks and improve mitigation security tools (Zhang et al., 2010). This entails regular monitoring of the information environment, monitoring the cloud vendor and records keeping.

Information Risk Management undergoes a specific process of identifying a prospect of information risk, analysis of threats and vulnerabilities, the control mechanism for assessing identified threats, monitoring the information security controls and reporting accurate assessment of the information risk. Known risk assessment technics include NIST guide for general information and agencies and ISO/IEC 27005:2011. External and internal auditors are also crucial in relaying an independent perspective on the security systems. It is essential to store records and documentation in the risk management process for tracing, monitoring, sharing of information and evidence of deliberations made for future references (Watson & Jones, 2013).

Technology plays a crucial role in information security as well as humans who are the most critical aspect but rooted by ignorance, lack of knowledge, mischief, negligence and apathy towards organizations’ information security policies (Sprengers & Van Haaster, 2016). It is therefore essential for companies to train their staff on information security compliance to initiate positive attitudes and behaviour when exposed to information.

Information Risk management is faced with various challenges such as high cost of countermeasure, risk of sharing systems’ knowledge, cost of maintenance vs value of information and lack of transparency. Risk analysis should focus on information assets, vulnerabilities and identification of appropriate security controls to safeguard the resources, infrastructure and enforce the security structures (Gerber ET all, 2001). The most effective ways of risk management are assigning a trusted diligent person to be in charge of the information who will be accountable. Subsequently, setting up defensive mechanisms by active and passive fingerprinting: using sources to gather information without altering the origins and interactions with targets using communications like emails or technical mediums such as scans is essential in figuring how effective an organizations defence mechanism is for detection and blocking of Malwares from hackers (Sprengers & Van Haaster, 2016).

In conclusion, IRM is a process that most companies haven’t adopted in Information Security; thus, more sensitization needs to be passed across companies that are prone to security breaches. Companies need to choose a sophisticated system that suits their company’s information properties; Furthermore, continuous adherence to the assessment monitoring guidelines and capacity building on the people in access to information and technology.

References

Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information security risk management. Information Management & Computer Security, 22(5), 410-430. https://doi.org/10.1108/imcs-07-2013-0053

Gerber, M., Von Solms, R., & Overbeek, P. (2001). Formalizing information security requirements. Information Management & Computer Security, 9(1), 32-37. https://doi.org/10.1108/09685220110366768

Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82. https://doi.org/10.1016/j.cose.2015.10.006

Sprengers, M., & Van Haaster, J. (2016). Organization of #operations. Cyber Guerilla, 41-109. https://doi.org/10.1016/b978-0-12-805197-9.00003-6

Watson, D., & Jones, A. (2013). Case processing. Digital Forensics Processing and Procedures, 367-420. https://doi.org/10.1016/b978-1-59749-742-8.00009-1

Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010). Information security risk management framework for cloud computing environments. 2010 10th IEEE International Conference on Computer and Information Technology. https://doi.org/10.1109/cit.2010.501

Get professional assignment help cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.

Why choose our academic writing service?

Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently

 

 

 

 

broad market for the company’s products us history essay help: us history essay help

Even with the mass investments in capital, time, and resources, innovations remain a foil pursuit in various companies and Industries. The initiatives to boost innovation often fail because innovators experience hard times in the sustenance of their performance. Innovation is defined as a combination of activities by an Industry in an endeavor to achieve new production processes and products. Change brings in new ideas in the industry; this may also translate to a broad market for the company’s products.

The current business environment is associated with uncertainty, risks, volatility, and high competition from other companies trading with similar goods. Investing in development and research remains the only promising way for the companies to fit in the completive markets. Research and development create room for innovations. Innovation is inevitable for companies wishing to expand their profit margins. Technological changes have transformed the entire business environment; almost all companies are beneficiaries of the new technology. Going by that reasoning, it is prudent to conclude that companies produce practically similar products in terms of quality. The idea of innovation is what brings the difference in terms of performance, service delivery, and customer satisfaction.

Creating and maintaining a competitive advantage remains the most challenging task in modern companies. High rates of instability and fluctuating prices for goods remains another challenge, but with innovation, some of these challenges can be controlled. Events have overtaken the traditional ways of doing business.

Innovation leads to functional strategies. It is through the right policy that alignment among the diverse groups within an organization can accommodate each other. Companies attract people from various cultural beliefs and practices. When a company does not come up with an excellent strategy to provide every person, then a big problem is likely to arise. The performance of any organization is depended on how employees relate with one another.

Innovation creates change in the business environment and changes then the entire business model. Through innovations, companies learn cheaper and economical means of production and marketing. It can be concluded that innovation creates a crucial role in breaking the monotony in the entire business. Doing a particular thing the same way every day becomes monotonous. Innovation brings in new changes, both technological and managerial. Employees are always motivated and eager to learn new things; novelty, therefore, acts as a set phase towards attaining the success of a company.

To suit in a competitive market, then success companies have learned the art of retaining innovation culture. The top leading companies in any sector must always have a technical team of experts to bring in a wide range of ideas, which, when implemented, the companies are placed in an advantageous position. It, therefore, becomes straightforward to beat competitors with innovation. Beating competitors leads to increased productivity; companies that have adopted innovation culture easily dominate the market.

Innovation helps market an industry.

Innovation must always be on an upward trend. Various ideas can be merged to help market an industry. In this technological era, it becomes elementary to come up with very new and appealing marketing techniques. Industries with the most innovative team, stand out, and always attract more customers. It is through innovation that industries still stand even in tough economic times. Businesses face several challenges; every challenge requires a different solution, and as a matter of fact, all difficulties in industries need money to solve them. Thinking innovatively enables production to get better ways of dealing with challenges without incurring unnecessary expenses.

The goal of every business is to make a profit; the difference between medium industries and the large industries is a small technique of innovation. Big industries often employ the most current changes as a means of creating a wide range for their markets. Any innovation comes along with a lot of anxiety. Consumers are always willing to have a taste of the changes, as a result, the demands for such industries expand unanimously. Markets may be volatile, and the business environment may be crippling down, but with innovations, there will always be a way out for such industries to thrive. With then-new technology, enterprises cannot run short of materials to boost their innovation. Employees should be given peace of mind and a conducive environment; it is in so doing that they will be able to think and come up with innovations. All the illustrations bright depict that strategic success in indeed depended on changes. It is through changes that industries quickly achieve their objectives.

Strategic planning is an activity carried out by management in an organization to prioritize, strengthen the operations, ensure that employees are well monitored, access, and adjust the goals of an organization, among other functions. Strategic planning is the backbone of any organization which aims to lift its standards higher. Strategic planning combines both the managerial and operational roles, which include; planning, orphaning, directing, and controlling. It is through a strategic plan that the goals are set, and an assessment conducted to ascertain whether the goals were achieved. Any institution wishing to carry out proper business must do appropriate strategic planning.

The business community is very competitive; those businesses thriving during these hard economic times give credit to strategic planning. The only sure way to attain a competitive advantage in the competitive market is to make good use of strategic planning. The plan creates order in a business entity. Every employee knows what to do and how to do it, courtesy of proper strategic planning. As the adage says, ‘’If you fail to plan, then you are planning to fail’ ’planners must endeavor to ensure that the whole process Is successful, it would otherwise be a big shame when those tasked with planning fail.

Strategic planning is an engaging process that requires high levels of creativity, integrity, and sobriety. The plan must be procedural, and any slight mistake messes the entire process. According to Mintzberg, n planning is a yin and yang of then right and left of the brain. The strategist must think profoundly and keenly reflect on the big picture of what he intends to plan for. The process is procedural. Therefore a slight mistake at any step counts. The strategic plan must consequently be outlined, with the last stage being equally important with the first step.

Henry  Mintzberg contends that strategic planning, despite dealing with the planning, is never procedural. He avers that strategic planning is not like the mathematics where working and calculations would be shown, then an answer arrived at the end of the estimate. Mintzberg argues that the changes by the strategist are dependent on the changes observed in the world, and then a reflection is made. During the competition, it becomes complicated to plan when no one knows what the future holds.

According to Mintzberg, several challenges are facing the planning process which includes,

They are limiting the thoughts of the future based on the current situation at hand. Strategists ought to understand that no position is permanent. The problem with the strategist is that they support what they created. He argues that the strategist works with ”what is ”rather than working with ”what could be”. Mintzberg argues that people fail to recognize that the operational plans and the people are the essentials to occasion the changes needed to make an informed conclusion about the future.
Failure to incorporate the key stakeholders. Strategic planning in this context deals purely wit the business. The fact is that the people fully support that what directly affects them. In planning about the company; it is, therefore, wise to involve the local business class. The strategist does not invoke the real stakeholders. According to Mintzberg, a strategy is never be planned since planning deals with analysis while approach deals with synthesis. This reasoning led Mintzberg, into believing that to the reason why the process of strategic planning failed dramatically and so often.

Mintzberg, refers to organizational strategy as “ emergent,” meaning that the answers to a specific problem will rely on observation of the world and a reflection of the dynamic world. The reasoning should be systematic. Mintzberg thinks that in arriving at the best strategy, the present must be compared with the past to predict the future. Mintzberg highlights poor integration as another error with strategic planning. Mintzberg argues that plans should be the initial step; all strategies must be integrated and aligned for them to be effective; this is, however, not the case in strategic planning.

Conclusion

From the above illustrations, it is evident that the process of strategic planning requires integrity and sobriety. The plan must be procedural, and any slight mistake messes the entire process The challenges faced can only be solved if we have very high technicians or specialists for planning. Every data collected must be recorded; this rule gives the most delicate details, hence the best planning strategy. Managing the strategic process is not a simple task; the best propel would be for companies to hire individual strategies to enable, otherwise, if an incompetent fellow is picked from to carry out strategic planning,the results may lack the confidentiality and accuracy they required.

Get professional assignment help cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.

Why choose our academic writing service?

Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently

 

 

 

 

Inquiry-Based Learning ap us history essay help

                        Inquiry-Based Learning

Learning may be described as the process of acquiring skills or the knowledge to perform a specific activity. Learning may involve acquiescence of new powers or improvement of earlier skills more, especially from past experiences. It may entail an educational program such as in a classroom setting. Learning may also include a non-educational format such as learning through observation, association, or naturalization in society. The present paper mainly concentrates on various models used in the classroom setting, such as the inquiry-based learning and direct instructional model of education. Moreover, the article described the importance of an inquiry-based model listing the main components involved in the model while making a comparison with the direct instructional model of learning.

The concept of inquiry-based learning may be described as a mode of study which mainly emphasizes the role of students in the study. The inquiry-based model further allows for learner’s active participation in the process of learning i.e. it is learner-centred. For instance, after getting the topic or question of the study, the learner device various methods and techniques which they will employ to come up with the answers.  In this mode of research, most of the activities are done by the students while the teacher performs fewer activities, mainly guiding and coordinating learning.

There are several benefits of using the inquiry model of learning. For instance, inquiry learning helps in preparing the learner’s brain for education. Given that the teacher plays a small role in the learning process, this model helps in ensuring that the learner is psychologically prepared for learning. Another advantage of using the inquiry-based model is that it improves the learner’s understanding of a topic (Siayah et al., 2019). Moreover, this learning mechanism promotes learner’s engagement in research and other learning activities which may be involved thus, helping the learner to understand the concept in a more comprehensive way. The inquiry model of learning also plays an essential role in developing learners’ communication and sharing skills. For instance, when the learners are left to work alone by engaging in active group activities, they increase confidence in the topic as well as their interaction and communication.

During the study, there are various components of the inquiry model of learning, which are vital in lesson plan development. For instance, posing of the topic question, learners’ engagement, active group participation or interaction, evaluation of performance, and analysis of various responses made by learners. When the inquiry model is used, the lesson begins by posing a question that requires critical thinking and review by the learners. An open-ended question, therefore, refers to a question or a conditional statement that allows learners to use various techniques to answer it. Additionally, an open issue also will enable learners to explain their findings in any form as long as they come up with the correct answer or explanation.  Moreover, in this step, learners come up with various methods of answering the question of having the work done.

Another critical component of the inquiry model of learning is learner engagement and interaction. This step allows learners to discuss amongst themselves, referring to previous knowledge about the topic under study. For instance, students may use information from related topics, previous studies about the problem, and personal experiences to serve as background knowledge to help them discuss and come up with relevant answers to the present study. There are several activities that learners could engage in to boost their understanding of knowledge about the topic (Rodríguez et al., 2019). For instance, the students may be divided into active study groups, engaging in questions and answer sessions about the topic or even conduct practical researches about the subject.

Another critical aspect of the inquiry-based learning model is the evaluation and analysis of performance. It involves the teacher’s assessment of the student’s findings or results. There are various methods through which performance may be assessed. For instance, the learners may share out their findings by making class presentations to support their answers. Such classroom presentations ensure all students are involved, and the teacher guides the learners in making the relevant observations about their answers. Moreover, presentations enable learners to share ideas openly because both the students and the teacher can make essential contributions to the submissions being made.

From the above illustrations, I can arguably suggest that inquiry-based learning refers to a system of knowledge which mainly allows for student’s active participation in the learning process. The inquiry model of education is different from the direct instructional model in several ways. For instance, in inquiry model learning is learner-centred while indirect instructional model learning is teacher-centred (Paste et al., 20120). That is, in the inquiry-based model, the students play more roles in education; for instance, research, discussion, and presentation. While indirect instruction, the teacher comes up with the topic, guided notes, and makes a presentation t his or her students.

However, the two models of learning have some similarities. For instance, in both systems, the teacher comes up with the topic or question under study and also coordinates the study. However, in the inquiry-based model, the ratio of teacher-student talking is less, i.e., most activities such as research, discussion, and presentation are done by the students. The teacher makes brief contributions and comments during the performance, mainly for clarification.

References

Pedaste, M., Mitt, G., & Jürivete, T. (2020). What Is the Effect of Using Mobile Augmented Reality in K12 Inquiry-Based Learning?. Education Sciences, 10(4), 94.

Rodríguez, G., Pérez, N., Núñez, G., Baños, J. E., & Carrió, M. (2019). Developing creative and research skills through an open and interprofessional inquiry-based learning course. BMC medical education, 19(1), 134

Siayah, S., Setiawan, A. R., & Van Bee, J. L. (2019). The Impact of Inquiry-Based Learning Implementation In Indonesia to Secondary School Student’s Achievement.

Get professional assignment help cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.

Why choose our academic writing service?

Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently

 

 

 

 

Inquiry-Based Learning history homework: history homework

                   Inquiry-Based Learning

Learning may be described as the process of acquiring skills or the knowledge to perform a specific activity. Learning may involve acquiescence of new powers or improvement of earlier skills more, especially from past experiences. It may entail an educational program such as in a classroom setting. Learning may also include a non-educational format such as learning through observation, association, or naturalization in society. The present paper mainly concentrates on various models used in the classroom setting, such as the inquiry-based learning and direct instructional model of education. Moreover, the article described the importance of an inquiry-based model listing the main components involved in the model while making a comparison with the direct instructional model of learning.

The concept of inquiry-based learning may be described as a mode of study which mainly emphasizes the role of students in the study. The inquiry-based model further allows for learner’s active participation in the process of learning i.e. it is learner-centred. For instance, after getting the topic or question of the study, the learner device various methods and techniques which they will employ to come up with the answers.  In this mode of research, most of the activities are done by the students while the teacher performs fewer activities, mainly guiding and coordinating learning.

There are several benefits of using the inquiry model of learning. For instance, inquiry learning helps in preparing the learner’s brain for education. Given that the teacher plays a small role in the learning process, this model helps in ensuring that the learner is psychologically prepared for learning. Another advantage of using the inquiry-based model is that it improves the learner’s understanding of a topic (Siayah et al., 2019). Moreover, this learning mechanism promotes learner’s engagement in research and other learning activities which may be involved thus, helping the learner to understand the concept in a more comprehensive way. The inquiry model of learning also plays an essential role in developing learners’ communication and sharing skills. For instance, when the learners are left to work alone by engaging in active group activities, they increase confidence in the topic as well as their interaction and communication.

During the study, there are various components of the inquiry model of learning, which are vital in lesson plan development. For instance, posing of the topic question, learners’ engagement, active group participation or interaction, evaluation of performance, and analysis of various responses made by learners. When the inquiry model is used, the lesson begins by posing a question that requires critical thinking and review by the learners. An open-ended question, therefore, refers to a question or a conditional statement that allows learners to use various techniques to answer it. Additionally, an open issue also will enable learners to explain their findings in any form as long as they come up with the correct answer or explanation.  Moreover, in this step, learners come up with various methods of answering the question of having the work done.

Another critical component of the inquiry model of learning is learner engagement and interaction. This step allows learners to discuss amongst themselves, referring to previous knowledge about the topic under study. For instance, students may use information from related topics, previous studies about the problem, and personal experiences to serve as background knowledge to help them discuss and come up with relevant answers to the present study. There are several activities that learners could engage in to boost their understanding of knowledge about the topic (Rodríguez et al., 2019). For instance, the students may be divided into active study groups, engaging in questions and answer sessions about the topic or even conduct practical researches about the subject.

Another critical aspect of the inquiry-based learning model is the evaluation and analysis of performance. It involves the teacher’s assessment of the student’s findings or results. There are various methods through which performance may be assessed. For instance, the learners may share out their findings by making class presentations to support their answers. Such classroom presentations ensure all students are involved, and the teacher guides the learners in making the relevant observations about their answers. Moreover, presentations enable learners to share ideas openly because both the students and the teacher can make essential contributions to the submissions being made.

From the above illustrations, I can arguably suggest that inquiry-based learning refers to a system of knowledge which mainly allows for student’s active participation in the learning process. The inquiry model of education is different from the direct instructional model in several ways. For instance, in inquiry model learning is learner-centred while indirect instructional model learning is teacher-centred (Paste et al., 20120). That is, in the inquiry-based model, the students play more roles in education; for instance, research, discussion, and presentation. While indirect instruction, the teacher comes up with the topic, guided notes, and makes a presentation t his or her students.

However, the two models of learning have some similarities. For instance, in both systems, the teacher comes up with the topic or question under study and also coordinates the study. However, in the inquiry-based model, the ratio of teacher-student talking is less, i.e., most activities such as research, discussion, and presentation are done by the students. The teacher makes brief contributions and comments during the performance, mainly for clarification.

Reference

Pedaste, M., Mitt, G., & Jürivete, T. (2020). What Is the Effect of Using Mobile Augmented Reality in K12 Inquiry-Based Learning?. Education Sciences, 10(4), 94.

Rodríguez, G., Pérez, N., Núñez, G., Baños, J. E., & Carrió, M. (2019). Developing creative and research skills through an open and interprofessional inquiry-based learning course. BMC medical education, 19(1), 134

Siayah, S., Setiawan, A. R., & Van Bee, J. L. (2019). The Impact of Inquiry-Based Learning Implementation In Indonesia to Secondary School Student’s Achievement.

 

Get professional assignment help cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.

Why choose our academic writing service?

Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently

 

 

 

 

Intelligence Briefing (BCP, SITREP 1 & SITREP 2) art history essay help

Intelligence Briefing (BCP, SITREP 1 & SITREP 2)

Introduction

A business continuity plan (BCP) refers to the process of establishing contingency mechanisms that can function in the prevention and recovery of business processes in the event of a natural disaster or emergency of whatever kind. Going about the process of business recovery is often a complex series of activities that requires a plan to offer guidance. In the event of a disaster, confusion can always ensue such that critical business process can delay restarting. To prevent the situations from worsening, a response team should always be ready to restore operations within the least time possible. A business continuity plan is always relied upon to provide a step by step approach into the rebound process. It should be noted that the BCP has no control over attackers’ activities into the system or network system; neither does it have control over weather-related disasters. However, its significance is measured by its ability to empower the management to apply the necessary steps that would enable them to restore operations and also exercise some sort of safety measures after a disaster. The measures stipulated in the plan must correspond to the event’s severity.

 

There are important areas that any BCP scope needs to consider. These areas include business continuity and recovery, contingency plan and recovering from a disaster. Every single aspect of the BCP should be focused on providing the route to probable business continuity that is specific to the nature of the magnitude of a disaster event (Shafaie et al.,2018). This is followed by a clear path to recovery, which mainly details steps leading to regaining back the items lost or damaged during the disaster. Contingency planning, on the other hand, should as well detail the specific types of likely events such as flooding, ransomware, fire, data breaches among other events that can be dealt with any time based on particular threat modelling. In other words, the contingency plans cover all activities from the time a disaster occurs to the time when all business operations have been restored. At the same time, the plan should as well issue an account of the severity of the disaster event itself. Finally, there should new measures recommended after every incident to deal with re-occurrence of such events in future. These can be measures aimed at creating more preventive measures, mitigation as well as containment (NIST, 2019). Below is a summary table for business impact analysis that is common with BCPs. It includes stakeholders as well as key resources.

Business Impact Analysis and Key Resources and Stakeholders.

 Common Threat
Potential Impacts
Recovery Mechanism
Means of Accountability

Natural Disaster (e.g. fire, flood)
·         Damage to the organization’s physical infrastructure

·         Possible loss of human life

·         A stop to usual operations resulting in financial loss among others.

 
·         Duplicating material objects such as electricity

·         Redundancies on data and equipment

·         Creating redundant infrastructures to cover for the complete destruction of physical infrastructures.
·         Mitigating/preventing further spread if possible

·         Insurance company

 

Software attacks
·         Massive data loss

·         Possible loss of CIA

·         Legal suits leading to financial loss

·         Absence of service
·         Improved security hygiene for prevention

·         Data redundancies

·         Replicating redundancy on hardware

·         Employee enlightening to prevent further spread of the attack

·         Notify customers

 
·         Enlighten employees for prevention or minimization of further spread

·         Security team

 

Inside attacks
·         Massive data loss

·         Possible loss of CIA

 
·         Investigate to find the culprit

·         Utilize audit trail to assess the extent of damages

·         Stolen items recovered from the culprit

·         Freeze culprit accounts
·         Limit employee privileges to prevent them from full access

·         Administrators and employees to report strange behaviours from colleagues

 

Terrorist events
·         Injuries or loss of life

·         Damage to physical infrastructural damage

·         Loss of service

·         Loss of CIA

 
·         Blocking physical access

·         Creating redundancies for both the hardware and data

·         Resorting to physical force or using law enforcement as needed

·         Compliance with  regulations on data breach
·         Working together  with law enforcement

·         Fortification of physical security

Physical intrusion
·         Danger to human life or security in general

·         Robbery and theft

·         Potential software attack
·         Depends on physical security  infrastructure

·         Sometimes  contracted guards

 

 
·         Security guards

·         Physical security

 

Physical Theft
·         Loss of assets

·         CIA challenges

·         Causes  unavailability
·         Security measures leading to the recovery

·         Using law enforcement
·         Security guards

·         Physical security

 

Absence of service
·         Massive financial

·         Availability losses
·         Protecting the infrastructure for mitigation

·         Contracting back-up services

·         Hardware redundancies
Service providers

 

State-Nation attacks
CIA losses

 
·         Maintaining cyber hygiene for the prevention of further attacks.

·         Working together with law enforcement
·         Employee training

·         Security team

 

Data breach
Confidentially loses
·         Breaching notification

·         Maintaining compliance
·         Employee training

·         Security team

 

Failing Hardware
Losing availability
Protect hardware/redundancy
·         IT team to replace the item

 

Redundancy

 

Planning a successful continuity plan involves critical steps, such as the inclusion of third parties. For instance, a department may be using one telephone with another one being on the stand-by just in case the one in use breaks down. Additionally, in the event of power failure, the call centre is power redundant and will utilize a sister centre in another state. It is agreeable that redundancy is not the best method to guarantee continuity in critical business operations, but there are cases where it provides almost an absolute guarantee of business continuity (SafeCode, 2018). For instance, in circumstances where redundant items are located in geographically separate locations. The best way to actualize redundancy is by replicating several identical copies let’s say of data or memory device in different locations such that if one location becomes a victim of disastrous happenings, the data or devices from other locations can carry on with vital business continuity processes (McMurray Cross, & Caponecchia, 2019). The best way of managing threats is by applying preventive measures. However, sometimes it becomes impossible to completely apply preventive measures on natural disasters other than trying to minimize their potential impacts. However, redundancy has been found to provide opportunities for faster business continuity.

Preventive Controls

Preventive measures that can be applied to natural phenomena are numerous in number. Some of the common natural phenomena that have since had quite a number of preventive controls applied against them include wildfires or just normal fire outbreaks, earthquakes, floods, hurricanes, natural sinking, among others. The preventive controls application is often guided by two major factors, the geographical location and possibility of a given natural disaster occurring. For instance, regions located along the south-east are usually prone to hurricanes while others in the south-west such as California lead in bush fires. A construction of data centre within California will hence recognize the uniqueness of fire outbreaks in the region and construct probably a fireproof structure.

Structure fortification provides the biggest boost as far as the application of preventive control measures on natural disasters is considered. It can be achieved through fence deterrents, erecting barriers, gates and walls. Additional implementations such as security personnel, cameras, radio-frequencies scanners, limited permissions of access amongst others. Physical structure fortification is imperative to prevention of intruders and general safety and security of the cyberspace in general.  These measures encompass strong authentication strong data encryption, end-to-end encryption, schemes, and limited sessions covering the duration, quantity and email security, configured firewalls, network monitoring, and anti-virus software.  Other preventive control measures worth mentioning include:

Encryption
Authentication schemes
Practising cybersecurity culture that encourages policy, technical and administrative levels such as regular network monitoring and regular testing for vulnerabilities

Recovery Strategies and Continuity Solutions

Recovery processes can be organized into five major categories known as levels and where the first level is referred to as a normal category which requires no particular action to be taken. It is also referred to as business as usual since operations are usually to regular capacity. Also, activities such as risk assessments, training and testing should be carried out in preparation for real tasks that may present themselves in the near future. The next category is level two, which is also referred to as minimal impact, no adverse damage to systems that have been affected. Similar to level one, normal business operations can continue running even though accompanied by some vigilance (Lord, 2018). To be on the safe side, it would be necessary to prepare a statement on further action as would be needed. Communication plays a vital role to maintain an air of calm while at the same time, keeping all involved parties informed.

 

From level two, we move to level three, which is described as is a single system failure whose resolution involves switching systems from one to another across the systems. Action is usually sort for purposes of maintaining the business as usual. In this level, a message of general sense should be articulated to all parties that matter in a bid to prevent further issues. Quick action in level three can prevent an insignificant issue from spreading to become a big dilemma to the organization. Level four, on the other hand, is referred to as the general failure, which requires recovery effort to the system. For a business to continue here, additional action will be needed. This requires previous training, communication and a decisive plan. Failure to conclusively contain the problem can create a disastrous loss.

 

Finally, the last one is the fifth level which is referred to as catastrophic damage. The level calls for a complete set up of separate back-up location accompanied with a conclusive procedure of recovery. In this level, business becomes completely paralyzed and is usually beyond all possible internal interventions. The only dependable remedy at this level is a successful procedure of recovery.

 

SITREP #1

Below is a security incident report addressed to the FVEY summit over a ransomware attack in which an employee in the department of human resources alerted the Information Communication Technology Department of the organization over a potential system compromise. It was reported that the employee was unable to open a shared folder from a workstation due to unfamiliar encryption that had been performed on the contents of the folder, which included an excel spreadsheet. Analysis performed revealed that the nature of the attack was consistent with ransomware attack much as it was twisted to appear like be a warning from a country’s law enforcement agency.

 

 

 

 Security Incident Report / SITREP #2017-Month-Report#

Incident Detector’s Information

Date/Time of Report
May 10th  2020

First Name
Earl

Last Name
 Freeman – Group 4

OPDIV
Department of Communication and Information Technology

Title/Position
Forensic Investigator and Cyber-security Technologist

Work Email Address
[email protected] FVEY.com

Contact Phone Numbers
8014555547
n/a
n/a
n/a

Reported Incident Information

Initial Report Filed With (Name, Organization)
Information and Communication Technology Department

Start Date/Time
5/10/2020 10:20pm

Incident Location
Ransomware attack actuated via excel

Incident Point of Contact (if different than above)
Group 4 – Representing the United States’ team

Priority
Level 1

 

 
 

Privacy Information – ISO 27000 (Country Privacy Act Law)
ü  The incident was an open violation of ISO 27000.

ü  The effects of the attack on the target were almost adverse.

ü  The ICT department played a role in aiding the attack even though its involvement was not directly linked to the adverse effect the target suffered.

ü  The attack was a deliberate move by the attackers, but the individual that opened the excel file acted unintentionally.

ü  The personally identifiable information (PII) was not maliciously used.

Incident Type
Ransomware attack hence creating delays and exposure o critical information.

It further fueled attacker notoriety, theft of IT resources as well as financial loss.

US-CERT Category
Unauthorized Access, Denial of Service (DoS) as well as a Ransomware attack

CERT Submission Number, where it exists
Certified documents were submitted to the organization’s management for further consideration.

 

Description
An extremely significant file was hidden inside the image

Additional Support Action Requested
A secret code was needed for purposes of decrypting the folders that are currently encrypted

Method Detected
Excel data saved in a shared folder was copied to Human Resource unit coordinating benefits.

Number of Hosts Affected
Workstation at the Human Resource Department

OPDIV / Department Impact
Human Resource Department  and to some extent the  ICT Department of the organization

Information Sharing
 There is a formidable collaboration between the US-CERT and other multiple players such as the private organizations, federal agencies, local and state governments, international entities such as the five states attending the summit as well as the research community and academic world.

System
Attack targeted on the vulnerable shared folder

Status
Resolved

Attacking Computer(s) Information

IP Address / Range
Host Name
Operating System
Ports Targeted
System Purpose

192.168.10.201
Internal.nationstate.cyb670rn
HTTP
1239
System security

 
 
 
 
 

Victim’s Computer(s) Information

IP Address / Range
Host Name
Operating System
Ports Targeted
System Purpose

192.168.10.112
Internal.nationstate.cyb670rn
HTTP
80
Network security

 
 
 
 
 

Action Plan

Action Description
Ransomware- the hackers successfully encrypted the shared folder that contains the excel file.

Requestor
Manager of Human Resource Department

Assignee
Digital forensic examiner and incident response professional

Time Frame
A maximum of 4 days

Status
The folder that was affected was successfully decrypted

Summary

Entities Notified
The organization’s top-most management officials

Resolution
The folder as well as other sensitive data was decrypted. The security team deployed a web filter that managed to block attacks of malevolent nature, and also implemented an antivirus program for purposes of ensuring defense mechanisms of devices and system are up to date.  There was no ransom paid.

 

SITREP #2

Introduction

As far as network security is concerned, threats are constantly present but are usually alleviated via appropriate application of security processes and topographies. Threat alleviation is the process of averting or minimizing the potential negative impacts of a threat. Also, the alleviation efforts function to enhance efficiency of the recovery process. In most cases, threats and the attackers target software, hardware as well as the data. Selecting topographies concerning security as well as processes at the very minimum must be premised on specific system vulnerabilities and common security goals going by the threats that a system is exposed to. Information system threats exist in an array of forms and points. System custodians at all-time must find ways of analyzing all risks that can potentially impact the systems negatively using different methods.

Security Incident Report / SITREP #2017-Month-Report#

Incident Detector’s Information

Date/Time of Report
5/10/2020 11:55pm

First Name
Earl

Last Name
Freeman – Group 4

OPDIV
Department of Communication and Information Technology

Title/Position
Forensic Investigator and Cyber-security Technologist

Work Email Address
[email protected] FVEY.com

Contact Phone Numbers
8014555547
n/a
n/a
n/a

Reported Incident Information

Initial Report Filed With (Name, Organization)
The Summit Leader

Start Date/Time
5/10/2020 11:59PM

Incident Location
The United States

Incident Point of Contact (if different than above)
Incident Response Coordinator

Priority
Level 2

Possible Violation of ISO/IEC 27002:2013

 
Blatant refusal to put in place appropriate security measures.  

Privacy Information – ISO 27000 (Country Privacy Act Law)
 

ü  The incident was an open violation of ISO 27008.

ü  The effects of the attack on the target had low adversity

ü  The attack was a direct one

ü  The attack was deliberate move by the attackers

ü  The personally identifiable information (PII) was not maliciously used

 

Incident Type
Alteration of information/Bitcoin attack/ Exposure of information /

US-CERT Category
 Malicious Code

CERT Submission Number, where it exists
Level 2

The attackers first demanded a ransom of $500 per participating nation that they later raised to $5,000 for each participating state. The attack was carried out inside the network.

Description
Ransomware domiciled in an excel spreadsheet saved inside a shareable folder.

Additional Support Action Requested
n/a

Method Detected
Notifying users

Number of Hosts Affected
All computers within the agency

OPDIV / Department Impact
Human Resource Department and to some extent the IT Department

Information Sharing
All the five nations forming FEVEY Summit

System
A workstation within the HR Department

Status
Resolved

Attacking Computer(s) Information

IP Address / Range
Host Name
Operating System
Ports Targeted
System Purpose

192.168.10.201
Internal.nationstate.cyb670rn
HTTP
1239
Securing the  Network

Dec.12.1590.209
Internal.nationstate.cyb670rn
HTTP
1239
Securing the  Network

Victim’s Computer(s) Information

IP Address / Range
Host Name
Operating System
Ports Targeted
System Purpose

192.168.10.112
Internal.nationstate.cyb670rn
HTTP
80
Securing the  Network

1a:d5:16:4d:da:6b
Internal.nationstate.cyb670rn
HTTP
80
Securing the Network

Action Plan

Action Description
Implement plans so that things like this don’t happen often. Deploy random checks that pick up on malware

Requestor
HR Department Manager

Assignee
Earl Freeman and the rest of Group 4 members

Time Frame
Two weeks

Status
Not yet resolved

Conclusion / Summary

Entities Notified
Head of Summit

Resolution
Yet to be determined

References

Lord, N. (2018, September 11). What are Indicators of Compromise? Retrieved from https://digitalguardian.com/blog/what-are-indicators-compromise.

McMurray, A., Cross, J., & Caponecchia, C. (2019). Business Continuity Plan Practices.

Shafaie, V., Darvish, F., Nazariha, M., & Givehchi, S. (2019). Providing Business Continuity Plan after Natural Disasters: A Case Study in the Staff Area of Water and Wastewater Company of Tehran. Journal of Disaster and Emergency Research, 2(2), 91-109.

NIST. (2019). Cyber supply chain risk management.  Retrieved from

https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management

SafeCode. (2018). Software assurance: an overview of current industry best practices.  Retrieved

from https://safecode.org/wpcontent/uploads/2018/01/SAFECode_BestPractices0208.pdf

Get professional assignment help cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.

Why choose our academic writing service?

Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently