Tft2 Task3

In: Business and Management

Submitted By SavageFredrick
Words 1317
Pages 6
Information Security Modification Recommendations
Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc.
After careful review of the current Service Level Agreement(SLA) “A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.” we have determined that standard Information Technology security measures have not been addressed fully. Following are the recommended changes highlighted in the specific sections that need to be addressed. These changes are being recommended to protect Finman’s data and intellectual property. Established standards such as Best Management Practices(BMP), International Organization of Standards(ISO) and the Information Technology Infrastructure Library(ITIL) for the proper handling, storage and protection of IT resources are used as guidelines for these recommendations.
Recommended Changes to SLA:
Section 3 Background and Rationale Modifications:
Finman views this SLA as a groundbreaking venture to harness the diverse array of IT-borne customer demands and opportunities that cannot be met by adhering to traditional paradigms. Finman’s objectives in the SLA are to compete more effectively in a highly competitive industry by offering its customers a unified IT management plan across an entire organization or even, if the customer wishes, across separate departments and divisions. Datanal, utilizing sophisticated data-mining software developed by Minertek, will recognize and integrate common IT characteristics from disparate operations, programs, procedures, and products— even those located in separate and unrelated service areas. This enables the customer to reduce or eliminate duplicate, parallel systems and to achieve economies of scale and open new opportunities. The consolidation of assets requires a review of…...

Similar Documents

Mgt2 Task3 a

...Project Metrics and Performance Telecommuting Expansion Xemba Translations 47254 Lake Front Way Bellevue, Washington September 1   The metrics that best work to measure Xemba Translations performance on this project is project diagnostic metrics. While not all risks of a project can be mitigated, using this objective data based on these metrics will make a huge difference to mitigate risk. Using diagnostic project metrics is like using a thermometer to assess the projects current status. This can help eliminate or mitigate the issue before it becomes unmanageable at the close of the project. This can help avoid the, should have, could have, would have moments that may happen once the project closes and gets reviewed from a retrospective project metric. With the diagnostic project metric when an issue does arise a contingency plan can be created if there is a trend toward a major risk as well. Diagnostic project metrics use current project statistics to gage where the project stands throughout the work of the project. This allows the project manager the ability to make better decisions along the route of the project to mitigate risk. Metrics that help improve the decision making, help aid to lower the risk of any project. Diagnostic metrics are comparative measures. The metrics compare a baseline (usually set at time of planning the project) to current project actuals. The actuals are compared to an earned value figure that is determined by where the project should......

Words: 2311 - Pages: 10

Tft2 Task 4

...TFT2 Task 4 As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials. Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft. The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund Transfer Act (EFTA). This states that as long as the...

Words: 1403 - Pages: 6

Tft2 Task3

...TFT2 Task 2 Thomas Garner Student ID: 336227 Information Security Modification Recommendations Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc. After careful review of the current Service Level Agreement(SLA) “A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.” we have determined that standard Information Technology security measures have not been addressed fully. Following are the recommended changes highlighted in the specific sections that need to be addressed. These changes are being recommended to protect Finman’s data and intellectual property. Established standards such as Best Management Practices(BMP), International Organization of Standards(ISO) and the Information Technology Infrastructure Library(ITIL) for the proper handling, storage and protection of IT resources are used as guidelines for these recommendations. Recommended Changes to SLA: Section 3 Background and Rationale Modifications: Finman views this SLA as a groundbreaking venture to harness the diverse array of IT-borne customer demands and opportunities that cannot be met by adhering to traditional paradigms. Finman’s objectives in the SLA are to compete more effectively in a highly competitive industry by offering its customers a unified IT management plan across an entire organization or even, if the customer wishes, across separate......

Words: 1333 - Pages: 6

Tft2 Task4

...TFT2 Task 4 As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials. Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft. The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund Transfer Act (EFTA). This states that as long as the......

Words: 328 - Pages: 2

Tft2

...Page 1 June 4, 2014 ABC Company Proposed revision of Information Security Policy Anthony Ronning: Information Security Manager OBJECTIVE: Due to the recent breach of our electronic health record (EHR) systems, it is necessary that policies pertaining to access and control mechanisms of health records be reviewed and/or modified to mitigate future incidents SPECIFIC GOALS: 1.) Implement a standard based on Attribute Based Access Control (ABAC) to ensure that electronic health records (EHR) are protected from unauthorized entities 2.) Implement a standard for the use of remote access methods to information systems 3.) Implement a standard that ensures that access to electronic health records (EHR) is audited and backed up without changes or over writing INFORMATION SECURITY POLICY GOALS: * Confidentiality = data or information is not made available or disclosed to unauthorized persons or processes * Unauthorized access = the INABILITY of unauthorized persons to read, write, modify, or communicate data/information or otherwise use any system resource * Integrity = data or information has not been altered or destroyed in an unauthorized manner * Availability = data or information is made accessible and usable upon demand by authorized users * Legislative and Regulatory Requirements = policies comply with Federal and HIPAA regulatory standards * Business continuity plan integration = policy revisions fall within the business......

Words: 2279 - Pages: 10

Tft2 - Cyberlaw

...TFT2 Cyberlaw, Regulations, and Compliance Overview Kristi Lockett, Course Mentor Kristi.lockett@wgu.edu http://kristilockett.youcanbook.me Performance Assessment • • • Seven (7) Weeks to complete COS Four (4) Tasks Refer to Rubric (in Taskstream) for task requirement details Tasks – submit via Taskstream 1. Task 1 – Policy Statements • For given scenario, develop/revise two policy statements (new users and password requirements). Justify policies based on current federal information security laws/ regulations (i.e., HIPAA) 2. Task 2 - Policy Statements • For given scenario, develop three policy statements that would have prevented a security breach. Justify policies based on national or international standards (i.e., NIST, ISO) 3. Task 3 – Service Level Agreement • • • For given scenario, recommend/justify changes to service level agreement. Address the protection of the parent company’s physical property rights, intellectual property rights and the non-exclusivity clause Use Microsoft Word tracking to track your additions, deletions, and modifications. Insert your justifications after each SLA section, or write an essay describing your changes and justifications 4. Task 4 – Cybercrime • For the given scenario, write an essay responding to the following question prompts (suggested length of 3–5 pages): • • • • • • • • Discuss how two laws or regulations apply to the case study. Discuss how VL Bank will work within the parameters of appropriate legal......

Words: 369 - Pages: 2

Tft2 Task 4

...t2 Task 4 In: Computers and Technology Tft2 Task 4 TFT2 Task 4 As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials. Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft. The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund...

Words: 1413 - Pages: 6

Mlt Task3

...Four classes of flagellar arrangement: Flagella are the extended, lash-like projections protruding from bacteria that move said bacteria towards food and etc… Most cocci bacteria are non-motile (have no flagella). Each class of flagella has a distinct number of flagella and where the flagella are located on the bacteria is unique to each class. First there is the Monotrichous class. This class ha a single polar flagellum on one end of the bacteria or the other, an example of this is the Vibro Cholerae bacteria. Next there is the Amphitricous class. This class has one flagellum at both ends of the bacteria; an example of this class is the Alcaligenes Faecalis bacteria. The third class is that of Lophotrichous. The bacteria in this class have a tuft (multiple) flagella at one of the ends of the bacteria, or tufts at both ends of the bacteria. An example of Lophotrichous bacteria is Spirilla. The fourth and final class is Peritricous. Peritricous bacteria have flagella surrounding the cell on all sides of the bacterium. This is evidence on the Typhoid bacilli. Inoculating with a needle vs a loop: When there is a liquid medium or during plating is when an inoculating loop is used. With a soft agar medium the inoculating needle is used to transfer specimens. A sterile needle generates a sharply well-defined stab line when used to inoculate a motility tube. This permits growth to move along this stab line and thus becomes visible which specifies that the......

Words: 421 - Pages: 2

Biochem Task3

...BIOCHEMISTRY GRT1 Task 3 Breanna Jordan Alpha Beta Beta Alpha Oxygen Iron Atoms Heme Groups Oxygenated Hemoglobin * Formed via transportation of O2 to cells in tissue * O2 adheres to heme protein in Hgb * T (taut state) R (relaxed state) makes binding easier or releases De-oxygenated Hemoglobin * is not bound to oxygen molecule * Higher absorption * Blue-ish in color Bohr’s Effect CO2 produced through citric acid cycle, Hg carries oxygen from lungs to body's tissues. Hg releases oxygen for CO2 and affects pH levels. Normal pH range is 7.2 - 7.4 ↓ pH causes ↑ in the amount of oxygen being released in hemoglobin. An elevated pH will cause the oxygen to bind the hemoglobin proteins in RBCs. ("Hemoglobin," n.d.) RBCs are round cells that have concaved centers. They are flexible making it easy to move through blood vessels. Sickle cell RBC's are developed from mutations in DNA - mRNA transcriptions. They are crescent shape and become fibrous. This causes them to stick to one another. Once they begin to stick, the deoxygenated cells are unable to travel to the lungs to receive oxygen. As the CO2 builds up this causes lack of oxygen to the tissues causing pain. Sickle Cell cells also cause anemia due to the fact cells die faster than normal RBCs. Sickle cell disease is an inherited autosomal recessive pattern disorder. For a child to inherit the disease both parents must have the trait...

Words: 357 - Pages: 2

Tft2 Task 1

...TFT2 Task 1 Western Governors University TFT2 Task 1 Introduction: Due to policy changes, personnel changes, systems changes, and audits it is often necessary to review and revise information security policies. Information security professionals are responsible for ensuring that policies are in line with current industry standards. Task: A.  Develop new policy statements with two modifications for each of the following sections of the attached “Heart-Healthy Insurance Information Security Policy”: 1. New Users 2. Password Requirements   B.  Justify each of your modifications in parts A1 and A2 based on specific current industry standards that are applicable to the case study.   C.  When you use sources, include all in-text citations and references in APA format. The company you work for holds information that is protected by regulatory requirements. This information includes individual privacy information, personal health information, financial information, and credit information. Information about employees and patients, also known as demographics, contain personally identifiable information, which is covered under the U.S. Federal Privacy Laws. Health information that is personally identifiable, also known as PHI, is required to be protected under HIPAA and HITECH. Because the company is an insurance company the government classifies the company as a financial institution, it is required to comply with the GLBA. Also, the company takes credit......

Words: 891 - Pages: 4

Tft2 Task1

...    Security Policy Cyberlaw, Regulations, and Compliance – TFT2 Task 1   Introduction: Heart-Healthy Insurance is currently evaluating their current security policy and have requested some changes to the policy concerning adding new users and the password requirements for the users. The end goal of the requested changes is to satisfy several compliance regulations that are required by law for their business. The regulations that need to be considered are: 1. PCI-DSS (Payment Card Industry Data Security Standard) 2. HIPAA (Health Insurance Privacy and Portability Act) 3. GLBA (Gramm-Leach-Bliley Act) 4. HITECH (Health Information Technology for Economic and Clinical Health Act) 5. HHS (US. Department of Health and Human Services) New Users: The current directive for new users from the standing security policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” In evaluating the current policy this standard creates a lot of overhead and administration works for the users and the admins. The new users who are not already familiar with the systems must provide a list of machines that they require access too. Being so new they may not know all of the systems they would need on a day to day basis. This also...

Words: 1129 - Pages: 5

Task3

...Unit 3- Introduction to marketing Task 1 Cadbury’s and Matalan have a lot of aims and objectives in which they need to target. The difference between an aim and an objective is that is that an objective is short term target as well as they help companies to reach their aim, which is a long term target used to make a business successful. Cadbury’s One of their objectives is that they aim to bring out a new product every year. This is a specific goal because it is well laid out and will gain more profit from the customers. It can also be said that it is measurable because, if the company waits until everyone has brought the product then brings out a new product, it can be an indicator to whether the customers have liked the old product enough to buy the latest product being sold. This can be achievable because, a lot of businesses use this as an objective but the way Cadbury do it efficiently is that they are always ahead and instead of doing the improvements to the new product when the old one has stopped being brought, Cadbury do the improvements to the upcoming product while the latest product has just been released. Another objective is that they exploit technology so therefore, they can upgrade their growth and quality of products. This goal is specific in the way that it is more efficient and saves time for the business to work on more things such as the product which has not been retailed yet or improving the latest product. It has to be measured in a way which......

Words: 1489 - Pages: 6

Tft2 Task 4

...TFT2 Cyber Law Task 4 Jordan Dombrowski Western Governors University Situation Report It has come to my attention from the security analysts of VL Bank and victims that commercial customers of VL Bank have been involved in identity theft and fraud. Multiple user accounts were created without authorization claiming the identity of our customers. These fake accounts were used to make twenty-nine transfers of $10,000 each, equaling $290,000. The bank transfers were being sent to several U.S. bank accounts of unknown individuals. The U.S. banks involved in the transfers were Bank A in California, Bank B in New York, Bank C in Texas, and Bank D in Florida. After the funds were transferred to one of these banks, the funds were automatically transferred to several international bank accounts located in Romania, Thailand, Moldavia, and China. After further analysis we discovered that the banks affected customers all used computers infected with a keystroke logger virus that collected usernames, passwords, account numbers, personal identification numbers, URL addresses, and digital certificates. The computers infected did not have an anti-virus or security software of any type installed. Additionally, these customers have reported that they have been frequently experiencing spear phishing attacks, which is most likely the way that the keylogging virus software was installed. Finally we concluded that our banks systems have not been breached and no customer data has been...

Words: 3994 - Pages: 16

Tft2 It

...SUBDOMAIN 423.1 - CYBERLAW Competency 423.1.4: Cyber Agreements - The graduate explains the underlying principles governing e-commerce third-party vendor agreements and translates them into practical recommendations for the implementation of such agreements. Introduction: For this task you will respond to a hypothetical business arrangement where you have been asked to review an initial draft of a service level agreement (SLA) between your company, Finman Account Management, and two other companies, Datanal and Minertek. Based on your recommendations for modifications, Finman will propose a final agreement. Task:   A.  Recommend changes (i.e., modifications, insertions, or deletions) to the attached “Service Level Agreement” to better protect Finman’s data and intellectual property. 1.  Justify how your recommendations will limit use, sharing, retention, and destruction of Finman’s corporate data by Datanal and Minertek. 2.  Justify how your recommendations will assure that Finman’s property, patents, copyrights, and other proprietary rights are protected.   B.  When you use sources, include all in-text citations and references in APA format. Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points. Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section. Note: When using sources to support ideas and...

Words: 319 - Pages: 2

Task3

...Task 2: Misrepresentation In this task I will be describing the law with respect to misrepresentation in a given situation, I am also going to be identifying factors which invalidate and vitiate contracts with regards to misrepresentation. “Misrepresentation is a tort, or a civil wrong. This means that a misrepresentationcan create civil liability if it results in a pecuniary loss. For example, assume that areal estate speculator owns swampland but advertises it as valuable commerciallyzoned land. This is a misrepresentation. If someone buys the land relying on thespeculator's statement that it is commercially valuable, the buyer may sue thespeculator for monetary losses resulting from the purchase.” http://legal-dictionary.thefreedictionary.com/misrepresentation The effect of a finding of misrepresentation is the contract is voidable which means that the contract exists but it can be set to aside by the representee. The solution available depends on the type of misrepresentation, but generally consists of recession and or damages. In some circumstances the right to rescind the contract can be lost. The law that relates to misrepresentation is found in common law with the misrepresentation Act 1967. There are 3 types of misrepresentation: innocent misrepresentation, negligent misrepresentation and fraudulent misrepresentation. Once it has been established that a false statement was made and that it induced the contract, it needs to be decided what type of......

Words: 1121 - Pages: 5