From the Research Paper in Lesson 4 share the types of countermeasures you discovered.

This defense in depth discussion scenario is an intentional cybersecurity attack on the water utility’s SCADA system. It occurs during the fall after a dry summer in Fringe City. The water utility’s Information Technology (IT) person did not receive an expected pay raise and decides to reprogram the SCADA system to shut off the high-lift pumps. The operator’s familiarity with the SCADA system allows him to reprogram the alarms that typically notify operators of a high-lift pump failure. In addition, he prevents access to the SCADA system by others. A wildfire breaks out on the outskirts of the city. Please identify what type(s) of new countermeasures should have been implemented to prevent this cyber attack from occurring.

Start a discussion thread and discuss what type(s) of new countermeasures should have been implemented to prevent the cyber attack described above from occurring. Be specific in recommending countermeasures for this scenario.

You must do this following:

1) Create a new thread. As indicated above,  discuss what type(s) of new countermeasures should have been implemented to prevent the cyber attack described above from occurring. Be specific in recommending countermeasures for this scenario.

2) Select AT LEAST 2 other students’ threads and post substantive comments on those threads. Your comments should extend the conversation started with the thread. 

ALL original posts and comments must be substantive. (I’m looking for about a paragraph – not just “I agree.”)

Responses to Other Students: Respond to at least 2 of your fellow classmates with at least a 100-word reply about their Primary Task Response regarding items you found to be compelling and enlightening. To help you with your discussion, please consider the following questions:

• What did you learn from your classmate’s posting? 
• What additional questions do you have after reading the posting? 
• What clarification do you need regarding the posting? 
• What differences or similarities do you see between your posting and other classmates’ postings?

The SLA management system mechanism speaks to a scope of financially accessible cloud administration items that give highlights relating to the organization, collection, storage, reporting and runtime notification of SLA data.

A SLA administration framework sending will for the most part incorporate a storehouse used to store and recover collected SLA information in light of pre-characterized measurements and revealing parameters. It will additionally depend on at least one SLA screen systems to gather the SLA information that would then be able to be made accessible in close realtime to use and organization gateways to give continuous input in regards to dynamic cloud administrations.

Why it is important in cloud infrastructure management?

An SLA serves as both the blueprint and warranty for cloud computing. The SLA monitor mechanism is used to specifically observing the runtime performance of cloud service to ensure that they are fulfilling the contractual Quality of service(QoS) requirements that are published in SLA. The data collected by SLA monitor is processed by SLA management system to be aggregated into SLA reporting metrics.

Convert SLAz to help overall business outcome : Even though the cloud computing market in world is growing considerably, very few Small Medium Business(SMB) companies have the IT maturity to take an infrastructure-based SLA and map it to business outcomes. Organizations should opt for SLAs that best suit the business requirements, instead of going in for strigent. If the organization decides on a stricter SLA infrastructure level, then the cost will have to borne by the company itself. Clod SLA monitoring becomes logical and partical when focus is on a prudent business-transaction-level SLA(Number if hits on the website, database  transaction etc) and not just the infrastructure level SLA( response time, latency and availability).

                                                                        Reference

Mandar, K. (2011). 6 cloud SLA monitoring tips for better service delivery. Computer weekly. Retrieved from https://www.computerweekly.com/tip/6-cloud-SLA-monitoring-tips-for-better-service-delivery

Thomas, T. (2011). Service Level Agreements in the cloud : who care? . wired. Retrieved from https://www.wired.com/insights/2011/12/service-level-agreements-in-the-cloud-who-cares

  INFORMATION GOVERNANCE SEMESTER PROJECT – PHASE I Introduction to the Company: Security Transport Professionals Incorporated (STP), has its home office located in Lexington, Kentucky and in addition has more than 3,000 employees located in each of its branch offices located in Houston, Texas and San Diego, California. STP is primarily a nationwide freight hauler. Its customer are comprised of major market retailers particularly in the medical and pharmaceutical industry, the federal government, and several state governments. STP operates a fleet of trucks and private cargo planes that it uses to move “goods” belonging to its customers from one destination to another across the continental United States. Its fleet of truck carriers are located in Lexington, Kentucky with it planes located in Louisville, Kentucky. STP carries and transports highly controlled, narcotics and scheduled prescription drugs, toxic, radioactive, nuclear, and top secret materials from one facility belonging to its customer to another. The method of transport depends on the type of cargo being hauled. In addition to hauling/forwarding its customers products/goods, STP is required from time to time to store its customer goods for brief periods of time. Two years ago STP began contracting with a number of subcontractors hereafter referred to as either “limited joint partners (LJPs)” or “independent subcontractor alliances (ISAs)” for the purpose of expanding its freight forwarding, storage, and delivery service. Due to the confidential nature of the freight that it transports, STP vets its employees, as well as any subcontractors (LJPs and ISAs) that it engages. STP’s business objectives and goals include the confidential, safe and secure movement of its customer goods, from the customer/distributor to its client, or from one of its customer’s locations to another of the customer’s locations in a timely and efficient manner using costeffective methods. Alternatively, STP may transfer this responsibility to one of its limited joint partners (LJPs) or independent subcontractor alliances (ISAs), if it is more cost-effective and the income differential is within acceptable limits. There are 3 LJPs with which STP had entered into contracts.  LJPs are corporate organizations in the same industry that offer essentially the same services as STP, and who are generally competitors of STP. However, when the job requires resources that exceed those of STP or its competitor, the two will enter into an agreement to jointly undertake the contract together, and will together provide the same full range of services, with both entering into the same contract or joint venture with the customer. Independent subcontractor alliances (ISAs) differ from Limited Joint Partners (LJPs) in that a ISA is not a direct competitor of STP. Rather, the ISA is a company that offers a subset of services to STP, or contracts with STP to provide it with necessary resources to perform the particular job at hand. For example, an ISA may be a warehousing company that provides only storage facilities for STP. Alternatively, an ISA may be a company that is engaged in service and repairs for STP’s trucks and planes, and/or provide sterilization and cleaning services for STP’s trucks and planes upon completion of a job, where STP had transported hazardous or toxic materials, requiring specific types of sterilization or cleaning services for its transport vehicles. There are other types of ISA that STP engages and contracts with. With regard to ISAs, STP is the only organization that will contract with its customer or who will be identified to the customer. It will then enter into its own separate subcontractor contract with its ISA, and the ISA is not identified to STP’s customer. There is no definitive number of ISAs that contract with STP. The specific ISAs used (if any) will vary depending on the geographic location or area of the country involved and the availability and cost of the ISA available to service the area. STP is also under pressure from several of its competitors in the industry. The competitive market is driving STP to improve its routes, delivery methods, fleet vehicles, and other facets of its business to increase profits (a strategic goal) and to reduce costs. The company realizes that its information technology infrastructure has been neglected for some time and that many operating locations are running on outdated hardware and software. On several occasions last year, STP suffered no less than four network compromises through one of its LJP Internet sites that led to the disclosure of sensitive and strategic information on contracts and mergers. The chief information officer (CIO) made a strategic presentation to the board of directors and executive management to first assess the aging infrastructure and then, develop a multi-year  phased approach to have all sites (except for LJP and ISA) on the same hardware and software platforms. Information about the assessment indicates that the current state core infrastructure (switches, routers, firewalls, servers, and so on) must be capable of withstanding 10-15% growth every year for the next seven years with a three-to-four-year phased technology refresh cycle. There is a hodgepodge of servers, switches, routers, and internal hardware firewalls. Nearly all of the infrastructure is woefully out-of-date in terms of patches and upgrades. This operational neglect has unduly increased the risk to the network, in terms of confidentiality, integrity, and availability. Since this will be a multi-year technology upgrade project, something must be done to reduce STP’s exposure to vulnerabilities to increase the overall security profile and reduce the risk profile. Now that the funding has been approved for the infrastructure assessment, the CIO has decided that it might be a good idea to implement an Information Governance Program into the organization, assuming he can sell the corporation on its benefits. To that end, the CIO has hired you as IG Project Manager to assist in initial preparatory stages. STP Job Roles: In addition to the CIO, below is a list of individuals at STP to whom you have been introduced. The CIO has informed you that you can call upon any or all of the individuals who hold these job roles/titles for assistance and may name any of them to be on your project team. You may also call upon any of the heads of the various business units for assistance, as well as a designated contact person for each of STP’s LJPs and ISAs. ▪ Chief Executive Officer (CEO)* ▪ Chief Information Officer (CIO)* ▪ Chief Financial Officer (CFO)* ▪ Executive VP of Marketing* ▪ VP of Human Resources ▪ In-house Counsel ▪ In-house Financial Analyst and Risk Manager ▪ Senior Records Manager ▪ Senior IT Manager ▪ IT Security Expert ▪ Overland Transport Manager  ▪ Airway Transport Manager ▪ Overland Transport Manager ▪ Airway Transport Manager ▪ Southern Region General Manager (Houston, Florida) ▪ Western Region General Manager (San Diego, California) ▪ Information Security Specialist * This individual is also a member of STP’s Board of Directors INSTRUCTIONS: While it should go without stating, information related to each of STP’s customers and the products that you are transporting for them is highly sensitive, and in some cases top secret. You want to make sure that any IG Program that STP ultimately implements will allow STP to retain all of the information about its customers, the product transported, and the particular haul that it is required to keep pursuant to federal and state law. You want to insure STP that the proper information will be retained that it might need for purposes of litigation and e-discovery. At the same time, you don’t want STP to keep unnecessary information for extended periods of time, thereby increasing the cost and time involved with processing and retention. 1. First, select and list 10 individuals to serve on your IG project team. Explain why you selected the team members that you did. 2. Conduct the necessary research for each of STP’s state of home office (Kentucky), and for the state of each of its primary hubs (Texas and California), that will allow you to (a) educate yourself and your team members on the mandatory information retention requirements and privacy consideration for each of the three states, and (b) be able to intelligently discuss the legal and regulatory requirements with in-house counsel. You will want to conduct internet research on this and may also want to review Appendix B in your text book. Do not ignore this area of the project. 3. Ultimately, your team will be required to create a “risk profile” and risk analysis, that will describe the set of risks facing STP in achieving its business objectives while protecting its information and that of its customers, LJPs and ISAs, and which will allow STP to assess the likelihood these risks hold and their potential impact, if materialized, and in addition will permit STP to identify risk mitigating factors to be implemented. You need to brainstorm in order to present the information to your team members that will facilitate the creation of a risk profile and analysis. To that end, create a top-10 list of the greatest risks to information that STP will face, ranking your list in order from highest or greatest risk to lowest, for each risk identified, state whether you believe the risk could be assumed, transferred or mitigated in full or in part. Also, for each risk identified identify the individual, title or business unit that the team member will want to contact in order to obtain additional information about the fundamental activity that will assist your team in fully completing the risk profile and analysis.  

List Outcomes from Your 16 -Week Course – List the outcomes (objectives) as written in the course syllabus from the 16 – week hybrid course.

Ø Identify recent technological changes which have broadened the scope and applicability of legal transactions

Ø Using freely available internet sources, search for and download state and federal statutes and case law pertaining to a Cyberlaw subject and cite that law using standard legal notation.

Ø Describe the legislative process and Court interpretation of statutes by case law with respect to cyber events.

Ø Identify the constitutional and statutory criteria which are designed to protect rights to intellectual property for copyrights, trademarks, and patents and show how those rights have been protected by Court action in internet transactions.

Ø Identify and describe statutory and case laws which the government uses to influence commerce on the internet.

Ø Describe the transition of traditional tort litigation to its use in internet transactions.

Ø Using freely available internet sources, search for and download state federal statutes and case law pertaining to an internet crime and cite that law using standard legal notation.

Ø Identify and discuss methods which are used to violate either private or public interest by malicious use of the internet.

Ø Describe the limitations of venue-based litigation in internet procedures and propose methods of resolution of disputes by new or different technology and procedures.

Work Experience: 

· Responsible in delivering the complete Project Plan with total supporting data which included the status Reports, Issues Log, Performance Testing Matrix, detailed Testing Reports, Fine tuning Recommendation reports to both Executive Management & Senior Management

· Responsible to provide Technical and Functional Support to the users, tester and Business System Analysts

· Managing and Preparation of the Test Plan and Test strategy for the various projects

· Liaison with the onsite and offshore teams for testing status and issue resolution

· Tested the data mapping, fixing errors

· Tested staging table for EDI 210 Invoice, Balance Due Invoice, EDI 810 Invoice inbound, 850 Inbound Purchase order

· Tested Web service using SoapUI

· Involved in User acceptance testing (UAT)

· Written standard test scripts for Oracle Financial, Procure to Pay, SOA, web services

· Involved in standard Functionality testing in Phase I Phase II for 3 Instance

· Documented and communicated test results to the test Management and Business Management Team

· Worked closely with Developers team for different issues

· Experience with test automation tools like JIRA

· Worked on the testing of SaaS, Web services, XML and web application.