By implementing some fairly basic security protocols and trusting cloud computing service providers to utilize available resources to ensure proper encryption and access control on their end, companies can greatly minimize their exposure to insider risks (Durkee, 2010). This trust is in and of itself a risk, however, and the lack of direct control presents an unavoidable risk in cloud computing.
A recent case that is both highly unique and highly extreme in many of its details highlights many of the specific problems that are encountered with cloud computing networks and their inherent dependence on off-site and external systems, equipment, and personnel. Last year's flooding in Thailand forced many companies to move to cloud computing options for their data storage and communication needs as well as for many ongoing operations, as on-site data centers and other hardware become inoperable due to rising water levels and power interruptions/other infrastructure problems (Sambandaraska,…...

mla

References

Durkee, D. (2010). Why cloud computing will never be free. Communications of the ACM 53(5): 62-9.

Gold, J. (2012). Protection in the cloud. Internet Law 15(12): 23-8.

Qaisar, S. & Khawaja, K. (2012). Cloud Computing: Network/security threats and countermeasures. Interdisciplinary Journal of Contemporary Research in Business 3(9): 1323-9.

Reddy, V. & Reddy, L. (2011). Security architecture of cloud computing. International Journal of Engineering Science and Technology 3(9): 7149-55.

Many people know that they are not educated enough in the complicated technologies that are seen in cloud computing and insider threats. As such, it is often a general consensus of the people to not trust such technologies they cannot clearly define. Using a systems-oriented approach will allow the current research to dive into these opinions and help uncover what societal structures are leading to this general sense of mistrust and disapproval. A system-oriented approach will allow the research to understand what factors influence people to fear the topics so much, while others tend to see cloud computing as a new wave of the future. These can lead into assumptions regarding divisions in society that can account for very different viewpoints from a holistic approach.
This can be combined with the use of thick description as a way to get underneath some of the more shallow responses participants might provide.…...

mla

References

Schram. (2006). Clarifying your perspective.

Shank. (2006). Interpreting.

Cloud Computing and Insider Threats)
A survey will be conducted of 40 businesses that have successfully dealt with insider threats. These 40 businesses will be compared with another online survey that arbitrarily and randomly samples other businesses.

My objectives will be to assess how 40 large companies successfully deal with insider threats and how these practices contrast with practices from other companies.

My methodology will be the following: I will randomly select 40 companies from the top Fortune 500 companies and, approaching their manager, will ask the manager whether I can conduct a survey on computer security on their company and whether I can distribute this survey to officials form their IT division. The survey will have certain key items, some of which will be graded on a Likert scale from 0 to 5. One of the questions may, for instance, be "ow secure do you think your company's computer is from…...

mla

How Online Surveys Work

 http://money.howstuffworks.com/business-communications/how-online-surveys-work8.htm 

Power, Richard. (1999) CSI/FBI Computer Crime and Security Survey." Computer Security Issues & Trends..20

adopting the use of cloud-based technologies in the last five yeas. This tend has caused a significant shift in the way that many oganizations inteact with infomation both intenally and extenally. Yet thee ae also many isk factos inheent in these technologies, some of which ae the esult of inside conspiacy (Bende & Makov, 2013).
Cloud computing offes many advantages ove taditional IT infastuctue which make it an attactive option, howeve it also exposing oganizations to new foms of secuity issues (Bende & Makov, 2013).

Thee ae many secuity measues that ae needed to mitigate potential secuity isks associated with cloud computing such as data theft, fines, and pivacy

. Many of the most technologically advanced companies, such as IBM, Amazon, and Google, faced many challenges when implementing cloud-based platfoms. Futhemoe, despite apid development in cloud technologies in ecent yeas, thee ae many diffeent cloud computing definitions that ae being used (Du…...

mla

reference list in every writing submission, even if you are only sending the intro/problem/purpose

This citation appears to be a book.

All citations in the CP must be from primary, peer-reviewed sources, with a few exceptions related to theoretical resources, and foundational methodological resources.

This is not a primary peer-reviewed sources that would serve to support the strength of your problem statement.

Please review the template for required elements in the problem statement.

Threats to Ownership and Copyright of Intellectual Property
The intellectual property (IP) is defined as an original creative work, which may be tangible or intangible form legally protected by law. (aman, 2004). The intellectual properties include the rights to scientific, artistic and literary works. Moreover, IP covers the invention of human endeavor, scientific discoveries, and industrial design. A current revolution of information technology has made IPs the greatest assets of assets. In the last few decades, there has been a rapid growth of digital discoveries where the IPs of the digital products are in electronic format. However, hackers have taken the advantages of the digital form of IP products by invading and stealing their IP in order to produce the counterfeited products and later sell them online. (Zucker, & Nathan, 2014). IP theft refers to an infringement of patents and copyright through counterfeiting of digital theft. Counterfeiting is an imitation of…...

mla

Reference

Barker, D. M., (2005). Defining the Contours of the Digital Millennium Copyright Act: The Growing Body of Case Law Surrounding the DMCA, 20 Berkeley Tech. L.J. 47.

Guess, R., Hadley, J., Lovaas, S., & Levine, D.E. (2014). Protecting digital rights: Technical approaches. In Bosworth, et al. (Eds.), Computer Security Handbook (6th ed., pp. 42.1-42.23). New York, NY: John Wiley & Sons.

IP Center (2011). Intellectual Property Rights Violations: A Report on Threats to United States Interests at Home and Abroad. National Intellectual Property Rights Coordination Center.

NIPRCC (2011). Intellectual Property Rights Violations: A Report on Threats to United States Interests at Home and Abroad .National Intellectual Property Rights Coordination Center.

Without the ability to test the cloud computing insider threat risk assessment framework through the development of best practice recommendations for controlling these risks, this framework would be all but useless, and thus the concrete and practical nature of the second research purpose is important internally to the research as well as to the real-world business and technology communities. esearch that is immediately and practically useful tends to find greater support and also leads to more extensive and meaningful discussions while also promoting more related research, and this purpose is considered valuable for this element, as well. Through the practical recommendations made in the fulfillment of this second research purpose, the academic and the practical knowledge gained in this area will both be greatly enhanced.
These research purposes will directly address the problems identified as central to this research. Through the creation of a risk assessment framework for insider threats…...

mla

References

Chow, R., Golle, P., Jakobsson, M., Shi, J… & Molina, J. (2009). Controlling data in the cloud: outsourcing computation without outsourcing control. Proceedings of the 2009 ACM workshop on Cloud computing security: 85-90.

Jansen, W. (2011). Cloud Hooks: Security and Privacy Issues in Cloud Computing. 44th Hawaiian International Conference on System Sciences.

Joshi, J. & Ahn, G. (2010). Security and Privacy Challenges in Cloud Computing Environments. Security & Privacy, IEEE 8(6): 24-31.

Subashini, S. & Kabitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(1): 1-11.

Homeland Security 420 WA3
Three locations in and near New York City are assessed for vulnerabilities and threats, and then prioritized according to the security considerations and analysis. The Kuehne Chemical plant in South Kearny, New Jersey, is the only one of the three selected locations that is inherently a risk to citizens. The other two selected locations -- Carnegie Hall and the United Nations headquarters -- are vulnerable to threats and at risk primarily because they are notable Manhattan landmarks and often contain large assemblages of people.

Of the three locations, the Kuehne Chemical plant is the highest security priority due to the worst-case scenario for the site as estimated by the Department of Homeland Security, and as defined in their isk Management Plan that was submitted to the Environmental Protection Agency. The United Nations Headquarters is the second security priority primarily because so many other opportunities to threaten and…...

mla

References

Radford, P. (2010, June 22). New Jersey chemical plant puts 12 million at risk, threatens most lives in New York City. Huffington Post. Retrieved from  http://www.huffingtonpost.com/philip-radford/new-york-chemical-plant-p_b_620849.html 

____. (1994, December 9). Convention of the Safety of United Nations and Associated Personnel, Office of Legal Affairs, Codification Division, United Nations. Retreived from  http://www.un.org/law/cod/safety.htm 

____. (2002, November). A Method to Assess the Vulnerability of U.S. Chemical Facilities. U.S. Department of Justice, Office of Justice Programs, National Institute of Justice. Retreived from  https://www.ncjrs.gov/pdffiles1/nij/195171.pdf 

____. (2003, July). Vulnerability Assessment Methodologies Report, Phase I, Final Report. U.S. Department of Homeland Security, Office for Domestic Preparedness. Retrieved from http://www3.cutr.usf.edu/security/documents/DHS_OPD/Vulnerability%20Assessment.pdf

Cyber Threats and Vulnerabilities of Database Application
In the contemporary business environment, private and public organizations are increasing using database applications to store employee and customer records. Similar to private organizations that produce goods and services, increasing number of healthcare organizations are also taking the advantages of the associated benefits of the database to store employee and patient's records. (Goodrich, & Tamassia, 2011). While there are different types of database applications tailored to serve different industries, the iTrust database has been developed for a healthcare industry. The iTrust is a cloud-based healthcare database application that assists medical providers storing and managing medical records of patients and health providers.

Similar to a traditional database that contains a number of tables to store medical records, iTrust also has tables to store medical records, the iTrust also serves as the patient-centric application used to maintain an EH (electronic health record) that combines medical information from…...

mla

Reference

Anderson, R. (2008). Security engineering -- A guide to building dependable distributed systems (2nd ed.). New York, NY: John Wiley & Sons Publishing, Inc. Chapter 26, "System Evaluation and Assurance"

Bidgoli, H. (2006).Handbook of information security, volume 2. New York, NY: John Wiley & Sons, Inc.

Goodrich, M., and Tamassia, R. (2011). Introduction to Computer Security. Chapter 9, Security Models and Practice, pp. 460-474 sections: 9.3, 9.4 and 9.5.

Sfetcu, N. (2014). Web Design & Development. Opciones de descarga.

Information echnology Annotated Bibliography
Annotated Bibliography

Cloud Computing and Insider hreats

Bhadauria, R., Chaki, R., Chaki, N., & Sanyal, S. (2011) A Survey on Security Issues in Cloud Computing. CoRR, abs/1109.5388, 1 -- 15.

his article is very explanatory in nature. his article would serve best in the opening sections of a research paper, such as in the introduction or the historical review. his article has a formal and academic tone; the intention to be informative. Readers who have little to no knowledge in this area would be served well by this article. Furthermore, more advanced readers and more knowledgeable readers would benefit from this article as it is comprehensive and would be favorable for review purposes or purposes of additional research. he article explains with texts and with graphic representations the nature of cloud computing, provides a brief history, and lists implications for use and research. he article is both a conceptual and…...

mla

This article would fall best under such headings are implications for further research or as part of the section focusing upon the research question or problem itself. This is another article that provides a brief history and synopsis of cloud computing before delving into the particular issue at hand. This article specifically examines the use of cloud computing and the possibility of cloud hooks, a type of threat to the cloud. The tone of the paper is to be informative as well as preventative. The author's primary concern is for readers and those who manage & operate clouds to make the most informed decisions regarding security and privacy as possible. The author provides concise descriptions of some of the most dangerous and commons threats to security of the cloud and privacy of information in cloud computing. While the author supports the use and the benefits of cloud computing, ultimately this article is an admonition that with use should come awareness and preparation. This article could additionally work well within a research paper under the heading of methodology.

6. Kolkowska, E. (2011) Security Subcultures in an Organization -- Exploring Value Conflicts. Available from: is2.lse.ac.uk/asp/aspecis/20110241.pdf. 2012 July 23.

This article is quite interesting because it approaches the topic of cloud computing from a more cultural, human, organizational, and sociological perspective. The author wants readers to consider who information system policies are compromised due to personalities and subcultures within a particular organization utilizing cloud computing and other forms of information technology that require security protocols. The author researches how attitudes and perceptions ultimately influence behaviors directly related to information technology security at the workplace. One of her main arguments is that information security comes from technical aspects as well as cultural aspects within the organization.

Briefing on Security
Board Briefing on Security

Terrorism in Commercial Organizations

Terrorism in Airlines

Current Threats to Aviation

Insider Threats

Automation Adds Efficiency

Improving Total Operations

Increased Threats from Advanced Explosives

Threat against Airline Services and Airports

Necessary Steps to Improve Aviation Security

Terrorism is the systematic use of terror. It does not have a legal binding or definition in criminal law. Commonly, it is referred to creation of fear through violence (Townshend, 2002). Terrorism is usually defined and assumed as a group phenomenon (Hofmann, 2012). Terrorism has spread across the globe with its many forms and indicators. The emotional and diplomatic use of the word terrorism has resulted in a difficulty to provide an appropriate definition of terroorism (aman, 2008). esearches have figured out more than hundred definitions of the word. The notion of terrorism is arguable due to two main reasons. Firstly, it is often used by government and other ruling bodies to delegitimize political or other rivals,…...

mla

References

Dyson, W.E. (2012). Terrorism: An Investigator's Handbook. New York: Anderson Publishing.

Friedman, D.M., & Mitchell, C. (2009). Security Measures in the Commercial Trucking and Bus Industries. New York: John Wiley and Sons.

Jain, A. (2013, January 1). Addressing The Insider Threat. Retrieved from Security-today:  http://security-today.com/Articles/2013/01/01/Addressing-The-Insider-Threat.aspx 

Parr, A. (2009). Hijacking Sustainability. New York: MIT Press.

Insider Threats#NITAM: Preventing the Recruitment of Insider Threat Actorshttps://www.infosecurity-magazine.com/news-features/preventing-recruitment-insider/Since the COVID crisis of 2020, malicious cyber actors functioning as insider threats have posed a risk for companies according to the US National Counterintelligence and Security Center (NCSC) and National Insider Threat Task Force (NITTF). Disgruntled insiders can use ransomware, phishing and malware to cause harm anywhere employees use the Internet and computers in order to gain access to data, control of networks, or to steal money. This is important because sensitive information and funds could be stolen by malicious actors from within a company. One possible solution is for companies to monitor forums, social media, disgruntled employees, and people under financial stress who work for them more closely to be aware of potential bad actors.Legend: Who, What, When, Where, Why, How, So What?!, possible SolutionWho: malicious cyber actors as insider threatsWhat: phishing, ransomware or cryptocurrency scams identified by US National…...

Enterprise-Wide isk Assessment
The best choices made in enterprise-wide risk assessment are ones which admit that no organization can adequately prepare and protect themselves from every risk. ather, in order to engage in enterprise-wide risk assessment in a lasting and meaningful way, one needs to be able to pinpoint critical assets along with key vulnerabilities. This chapter covers yet another issue in this process, which is the ability to understand the threat environment that one's work or business exists within, so that one can accurately assess the overall risk of the enterprise.

Another solid choice in comprehensive enterprise-wide risk assessment is the issue of anticipating and preventing for insider threats. Too much time, money and energy is spent on protecting data from external threats, when there are already significant security issues presented from the inside to one's network or systems. Security awareness training is one solid way that one can prevent against…...

mla

References

Cappelli, D.M. et al., (2013). The CERT Guide to Insider Threats. Upper Saddle River: Pearson

Education

Persistent Threats
One of the biggest risks that companies face is advanced persistent threats.

Advanced persistent threats can be very harmful to a company and can come in various forms as hackers have a variety of methods in their tool belt; however, on the receiving end, companies should be prepared for cyber attacks -- and yet they often are not, because of carelessness, neglect, lack of oversight, regulation, accountability, transparency, review, and an ability to conduct proper assessment. APTs are happening all the time and can be traced to origin locations all over the world (Norse, 2016). Cyber security should be therefore a number priority for any and all businesses that utilize information systems software and hardware. As the Norse Map shows, countries in both the East and the West are waging cyber war against one another; cyber security is therefore a real going concern for all (Norse, 2016).

Discuss the most…...

mla

References

Boyens, J., Paulsen, C., Bartol, N., Moorthy, R., Shankles, S. (2012). Notional Supply

Chain Risk Management Practices for Federal Information Systems. Retrieved from  http://csrc.nist.gov/publications/drafts/nistir-7622/second-public-draft_nistir-7622.pdf 

Earned Value Analysis. (2012). Project Management Guru. Retrieved from  http://www.projectmanagementguru.com/eva.html 

Fleming, Q., Koppelman, J. (2000). Earned Value Project Management. PA: Project

New Solutions to New Threat: Optimizing the emote Work Environment during a Global COVID- PandemicGiven the continuous political turmoil emanating from the nations capital for the past three and a half years, few observers would likely have regarded 2019 as the good old days, but the multiple crises of an ongoing global COVID-19 pandemic combined with a devastated economy, massive unemployment and growing unrest over racial disparities underscore just how fast things can change and how bad things can get without warning. Indeed, the good old days of 2019 appear golden by comparison, and there is currently no real end in sight. These trends have introduced new issues with respect to what types of information security education and maintenance and what protocols are necessary in the wake of the ongoing COVID-19 pandemic as well as comparable calamitous events in the future. The purpose of this research paper is to provide…...

mla

ReferencesAlert AA20-126A. (2020, May 5). Cybersecurity & Infrastructure Security Agency. Retrieved from Cyber threat exploitation. (2020). National Cyber Security Centre. Retrieved from  https://www.cisa.gov/sites/default/files/publications/Joint_CISA_UK_Tip-COVID-19_Cyber_Threat_Exploitation_S508C.pdf .COVID-19 pandemic has hackers working OT. (2020, April). USA Today, 148(2899), 13.Davis, S. (2010, November 25). Effective training and policy takes the fear out of social networking. Illinois Institute of Technology White Paper: Author.Lanz, J. & Sussman, B. I. (2020, June). Information security program management in a COVID-19 world. The CPA Journal, 90(6), 28.Martinelli, M., Friedman, A. E. & Lanz, J. (2020, June). The impact of COVID-19 on internal audits. The CPA Journal, 90(6), 60.Meredith, S. (2020, October 22). Learn to live with the pandemic: Physicians warn that a vaccine may not prevent Covid from becoming endemic. CNBC. Retrieved from  https://www.cnbc.com/2020/10/22/coronavirus-physicians-warn-virus-may-become-endemic-despite-vaccine.html .Mookerjee, V., Mookerjee, R., Bensoussan, A. & Yue, W. T. (2011, April 8). When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Information Systems Research, 22(3), 410-420.Mutune, G. (2019, August). Ten essential cybersecurity controls. CyberExperts. Retrieved from  https://cyberexperts.com/cybersecurity-controls/ .Patrick, B. (2020, September). Stymie hackers with these six steps. Journal of Accountancy, 230(3), 79-83.Schultz, A. (2009, December 23). Controlling the emerging data dilemma: Building policy for unstructured data access. Illinois Institute of Technology White Paper: Author.Trump’s America in 2024. (2020, October 23). The Washington Post. Retrieved from https://www.washingtonpost.com/opinions/trumps-america-in-2024/2020/10/23/f7be173a-14a6-11eb-bc10-40b25382f1be_story.html.https://us-cert.cisa.gov/ncas/alerts/AA20126A.COVID-19

Strategy of E-Procurement and IT Architecture
1a) Planned Strategy in E-procurement

A large number of organizations adopting electronic commerce (e-commerce) have identified e-procurement as an effective strategy that can be used to enhance the competitive market advantages. In a business environment, a traditional procurement faces challenges of a paperwork workload associated that includes a purchase order, delivery order, and statement of work, invoice, and payment. All these process increase an organizational cost of production. Typically, e-procurement eliminates this workload by assisting management purchasing or supplying goods and services electronically at lowest possible costs using the paperless transactions.

A report carried out by the CIPS (2013) reveals that the goal of e-procurement is to use the latest information technology to link suppliers and customers thereby improve the value chain process. In essence, the e-procurement is a critical component of e-commerce, and the major goal of an e-procurement process is to enhance the speed…...

mla

Resources Management in Canada. Toronto: Pearson Prentice Hall.

Shrinivas P. 1 Winai, Wo. (2015). Information technology (IT) outsourcing by business process outsourcing/information technology enabled services (BPO/ITES) firms in India: A strategic gamble. Journal of Enterprise Information Management. 28 (1):60-76.

Jerome, B. (2001). The hidden costs of IT outsourcing: lessons from 50 IT-outsourcing efforts show that unforeseen costs can undercut anticipated benefits. Understanding the issues can lead to better outsourcing decisions. MIT Sloan management review.

Schaefer, S. (1999). Product design partitions with complementary Components. Journal of Economic Behavior & Organization. 38 (1999) 311-330.

Software Engineering Institute (2013). Unintentional Insider Threats: A Foundational Study. Department of Homeland Security.

1. Granular control: An ACL allows administrators to define specific rules and permissions for different users, devices, and applications within a network. This granular control ensures that only authorized individuals have access to sensitive data and resources, reducing the risk of unauthorized access.

2. Restricting access: ACLs can be used to restrict access to certain resources based on criteria such as IP address, port number, or protocol. This helps in preventing unauthorized users from gaining access to critical systems and applications within the corporate network.

3. Monitoring and auditing: ACLs enable administrators to monitor and track user activity within the network by....

1. Implement monitoring and auditing tools to track and analyze employee behavior, such as network activity, file access, and email communications.

2. Establish clear policies and procedures for data security and access control, including restricting access to sensitive information on a need-to-know basis.

3. Provide ongoing training and education for employees on cybersecurity best practices, including the risks and consequences of insider threats.

4. Conduct regular security assessments and audits to identify potential vulnerabilities and gaps in security measures.

5. Encourage employees to report any suspicious behavior or unauthorized access to sensitive information, and establish a process for investigating and responding to such reports.

6.....

Measures to Detect and Prevent Insider Threats

Insider threats pose a significant risk to organizations, as they originate from within and can cause extensive damage. To effectively mitigate these threats, organizations need to implement a comprehensive strategy encompassing detection, prevention, and response mechanisms. Here are key measures to consider:

1. Enhance User and Entity Behavior Analytics (UEBA):

UEBA systems monitor user and entity behavior patterns to identify anomalies that could indicate malicious activity. By analyzing deviation from established baselines, organizations can detect suspicious activities, such as unauthorized data access or unusual file transfers, in real-time.

2. Implement Role-Based Access Control (RBAC):

RBAC strictly defines user....