Identify the scanner used to produce the report. Is the tool open source or commercial? Do you consider the tool to be industry standard? What are some advantages to using the tool? Disadvantages? What is your overall impression of the tool’s output?

Vulnerability Process and Assessment Memo

Overview

 In this section, provide a brief overview to establish the purpose of your memorandum. You should introduce the topics in Parts 1, 2, and 3, below. Remember that you are writing to your immediate boss to help her address the CEO’s concerns over recent cybersecurity attacks against the transportation sector. Additionally, your boss has provided you with the results of a recent pen testing engagement performed by a third party on behalf of Mercury USA.

 Part 1: Vulnerability Management (VM) Process Recommendation

In this section, present a recommended VM process for Mercury USA. Highlight the major VM process components as you learned in your studies. Explain how your recommendation meets the business needs of Mercury USA. Consider the transportation sector and the overall scenario in context. The text and questions below represent specifics to focus on while writing the memorandum. Do not include the specific text of the questions in your final submission.

  • What are the main elements of a VM process, tailored to Mercury USA and the transportation sector?
  • How will you plan for and define the scope of a VM process?
  • How will you identify the assets involved?
  • How will you scan and assess vulnerabilities?
  • What is/are the industry standard scanning tools? Support your findings.
  • What frequency of scanning do you recommend and why?
  • How will you report the results of scanning and recommended countermeasures?

 Part 2: Vulnerability Scanning Tool Evaluation and Recommendations
After performing an analysis of the vulnerability report provided by the third-party penetration testers, present your evaluation of the tool and your recommendations here. The text and questions below represent the specifics to focus on while writing your memorandum. Do not include the specific text of the questions in your final submission.

  • Identify the scanner used to produce the report. Is the tool open source or commercial? Do you consider the tool to be industry standard?
  • What are some advantages to using the tool? Disadvantages?
  • What is your overall impression of the tool’s output?
  • Does the tool provide enough reporting detail for you as the analyst to focus on the correct vulnerabilities? Can you appropriately discern the most critical vulnerabilities?
  • Do you think mitigations for the vulnerabilities are adequately covered in the report?
  • Do you think the reports are suitable for management? Explain why or why not.
  • Would you distribute the report automatically? Explain why or why not.
  • Would you recommend that Mercury USA use the tool? Explain why or why not.

 Part 3: Business Case Example

 In this section, provide an example of what could happen if Mercury USA does not implement your recommendations for a VM process (e.g., data exfiltration, hacker intrusions, ransomware, etc.). The text and questions below represent the specifics to focus on while writing your memorandum. Do not include the specific text of the questions in your final submission.

  • What are some of the outcomes to the business if your example occurred?
  • How does your recommended VM process address the example you used?
  • For the tool you evaluated in Part 2 above, do you think the tool will be adequate? Why or why not?

 

Closing

In this section, summarize the main points of your argument for a VM process, tool evaluation, and use the case example to support your recommendations. Keep in mind that you are addressing the CEO’s concerns over recent cybersecurity attacks against the transportation sector and how you can help increase Mercury USA’s overall security posture to protect the organization against attacks, breaches, and data loss.

Discuss at least two automated deployment options discussed in Lesson 1 that you think would be appropriate for the deployment. Include analysis of the pros and cons of each method. How will you address concerns that the client has about how end users will be affected by the upgrade?

Project 1: Windows Upgrade Plan

Objective

Provide a summary of your recommendation of a specific version of Windows 10. Explain how your choice meets the business needs of Tetra Shillings Accounting.

 The opportunity: Benefits of upgrading to Windows 10

Discuss the client’s current Windows 8 environment and the issues related to running an older version of the Windows operating system.

  • Based on what you know about the client, discuss at least three Windows 10 features that you believe will provide the most benefit to the organization’s computer security posture.

Upgrade plan

  • Recommend a version of Windows 10 for the upgrade. Explain the reason for your choice.
  • Which install method(s) will be used for the upgrade? Explain why.
  • Discuss at least two automated deployment options discussed in Lesson 1 that you think would be appropriate for the deployment. Include analysis of the pros and cons of each method.
  • How will you address concerns that the client has about how end users will be affected by the upgrade?

 Strategy for keeping the operating system updated

  • Explain the importance of keeping systems updated. This should include benefits associated with performance and security. Referencing the firm’s past security breaches will help you articulate your reasoning.
  • Propose a strategy that will keep operating systems updated. Keep in mind that this is going to require some downtime for each workstation.

Analyze the malware field(s) in accordance with the instructions in the box below. Conduct a static analysis of the files. Report the procedures you used and the results. Identify potential civil or criminal problems created by the use of malware.

Malware Forensics

Begin Project 2
In the prior project, you used network forensics to write an incident report detailing how you captured, recorded, and analyzed events that occurred on a network. Based on this analysis, you determined that there has been a breach of the network.

Gathering this information is only the first step. Next, you must use the network forensic evidence you gathered to understand how the attack was conducted to better understand exactly what took place during the attack. There are several ways to identify the source of attacks. One of the challenges with network forensics is making sense of the data, which often comes from multiple sources, not to mention the fact that incidents of interest may occur at different times.

In this project, you will analyze suspicious software in a virtualized environment to determine whether the code is in fact malware.

The final report will summarize how you used your knowledge and skills in malware forensics to analyze the attack and determine what occurred and when. It will also offer recommendations on ways to improve the organization’s defense posture and response.

Step 1: Collect Evidence From the Forensic Image
As you learned in your exploration of digital forensic response and analysis, one way to analyze the data is by visual analysis, which allows assimilation of information from a variety of sources for inspection in ways that is possible only with this integration.

Often in visual analysis, computing power is used to to process raw data into graphics, which are meant to reveal patterns or relationships in the data when viewed by a human. This raw data can include logs and records that have different formats, as well as media files.

Filtering and linkage techniques, as well as the use of a timeline, can provide a more complete picture of a situation that may be difficult or impossible to conceptualize without visual analysis techniques. In determining next steps, you recall that effective analysis of data includes metrics based on pattern-matching algorithms. By comparison, other techniques like statistical analysis rely primarily on numerical measures derived from the data and incorporated into tree maps.

Graphics produced for visual analysis may rely on color, shape, size, location, and relationships to represent aspects of the underlying data. Visual analysis for data analytics should not be confused with visual analysis for artwork, which is the study of the formal elements and other aspects of a work of art.

Visual analysis is one technique used in digital forensics for analysis. For the current investigation, though, you first need to determine what you are dealing with. Is it malware?

After reviewing the network attack and the possible approach taken by the attacker, you suspect malware was used. Integrating reverse engineering techniques with malware analysis techniques can shed light on network vulnerabilities and how malware code executed. These malware analysis tools and environment are run on a live network, or, preferably, on captured network traffic, as in this particular incident.

You know from the recent meeting with your boss that Special Agent Michael Jones of the UMGC Investigation Bureau imaged the compromised host disk and made a working copy of the image files. The evidence was checked into the evidence room and all examinations were conducted on the working copy.

You will use your VM lab tools to analyze the suspect image for malware. In the VM lab, you will investigate the back door, indicators, hidden rootkit, and file systems. As you work through this analysis, keep in mind malware trends, including malware obfuscation and other techniques used to protect malware.

Step 2: Analyze Evidence Collected from Image and Write Lab Report
In the previous step, you conducted an analysis of a network attack using EnCase with the compromised host disk image. Now, you will report on the results of the lab exercise and document following the Guidelines for Digital Forensics Examiner Reports, but this time, you will apply these guidelines using the UMGC Digital Evidence Forensic Report Template. See an example of this template in use. As you progress in your career, you will probably use many different templates; this is a chance to build that skill.

Keep in mind that you will incorporate this lab report into the Final Incident Response Report for the last step.

This comprehensive report will provide Yvonne and other leaders in the organization with an understanding of how this particular attack happened and what exposures were compromised. They will need an overview of how the organization’s security team responds to security incidents. Use screenshots and other communication techniques to convey technical concepts to a less tech-oriented audience.

Step 3: Analyze Malware
Your analysis in EnCase indicates that malware was indeed used in the attack. With this in mind, the next step is to determine the source of the malware. As a digital forensics investigator, you know that email is one of the most prevalent methods for transporting malware into and throughout a network infrastructure.

Special Agent Jones thinks he has tracked the malware down to a foreign national graduate student from Florida East-Central University. SA Jones indicated that he has probable cause to believe the software was being used for illegal purposes. He provided Yvonne with two files recovered from the student’s computer for analysis, and they are relying upon our knowledge and skills to identify specifically what the software does and how it works.

Analyze the malware field(s) in accordance with the instructions in the box below. Conduct a static analysis of the files. Report the procedures you used and the results. Identify potential civil or criminal problems created by the use of malware.

You are to conduct your analysis using a virtual machine (VM) only. Do not download the file to any computer, as it may contain malware. Whenever you analyze malware, make sure the computer or VM you use is set to host-only based network after you download the file to your VM. This is good incident response and forensic practice, as you do not know what the software will do once executed.

Step 4: Evaluate Malware Analysis Results and Write Lab Report
As you did with the first lab, after you’ve conducted your analysis, write up your findings by applying Guidelines for Digital Forensics Examiner Reports to the UMGC Digital Evidence Forensic Report Template. Keep in mind that your report should include screenshots and analysis of the malware file.

Once you have completed this write-up, submit it to get feedback after reading the instructions below.

You have completed your lab investigations and collected the information you need. It is time to write the Final Incident Response Report for your organization’s leaders, network administrators, and security operations team.

What is information and data cleansing? Describe common data items that require cleansing. Identify why information cleansing is critical to Ben & Jerry, California Pizza Kitchen, and Noodles & Company business intelligence tool’s success.

Data Cleansing

Answer the three questions below:

1. What is information and data cleansing?

2. Describe common data items that require cleansing.

3. Identify why information cleansing is critical to Ben & Jerry, California Pizza Kitchen, and Noodles & Company business intelligence tool’s success.

Instructions: Read and use the attached Mining the Data Warehouse document on the three companies, research the Internet and use three internet references to address all questions. Use the attached rubric as a guide.

Discuss whether Raymond James Bank can be a peer comparable to BankUnited. Compare the results of Raymond James Bank with those of BankUnited. Discuss the implications of the peer bank analysis for BankUnited.

Commercial Banking Assignment 1

DuPont analysis is an analytical tool created for evaluating a firm’s internal efficiency with regard to its performance and financial condition. We have already conducted the analysis for BankUnited. To better understand the adequacy of the level of its (in)efficiencies, we should implement a peer group comparison.

For simplicity, we picked one bank, Raymond James Bank as its peer.

1. Discuss whether Raymond James Bank can be a peer comparable to BankUnited.

2. Conduct a DuPont analysis for Raymond James Bank.

3. Compare the results of Raymond James Bank with those of BankUnited.

4. Discuss the implications of the peer bank analysis for BankUnited.

Identify the basic components of the information system: hardware, software, data, processes, and people, and how these components are used to support strategic decision making.

Project Presentation

The Class Project is the most significant assignment in this course, Concepts and Applications of Information Technology. As such, it accounts for 40% of the course points. This assignment is comprised of two deliverables; a SWOT Analysis and a Presentation. The SWOT Analysis is due in Week 4 (worth 15% of course grade), and the Presentation is due in Week 8 (worth 25% of course grade).

This assignment gives you the opportunity to demonstrate your ability to research, evaluate, and describe business strategy focused on information technology tools and services. This assignment specifically addresses the following course outcomes:

Identify the basic components of the information system: hardware, software, data, processes, and people, and how these components are used to support strategic decision making.

Apply information technology tools for research, data gathering and information analysis, problemsolving, decisionmaking, and communicating information that aligns with business needs and objectives.

How long do you expect the project to take? Will the chatbot be rolled out for the whole business at once, or will it be piloted for a small group first? If your business is large, will it be rolled out for specific regions or certain product lines? Will certain features be rolled out first and other features implemented later?

Chatbot project

The president of Southwest Airlines has hired you to manage a new project to implement chatbots like the ones shown in the links below, associated with this assignment. You can decide exactly what the chatbot will do. Put together a high-level implementation plan and operational policies for this chatbot project. The plan should describe the business goals, the scope of the effort, the timeframe for the implementation, what resources are needed for the project. Please explain how the new chatbot will be used by your business and customers. You should also analyze the risk factors of using chatbots (e.g., deteriorated morale among customer service representatives, poor service for customers) and how those risk factors can be mitigated. In the operational policies, you should describe when people will use chatbots and what other options will be available. For instance, will a chatbot be the required first stop for all customers, or one of many mechanisms for customers to interact with your business? Will “preferred” customers have additional service options? If so, describe the process for identifying “preferred” customers.

This paper must follow the formatting guidelines in The Publication Manual of the American Psychological Association [APA Manual] (2020), (7th ed.) using Times New Roman 12-point font. Remember to support your statements, including opinions, with factual information (i.e., attribution/citations). The paper is essentially an research driven, executive summary and, as the minimum, must contain:

A title page (see Figure 2.2 in the APA Manual)
Three to five pages of text-based content
At least, one paragraph for each bulleted item below. (A paragraph in academic writing normally has at least three sentences: beginning, middle, and end.)

One or more reference pages
Links for your business and the competitor in a separate section on the reference page (do not include the links in the reference list)

Business Goals – What is the business strategy and how does the chatbot fit with the strategy? How does this project potentially give the business a competitive advantage?

Scope of Project – What is the chatbot expected to do? What is out of scope for this project, meaning what will the chatbot not do? (For instance, the chatbot might document a customer’s problem, but notify the technical service group to actually solve the problem.) Will the chatbot be targeted at all customers, or a specific subset? How many people in your business are expected to interact with the chatbot? Will your bot be English only or multilingual? Will the chatbot use text or voice recognition or both?

Project Timeframe – How long do you expect the project to take? Will the chatbot be rolled out for the whole business at once, or will it be piloted for a small group first? If your business is large, will it be rolled out for specific regions or certain product lines? Will certain features be rolled out first and other features implemented later?

Implementation Resources – Who will implement the chatbot? Will company resources or outside resources by required? If training is needed, who will do that?

Expected Benefits – What specific benefits, such as increased sales, improved product quality, higher customer satisfaction, reduced costs, do you expect? How is the chatbot expected to deliver those benefits? What is the timeframe for achieving the benefits? How will this system give your business a competitive advantage?

Communication Plan – What groups in the business need to be informed about the progress of the project? How will each group receive updates, e.g. weekly meetings, newsletter, emails, webinars, project website, etc.?

Risk Analysis – What could go wrong with the chatbot project? How will you avoid or minimize those risks?

Operational Policies – What will be the terms of service for use of the chatbot once it is implemented? Who can access the chatbot data? How will customer information in the chatbot be secured to protect the privacy of the customer?

Critical Success Factors – What criteria will you use to judge the success or failure of this project? How are the critical success factors for this project tied to the business strategy and business goals?

Links to videos on Chatbot:

Analyze the role of artificial intelligence (AI) in overcoming the challenges associated with international trade and marketing.

Role of artificial intelligence (AI)

Analyze the role of artificial intelligence (AI) in overcoming the challenges associated with international trade and marketing.

Demonstrate a critical understanding of the tools and techniques to support database development. Justify the design and development of the application and critically evaluate the implementation and approach.

Database implementation

Assignment Brief

As part of the formal assessment for the programme you are required to submit a Database Implementation assignment. Refer to your Student Handbook for full details of the programme assessment scheme and general information on preparing and submitting assignments.

Learning Outcomes:
After completing the module you should be able to:

1. Demonstrate a critical understanding of the tools and techniques to support database development.

2. Justify the design and development of the application and critically evaluate the implementation and approach.

3. Design and implement a database system meeting the needs of both the user and the client.

4. Develop appropriate SQL statements in order to efficiently create, manage and interrogate data within the database application.

5. Use appropriate database development techniques to solve loosely defined problems.

Discuss the key features of the epidemic that you can derive from the epidemic curve (epi curve). Describe in terms of person, time, and place, where possible. Discuss the differences in attack rates for the Texas and Arkansas counties, for rural versus urban children, and for preschool versus school-age children.

Measles- The Outbreak Case Study (Part 3)

Introduction:
This case study is based on an investigation by Philip Landrigan, EIS ’70. The investigation is described in: Landrigan PJ. Epidemic measles in a divided city. JAMA 1972; 221: 567570.

This case study was original developed by Philip Landrigan, Lyle Conrad and John Witte in 1971. The current version was updated by Richard Dicker in 2001 and 2003.

Part III
Between June 1970 and January 1971, 633 cases of measles were reported from Texarkana. Dates of onset were
accurately determined for 535 cases. The epidemic curve is shown below.

Though infants, adolescents, and adults were involved in the epidemic, the majority of cases occurred in children 1 to 9
years of age. Measles cases were not evenly distributed within the two counties. Table 1 displays the number of measles
cases and population by age group for Bowie County, Texas and in Miller County, Arkansas.
Table 1. Number of measles cases and population (1960 census) by age group and county, Texarkana outbreak, 1970
Residence Urban/Rural Age Group # Cases Population Rate

Directions:
Measles is the theme of this Case Study. Answer the questions listed for part 3 (below) using APA citation and
formatting in a 3page paper after reading the material and using the resources provided. Use references as appropriate
to answer the questions fully. Remember to cite all sources. Use professional references (not common websites),
cite the reference where used in the narrative, and use correct reference formatting.

Answer the following questions with responses:

Question 6: Discuss the key features of the epidemic that you can derive from the epidemic curve (epi curve).
Describe in terms of person, time, and place, where possible.

Question 7: Calculate the totals and attack rates indicated in Table 1.

Question 8: Discuss the differences in attack rates for the Texas and Arkansas counties, for rural versus urban
children, and for preschool versus schoolage children.