ISSC363 Cloud Security and Their Associated Risks Discussion Response Writing Assignment Help. ISSC363 Cloud Security and Their Associated Risks Discussion Response Writing Assignment Help.
(/0x4*br />
Need to respond to two student discussions with at least 150 words minimum for each response. Below in the bold are the questions the students are responding to.
Please Read the following articles on Cloud Security and their Associated Risks:
Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009, November). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security(pp. 97-102). ACM.
Fogarty, K. (2012, August 10). The biggest cloud computing security risk is impossible to eliminate. Retrieved from http://www.networkcomputing.com/security/the-bigge…
Kinsella, J. (2012, September 26). 5 (more) key cloud security issues. Retrieved from http://www.csoonline.com/article/717307/5-more-key…
Then, discuss with your classmates why Cloud Security is different from that of traditional network architectures and what you think the future holds for Cloud Security and it’s adoption rate with company’s. What are some technologies and solutions that can be used to reduce risk for the “Cloud” or “Cloud Data” .
Student one:
Hi Everyone,
Cloud security does differ from traditional network architectures and here is why. Cloud computing can be said to be the next generation of storage of information, from your home office or work station. Cloud storage system allows you to access whatever information you store on your account from anywhere you have network access. This feature makes the cloud storage a very valuable thing because you can basically put personal files on the cloud network and have the ease of be able to pull them right up. Cloud storage will allow pretty much anything you can store on your main computer on to the cloud network, so your home movies can be as simple as logging in to your account and clicking their icon. As far as the security for cloud storage it would seem to be very behind in that factor, or it is just the victim of more and more attacks and because it is still very new they might need to fix some back doors they might have left in the programming. This is common for a new and big feature specially the fact that people are so willing to put so much valuable information on to their cloud storage which makes it more of a target for people to get in and get all the information they can. We all know by this time in the class it really does not matter what you do for protection on something that is on a network if someone really wants in to it sooner or later they will gain access to the network and take whatever they can all we can do is be ready for the attack.
Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009, November). Cloud security is not (just) virtualization security: a short paper. In Proceedings of the 2009 ACM workshop on Cloud computing security(pp. 97-102). ACM.
Fogarty, K. (2012, August 10). The biggest cloud computing security risk is impossible to eliminate. Retrieved from http://www.networkcomputing.com/security/the-biggest-cloud-computing-security-ris/240005337
Kinsella, J. (2012, September 26). 5 (more) key cloud security issues. Retrieved from http://www.csoonline.com/article/717307/5-more-key-cloud-security-issues
-Micheal B
Student two:
More organizations and businesses are turning towards cloud computing as technology advancement and IT security progresses. Cloud computing makes it easier for businesses and organizations of all sizes to enjoy the benefits of storage, servers, databases, networking, intelligence, analytics, and software products over the Internet with flexible resources, innovation, and economies of scale (Microsoft Azure, 2019). A good reason that more businesses are moving towards cloud computing is due to the reduce operating costs since you pay only for the services you use and it can be scalable as the business grows. Another excellent reason to utilize these services is that vendors such as Amazon Web Services (AWS), Microsoft Azure, and Oracle offer their specialization within the IT industry to include the security of it.
Cloud security typically offers a third-party data center, quickly scalable, efficient resource utilization, low upfront infrastructure investment, less visibility and control over your own data environment and is reliant on the service provider for security controls. The cloud environment changes the way how a business’s access and store their data. These businesses would have to use application programming interfaces (APIs), which allows the devices and servers to communicate with the cloud servers. Since, there is a reduce visibility and control over the data environment, it is critical to understand the vendor’s service IT security controls and plan. Traditional IT security on the other hand has in-house data centers, slow scaling, higher upfront costs, and provides greater control and visibility over your own data environment. According to Kinsella (2012), internal clouds are not inherently secure, companies lack security visibility and risk awareness, sensitive information needs safer storage, applications aren’t secure, and authentication and authorization must be more robust. I do believe that vendors such as Amazon, Microsoft, Oracle, and Google have invested heavily over the last several years in the IT infrastructure and cloud computing services they provide. A solution to help reduces cloud computing for businesses is to ensure their employees are properly trained and educated with the cloud service platform. Ensure that there is some type of data backup plan established in order to minimize business operations. Establish a strong password requirement such as upper/lower case, special characters, numbers, and a 60- or 90-days password change. Selecting a vendor that offers quality encryption and uses end-to-end encryption when transmitting data. For in-house IT infrastructure, ensuring all the software and hardware has the latest security patches and updates to mitigate any potential vulnerabilities. Conducting routine penetration testing is critical of the IT infrastructure for vulnerabilities and risks. The business should adopt a zero trust security model where it requires every user, system or device outside or inside to be verified and validated before connecting to their system (Harpham, 2018). Providing rights and privileges in line with individuals job function and requirements and auditing this control routinely.
Harpham, B. (2018, May 22). 7 risk mitigation strategies for the cloud. Retrieved April 4, 2019, from https://www.cio.com/article/3273707/7-risk-mitigat…
Microsoft Azure. (2019). What is cloud computing?. Retrieved April 4, 2019, from https://azure.microsoft.com/en-us/overview/what-is…
-Frank
ISSC363 Cloud Security and Their Associated Risks Discussion Response Writing Assignment Help[supanova_question]
White House Law and Justice Issues Paper Writing Assignment Help
- Develop a brief overview (i.e., no more than one [1] paragraph) of the selected issue.
- Recommend one (1) type of public policy out of the four (4) mentioned within the text and develop a reasoning as to why this policy supports the issue that you have selected. Provide a rationale for your response.
- Suggest two (2) policy modifications that may positively impact and two (2) policy modifications that may negatively impact the outcomes for the issue that you have selected. Provide a rationale for your response. Note: In this question, you are recommending change to the public policy in Question #2 and how the changes will impact the selected issue.
- Suggest three (3) methods by which the Constitution—specifically the powers of Congress— addresses the role of government within business administration overall for your selected issue. Provide a rationale to support your response. Note: In this question, you are evaluating the relationship between government and business of the selected issue. Focus on the role(s) the government and businesses play in supporting and / or negating the selected issue.
- Include at least four (4) peer-reviewed references (no more than five [5] years old) from material outside the textbook. Note:Appropriate peer-reviewed references include scholarly articles and governmental Websites.. Wikipedia, other wikis, and any other Websites ending in anything other than “.gov” do not qualify as peer-reviewed.
When writing the paper, use the outline headings below that correspond to sections of the paper:
- White House Issue (for Question 1)
- Public Policy (for Question 2)
- Policy Modification (for Question 3)
- The Constitution (for Question 4)
- References (for Question 5)
My White House issue is Law & Justice
https://www.whitehouse.gov/issues/law-justice/
[supanova_question]
ISSC362 Phases of Incident Process Containment Discussion Response Writing Assignment Help
Need to respond to two student discussions with at least 150 words minimum for each response. Below in the bold are the questions the students are responding to.
For this week’s post please utilize the items described in the lesson/resources or research conducted on the web to ensure your post contains the following;
- Consider the phases of incident response listed below. They follow a certain order, but which one(s) do you consider to be the most crucial to the process and why?
- Incident Identification
- Triage
- Containment
- Investigation
- Analysis and Tracking
- Recovery and Repair
- Debriefing and feedback
Student one:Each of the seven phases of incident response has its own purpose and meaning, but arguably, each one also has its own specific value. Their order reflects the logical process by which an incident would be handled, that is to say, you cant perform an investigation prior to identifying the incident, and just the same, you cant recover and repair until you performed an investigation; not really at least.That said, recovery and repair, from an individual business perspective, is probably the most important. For the vast majority of businesses, having a positive revenue is one of the top, if not the top goals. There will of course be other goals such as innovation and consumer awareness and whatnot, but a business cant stay afloat if its always in the red, and investors typically dont want to put their money into a business thats just going to lose it.From an IT or global, if you will, standpoint, I’d say the debriefing and feedback is the most important step. Why? Because everyone wants to know, what happened, how it happened, and how to stop it. For example, zero-day exploits are considered extremely valuable/dangerous. If a software developer never gets feedback on a zero-day exploit so that they can patch their software and defend against it, how can they then defend against it? How will any one of the 10s, 100s, or 1000s, of businesses using that software be able to stop it? Could it be found by someone else? Absolutely, but there is no telling the amount of time in between, and how many times this exploit could be used, and on how many systems it could be used on.So, as noted above, I think perspective plays a huge role in how important each step is, or which step is most important. They each have their own place and purpose, but who you are looking in determines how important each one is to you.-Frank
Student two:There is no doubt about the importance and relevance of each of the phases of the incident response process covered in this week’s lesson. Arguably, incident identification is a crucial process of the seven steps undertaken by an incident response team because it is the sequential step needed to conduct the remaining phases of the response framework. While the seven phases are synergistic with each other, it is my opinion that the most crucial phase within the incident response framework is the debriefing and feedback portion of the response effort. It is the foundation in which the incident response phases are built upon and without this crucial phase, there would be a lack of real progress and implementation of new tactics and techniques by incident response personnel. As it is currently stated, the debriefing and feedback phase (similar to an after-action review) looks at obtaining feedback from everyone involved so that you can determine the reasoning behind the outcome of the incident. This is done by determining what went wrong, what was done right, and how to improve based on that information gathered. It is my belief that this process led to how the phases of incident response came to be, by learning from those mistakes and improving upon the current system of things so that each of the other phases is executed in a better way. This is how teams and organizations become better through the implementation of the feedback gained through a formal debriefing process. What is also good about this phase is the sharing of information among collaborative parties to build upon working relations and partnerships that continually lead to an improvement in security infrastructure, be it virtual or physical in nature. While it is true many organizations will attempt to keep security incidents at a need to know level, the critical information gained from the incident can lead to protective measures for other organizations that prevent needless crime.~Lucas
[supanova_question]
The Americas Pre Columbian Societies and Ritual Sacrifice Discussion Writing Assignment Help
Unit 8 Discussion: The Americas
Step 1:
Imagine that you are from Teotihuacan, Tenochtitlan, OR Cuzco at its height. Write a guidebook entry to attract visitors to your chosen city. Steer away from misleading characterizations of pre-Columbian societies and ritual sacrifice. Give us a brief introduction to the city (include a hypothetical date) and highlight some of your city’s attractions. Tell potential visitors what they can do, what they can see, and what they can learn about the culture. Use the sources below (not outside sources) and your textbook to gather information. Please cite your sources in the text of your guidebook entry AND at the bottom of your post in a bibliography.
Step 2: Respond to the posts of TWO of your classmates. In your response, act as if you have already visited the city your classmate advertised. Did the city live up to the hype? What were the great things about the city? Were there any things you were confused about or didn’t like? Again, be sure to steer away from misleading characterizations of pre-Columbian societies and ritual sacrifice. Please cite your sources in the text of each response post AND at the bottom of each of your response posts in a bibliography.
Sources for Teotihuacan:
- “Pre-Hispanic City of Teotihuacan”
- “A Secret Tunnel Found in Mexico May Finally Solve the Mysteries of Teotihuacán”
- “Teotihuacan,” (Metropolitan Museum of Art, Heilbrunn Timeline of Art History)
- “Teotihuacan,” (Ancient History Encyclopedia)
- “Teotihuacan,” (Universe in Universe)
OR
Sources for Tenochtitlan:
- “Tenochtitlan,” (Metropolitan Museum of Art, Hilbrunn Timeline of Art History)
- “Templo Mayor at Tenochtitlan,” (Khan Academy)
- “Tenochtitlan/Emperors of the Aztecs/Mexica,” (Kessler Associates)
- “Cortes Describes Tenochtitlan,” (American Historical Association)
- “Imperial city of the Aztecs: Mexico-Tenochtitlan” (Common place)
OR
Sources for Cuzco:
[supanova_question]
ISSC363 Difference Between Types of VPNs & Remote Access Applications Discussion Writing Assignment Help
Need to respond to two student discussions with at least 150 words minimum for each response. Below in the bold are the questions the students are responding to.
Questions:
(1)Research the different types of VPNs and other relevant remote access applications
(2)Discuss what they are and some common techniques used to try and subvert their security.
Student one:
VPN’s has expanded many allowed many types of businesses to expand there hours and personnel.This development has been achieved by way use of various types of VPN’s.Client Based VPN’s use a layer 2 tunneling protocol along with IPSEC to provide a user with a secure tunnel in which to conduct their needs over a secure connection.The intention of a Client based VPN is to extend the corporate network but, in a user, friendly way which gives a user the feel of the corporate network.The user will be greeted with simple prompts in which they are required to enter a password to pass the authentication and grant access.This is the point that many VPN’s will perform simple checks which can check for proper versions of virus scans and system patches.This is where the initial check is done to decide whether to allo or deny access based on these criteria.A second type would ne network-based VPN’s.These VPN’s are for connecting trusted networks over a non-trusted network.This would be a scenario in which the untrusted network would be the internet in which as we all now is an area of computing that requires the most attention and security from.There are three that comprise the grouping of network based.The three are IP Sec Tunnels, Dynamic Multipoint VPN and MPLS based L3 VPNs.The most basic and easy to implement is the IP SEC Tunnel which can be setup on the most common routers that are in use.Dynamic Multipoint VPN takes the concept of IPSEC and combines it into a mesh model in which expands the entry point which a authenticated user can take to enter the network.The gives users a higher level of available authenticated networks in which to choose and remain connected on.MPLS or Multi Protocol Label switched network acts as a WAN connection but within the corporate network without the need of costly WAN line.
All software-based solutions are vulnerable to intrusions and security is tested and each moment while connected or attempting to connect.WEP is a simple protocol and one that when developed enhanced the entire computing experience but a with most advances there needs to be a balance created which disclosed the vulnerability to manipulate the WEP which was created for the 802.11 protocol. There are attacks that are designed to capture the traffic during transmission. This led to the development of WEP-2 which user strengthened AES (Advanced Encryption Standards) to protect sessions and client data.
References:
https://www.auvik.com/franklymsp/blog/types-vpns/
https://www.howtogeek.com/167783/htg-explains-the-…
-Anthony C
Student two:
VPN is a Virtual Private Network that allows a user to connect to a private network over the Internet securely and privately. VPN creates an encrypted connection, known as VPN tunnel, and all Internet traffic and communication is passed through this secure tunnel. Thus, keeping the user data secure and private. The Basic VPN types which are explained below.
Remote Access VPN
Remote access VPN allows a user to connect to a private network and access its services and resources remotely. The connection between the user and the private network happens through the Internet and the connection is secure and private. Remote Access VPN is useful for business users as well as home users.
A corporate employee, while traveling, uses a VPN to connect to his/her company’s private network and remotely access files and resources on the private network. Home users, or private users of VPN, primarily use VPN services to bypass regional restrictions on the Internet and access blocked websites. Users conscious of Internet security also use VPN services to enhance their Internet security and privacy.
Site-to-Site VPN
A Site-to-Site VPN is also called as Router-to-Router VPN and is mostly used in the corporates. Companies, with offices in different geographical locations, use Site-to-site VPN to connect the network of one office location to the network at another office location. When multiple offices of the same company are connected using Site-to-Site VPN type, it is called as Intranet based VPN. When companies use Site-to-site VPN type to connect to the office of another company, it is called as Extranet based VPN. Since Site-to-site VPN is based on Router-to-Router communication, in this VPN type one router acts as a VPN Client and another router as a VPN Server Technology Options: IPsec and SSL VPNs
There are two primary methods for deploying remote-access VPNs: IP Security (IPsec) and Secure Sockets Layer (SSL).
SSL-based VPNs provide remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption. SSL VPNs provide two different types of access: clientless and full network access. Clientless access requires no specialized VPN software on the user desktop.
IPsec-based VPNs are the deployment-proven remote-access technology used by most organizations today. IPsec VPN connections are established using pre-installed VPN client software on the user desktop, thus focusing it primarily on company-managed desktops. IPsec is a widely deployed technology that is well-understood by end users and has established IT deployment support processes.
VPNs and some common techniques used to subvert VPN Security are based on different VPN security protocols. Each of these VPN protocols offer different features and levels of security. Internet Protocol Security or IPsec: Internet Protocol Security or IPsec is used to secure Internet communication across an IP network. Layer 2 Tunneling Protocol (L2TP): L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another VPN security protocol like IPsec to create a highly secure VPN connection Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where the web browser acts as the client and user access is restricted to specific applications instead of entire network. Secure Shell (SSH): Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also ensures that the tunnel is encrypted. OpenVPN: is an open source VPN that is useful for creating Point-to-Point and Site-to-Site connections. It uses a custom security protocol based on SSL and TLS protocol.
Reference
“Types of VPN and Types of VPN Protocols.” VPN One Click, www.vpnoneclick.com/types-of-vpn-and-types-of-vpn-protocols/.
“Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations.” Cisco, 2 Aug. 2017, www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/prod_white_paper0900aecd804fb79a.html.
-Dam
[supanova_question]
[supanova_question]
CIS333 Strayer University Communicating a New Security Strategy Assignment Writing Assignment Help
As an IT professional, you’ll often be required to communicate policies, standards, and practices in the workplace. For this assignment, you’ll practice this important task by taking on the role of an IT professional charged with creating a memo to communicate your company’s new security strategy.
The specific course learning outcomes associated with this assignment are:
Preparation
1. Review the essential elements of a security strategy
A successful IT administration strategy requires the continuous enforcement of policies, standards, and practices (procedures) within the organization. Review these elements to see how they compare:
Analyze the importance of network architecture to security operations.
Apply information security standards to real-world implementation.
Communicate how problem-solving concepts are applied in a business environment.
- Use information resources to research issues in information systems security.
- Write clearly about network security topics using proper writing mechanics and business formats.
Policy Standards
Practices
The general statements that direct the organization’s internal and externalcommunication and goals.
Describe the requirements of a given activity related to the policy. They are more detailed and specific than policies. In effect, standards are rules that evaluate the quality of the activity. For example, standards define the structure of the password and the numbers, letters, and special characters that must be used in order to create a password.
The written instructions that describe a series of steps to be followed during the performance of a given activity. Practices must support and enhance the work environment. Also referred to as procedures.
2. Describe the business environment
You are the IT professional in charge of security for a company that has recently opened within a shopping mall. Describe the current IT environment at this business. You can draw details from a company you work for now or for which you have worked in the past. You’ll need to get creative and identify the details about this business that will influence the policies you’ll create. For example, does thecompany allow cell phone email apps? Does the company allow web mail? If so, how will this affect the mobile computing policy? Describe all the details about this business environment that will be necessary to support your strategy.
3. Research sample policies
Familiarize yourself with various templates and sample policies used in the IT field. Do not just copyanother company’s security policy, but rather learn from the best practices of other companies and applythem to yours. Use these resources to help structure your policies:
- ● Information Security Policy Templates
- ● Sample Data Security Policies
- ● Additional Examples and TipsInstructionsWith the description of the business environment (the fictional company that has opened in a shopping mall) in mind and your policy review and research complete, create a new security strategy in the format of a company memo (no less than three to five pages) in which you do the following:
- Describe the business environment and identify the risk and reasoningProvide a brief description of all the important areas of the business environment that you’vediscovered in your research. Be sure to identify the reasons that prompted the need to create a security policy.
- Assemble a security policyAssemble a security policy or policies for this business. Using the memo outline as a guide, collect industry-specific and quality best practices. In your own words, formulate your fictionalcompany’s security policy or policies. You may use online resources, the Strayer Library, or other industry-related resources such as the National Security Agency (NSA) and Network World. In a few brief sentences, provide specific information on how your policy will support the business’ goal.
- Develop standardsDevelop the standards that will describe the requirements of a given activity related to the policy. Standards are the in-depth details of the security policy or policies for a business.
- Develop practicesDevelop the practices that will be used to ensure the business enforces what is stated in the security policy or policies and standards.
Format your assignment according to the following formatting requirements:
• This course requires use of Strayer Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details. Review this resource to learn more about the important features of business writing: The One Unbreakable Rule in Business Writing.
- ● You may use the provided memo outline as a guide for this assignment, or you may use your own. Get creative and be original! (You should not just copy a memo from another source.) Adapt the strategy you create to your “company” specifically. In the workplace, it will be important to usecompany standard documents for this type of communication.
- ● Do not cut and paste someone else’s strategy. Plagiarism detection software will be used toevaluate your submissions.
CIS333 Strayer University Communicating a New Security Strategy Assignment Writing Assignment Help[supanova_question]
MAE331 West Virginia Underwater Bullets Issue in Fluid Mechanics Paper Engineering Assignment Help
This will be on an 8.5×11 page, single space, Times New Roman, 12 pt, 1” margin. You likely
will want to include a graph, photo or image in your document (or several). You have a 3-
page limit as the MAX which also includes any references. I recommend submitting as a pdf,
but make sure to check the pdf file before submission. Make sure to list ALL references
used to develop this summary. Note I will be using the “Turn-It-In” software for
submission.
You will develop a 2-3 page overview of a contemporary issue in fluid mechanics. This
could focus on a current research topic in fluids or a more applied topic, but either way, it must be a contemporary issue (work performed and/or published within the last 5 years).
Several examples would include: fluid mechanics in a microgravity environment, the skirts
that we are now seeing on many semi’s for drag reduction, person that broke sound barrier
while skydiving, bullets that are designed to be shot underwater, etc. Look for any current
research topic in fluid mechanics or a topic that industry is pursing in the area of fluids
(remember that fluids includes both gases and liquids).
Traditional Approach
To find a topic of interest and that fits the project criteria, you would look at journal
publications, conference proceedings, science articles, research web sites, etc. (could also
be magazine article as long as it is technical in nature) to find a contemporary topic in fluid
mechanics. Remember this can be basic research or more applied work.
Social Media Generation Approach
As an option to the more traditional approach, you can also look at Youtube for inspiration.
You can search Youtube that has a video that demonstrates a contemporary issue in fluid
mechanics and develop your overview based on this video. For example, there is a video we
have used from Youtube that describes a knife-proof vest that makes use of a shearthickening non-Newtonian fluid. Non-Newtonian fluid understanding has been around for a
long time, but applying this concept to a knife-proof vest is definitely contemporary.
Either approach to a topic listed above is fine – your choice; still needs to be
contemporary – within the last 5 years
If you have a question on whether a topic is appropriate, please contact me.
If you select a broad topic, your review has to FOCUS on the fluid mechanics aspect
You are encouraged to include a figure, graph or image (or multiple) to help your
overview; just make sure you reference these items.
You need to include a References section at the end to document any references
used to develop your article (journal paper, web page, magazine article, etc)
[supanova_question]
Major Problems with Early Drug Use Prevention Programs Discussion Business Finance Assignment Help
300 words
One of the biggest problems with early drug use prevention programs is that they tend to be largely based on threatening or trying to scare young people. This is often done by adults who have experimented with drugs themselves with few dire consequences. Kids tend to be able to pick up on hypocrisy and exaggerations quickly and often tune out. Most older teens and young adults realize that if they try marijuana it is very unlikely they will end up strung out on heroin. They tend to try it or not try it for their own more rational reasons. Discuss your feelings on a more fact based and student centered approach.
[supanova_question]
HR501 Identification of Legal Issues and Laws Analysis Business Finance Assignment Help
Please address the 10 question sets below in the order in which they appear, using the number of the question set as a heading or inserting it into the first line of your response to that question set. Please cite your sources of information according to APA Style (Links to an external site.).
QUESTION SET ONE
The job application form for sales clerk positions at Dollar and Dime Stores, Inc. (DDS), a national retail chain, asks for date of high school graduation, contact information for all prior employers, arrest record information and proof of U.S. birth. Nicole, the new DDS Human Resources Manager, is worried that some aspects of the form could be problematical and is thinking about modifying it.
While she was trying to find time to work on the form, a problem popped up at the DDS Pittsburgh store, where Bob, a sales clerk, assaulted and seriously injured a customer. According to witnesses, when the customer questioned whether Bob had given her the correct change, Bob became enraged and walked around the service counter to physically confront her. Because there was no doubt that Bob was entirely in the wrong, he was immediately fired and banned from ever being reemployed by DDS. Nicole has since learned that DDS was aware of Bob’s history of violence when he was hired.
Today brought two new developments in the Bob saga. DDS received a demand letter from the customer’s attorney, seeking compensation for the customer’s injuries and reimbursement for her medical expenses. And DDS got an inquiry from a neighborhood grocery store, where Bob has apparently applied for a cashier position. Bob’s former supervisor is worried about a potentially violent reaction to a bad reference and has asked Nicole to give Bob a glowing review. Nicole’s inclined to do that, if only to avoid more problems.
Please analyze the legal issues presented by this fact pattern. Be sure to
- Identify each legal issue raised by the facts and identify by name the laws that govern those issues.
- Identify and describe the rule/test that a court would apply to each issue. If there is a relevant case in the textbook, please identify it, and briefly state how the court applied the test or rule in that case.
- Then apply the rule or test to the facts in this question set as to each issue that you’ve identified.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET TWO
Just as Nicole is finally settling in to work on the Dollar and Dime Stores (DDS) application form, two new problems demand her attention.
The first relates to Lucia, a sales clerk who’s been complaining for some time about an overly forward customer. Last week she told Nicole that he was getting increasingly nasty when Lucia declined to give him her personal contact info. Now, there’s a new wrinkle. Yesterday, he was apparently waiting for Lucia in the parking lot. When she exited the store after her shift, he was standing by the back door and tried to embrace and kiss her. Nicole had been hoping the problem would just go away and still wishes it would.
The second relates to Kim, a new clerk who works the late shift. She called Nicole to complain that her supervisor touches her unnecessarily and invades her personal space, for example, by giving her a hug every day when she arrives for work, patting her on the butt when she walks by, and standing really close to her whenever they have a conversation. Kim’s not asked him to back off because she’s nervous about raising the issue and wants Nicole to handle it. Nicole asked Kim whether she had used the DDS internal complaint procedure. Kim said that she has a copy of it, but doesn’t want to make a formal complaint or put anything in writing. Nor does Kim want anyone, including her supervisor or any other employees at the store, to know that she’s raised these issues because she preferred to stay friends with everyone.
Please respond to these questions related to Lucia:
- What, if anything, should Nicole do about Lucia’s complaints?
- Might Lucia have a legal claim against DDS?
- If so, identify the claim and the law on which it would be based, and describe what Lucia would have to prove in order to sustain the claim.
- Based on what we know, might she be able to do so? Explain your analysis based on our facts and the law.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
Please respond to these questions related to Kim:
- What, if anything, should Nicole do about Kim’s complaints?
- Might Kim have a legal claim against DDS?
- If so, identify the claim and the law on which it would be based, and describe what Kim would have to prove in order to sustain the claim.
- Based on what we know, might Kim be able to prevail on that claim? Explain your analysis based on our facts and the law.
- Assuming that Kim could make out a Title VII claim against DDS and based on the facts in Question Sets 1 and 2, what would be her maximum recovery, and what procedure would she have to use to pursue that claim?
- Assuming that Kim could make out a Title VII claim, is there a defense that DDS could raise?
- If so, identify the defense, describe what DDS would have to establish in order to sustain it, and analyze whether DDS would likely to prevail on that defense.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET THREE
Vegan Bread & More (VBM), founded in Brooklyn, New York, made its mark as a local vegan bakery. But thanks to a cash infusion from keen investors, it’s now a national operation, shipping a wide variety of products all over the US from its Spartanburg County, South Carolina facility, which employs 500 people. When VBM first set up the South Carolina operation, it simply hired the truck drivers it needed at that time. A couple of years ago, though, it decided to get out of the employer role. To accomplish that goal, it entered into a contract with a regional staffing agency, Carolina Alternative Staffing (CAS). Pursuant to that contract, VBM terminated all of its drivers; CAS hired them and then assigned the drivers to VBM, where they continued to perform the same work they had been doing. To VBM’s delight, the transition was seamless. Per the contract, CAS is the employer of record and handles all payroll and employment related reporting and paperwork. VBM sets each driver’s hours and routes, provides training, and closely supervises their work.
This year, VBM is experimenting with another staffing model. Inspired by Uberst and Lyftty, it’s now a party to half a dozen independent contractor driver agreements. Under the terms of those agreements, those drivers aren’t employees of either VBM or CAS. The drivers are paid a monthly flat fee, a sum based on VBM’s current monthly cost per driver, minus the fees paid to CAS. For operational reasons, the independent drivers drive VBM trucks and are supervised by VBM managers who assign their hours and routes. So far, this model has been a win-win. From VBM’s point of view, the independent contractor format enables VBM to avoid all employer-related problems and liability as well as eliminate the fees it used to pay CAS.
To further insulate VBM from the risk of any big money judgements, the independent contractor agreements also contain mandatory arbitration clauses, which require that drivers waive the right to file any VBM work-related claim in any federal, state or local agency, or court. The agreements require that any and all VBM work-related claims be pursued via the VBM grievance and arbitration procedure, which is the sole, final, binding, and exclusive remedy for any and all work-related disputes. The agreement requires that all claims be filed in person in VBM’s Brooklyn, New York business office within 24 hours of the alleged underlying incident, and that any claims not resolved in that office be submitted to an arbitrator designated by VBM.
Please analyze each legal issue presented by this fact pattern. Be sure to:
- Identify each legal issue raised by the facts, and identify by name the laws that govern those issues.
- Identify and describe the rule/test that a court would apply to each issue. If there is a relevant case in the textbook, please identify it, and briefly state how the court applied the test or rule in that case.
- Then apply the rule or test to the facts in this question set as to each issue that you’ve identified.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET FOUR
Vegan Bread & More (VBM) pays a $23,000 annual salary to Vanessa, the Administrative Assistant to the Director of Staffing and Operations at the South Carolina facility. Vanessa spends most of her work day handling email, other mail and packages; ordering supplies; answering the phone; filing; typing; and greeting visitors to the office. She also works on special events, like employee orientation and training. After reading some HR updates that arrived in the office, Vanessa was inspired to demand overtime pay for last week, when she worked over 60 hours on a big employee training project. But she was told that, because she’s salaried, she’s exempt and not entitled to anything over and above her salary.
Please analyze each legal issue presented by this fact pattern. Be sure to
- Identify each legal issue raised by the facts in this question set, and identify by name the laws that govern those issues.
- Identify and describe the rule/test that a court would apply to each issue. If there is a relevant case in the textbook, please identify it, and briefly state how the court applied the test or rule in that case.
- Then apply that rule or test to the facts in this question set as to each issue that you’ve identified.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET FIVE
Delcan, a Vegan Bread & More (VBM) baker who has never taken a sick day in his entire 10 years with the company, suffered serious burns while working. After being released from the hospital, where he was treated for a week, Delcan called VBM and applied for his accumulated 30 paid sick days (retroactive to the day that he was injured) and also requested FMLA leave until he was cleared to return to work.
Please respond to the following questions related to this fact pattern:
- What does an employee need to establish to be entitled to leave pursuant to the Family and Medical Leave Act?
- Using those factors and the facts that we know based on Question Sets 3, 4, and 5, analyze whether Declan is eligible for FMLA leave.
- Assuming that he is eligible, what is the maximum amount of FMLA leave that he could be entitled to?
- Assuming that he is eligible for FMLA leave, what are VBM’s obligations to Declan during that leave?
- Assuming that he is eligible for FMLA leave, how does that leave relate to his paid sick days?
- Assuming that he is eligible for FMLA leave, what are VBM’s obligations to Declan at the conclusion of his FMLA leave?
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET SIX
Now assume that Declan received FMLA leave and that he used all of his accumulated paid sick days, but on the eve of his scheduled return to work, he submitted a doctor’s note describing a newly diagnosed cardiac condition that requires him to be off work another month for treatment.
Please respond to the following questions related to this fact pattern:
- Is there a federal law that could give Declan the right to an additional month of leave?
- If so, identify the law, and describe what Declan would have to show to be entitled to that additional leave.
- Based on the facts set forth in Question Sets 3, 4, 5 and 6 and the law that you have identified, analyze whether Declan would be able to establish eligibility for that additional leave.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET SEVEN
Assume that Declan has reported back to work. Unfortunately, he returned with a medical work restriction that restricts him from lifting anything over 10 pounds. Declan says that he’s really sorry for causing so much trouble, but he just can’t do heavy lifting any more. He acknowledges that his job description requires the ability to repeatedly lift 20-pound trays during the course of a work shift, but asks that his restriction be accommodated.
Please analyze each legal issue presented by this fact pattern. Be sure to
- Identify the legal issues that this request raises and the federal law that governs VBM’s response to the request.
- What do you need to know in order to evaluate VBM’s obligation to honor the request?
- What should VBM do in response to this request? What are its rights and its obligations?
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET EIGHT
Meanwhile, back in VBM’s old Brooklyn, New York facility, where it still has about 100 employees, some of the hourly employees have been circulating a pamphlet about asbestos hazards and a petition for air quality testing. Apparently, the 1925 building where VBM operates is still heated with the original boilers and an extensive network of cast iron pipes and radiators. According to the pamphlets and the petition, that equipment is likely insulated with asbestos, which is known to cause malignant mesothelioma, a potentially deadly cancer.
Max, the Brooklyn plant manager, has heard that more than half of the employees have signed the petition and that they plan to submit it to him later this week. Since no one has taken ill so far, Max thinks the whole thing is ridiculous. In fact, he’s heard that if asbestos insulation is just left in place, it presents no serious hazard. The problem mainly arises when asbestos fibers are released into the air, which can occur during maintenance work. Since that doesn’t occur too often and none is planned, he wants to nip this workplace distraction in the bud. To that end, he intends to fire the employees who’ve been circulating the petition, prohibit any further discussion about the petition, and ban its distribution on VBM property.
Unbeknownst to him, the employees who are circulating the petition are trying to organize a massive walk out this Friday to protest the presence of asbestos in the building.
Please analyze each legal issue presented by this fact pattern. Be sure to
- Identify each legal issue raised by the facts and identify by name at least two federal laws that relate to those issues.
- Identify and describe the rule/test that a court would apply to each issue. If there is a relevant case in the textbook, please identify it, and briefly state how the court applied the test or rule in that case.
- Then apply the rule or test to the facts in this question set as to each issue that you’ve identified.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET NINE
VBM has decided to sell the Brooklyn facility to a developer who plans to convert the building into trendy and expensive condos. VBM plans to shut down the Brooklyn plant in two phases over the next 90 days. The first phase will impact bakery and shipping department employees, resulting in the permanent lay off of about 80 employees. In the second and last phase, VBM will permanently lay off the remaining 20 employees. News about the sale and planned condo conversion has spread like a wildfire throughout the plant.
Max knows there’s some employee related paperwork that he should be doing, but hasn’t figured out all of it yet. And he’s vaguely aware that he may have some obligations to the employees both before and after they are laid off. But there’s one thing that he knows for sure—to extinguish the possibility of future legal claims and make sure that this shutdown is final in every sense of the word, he wants to offer each employee some modest severance pay in exchange for a complete release and waiver of all claims and a noncompetition and nonsolicitation agreement. He also intends to offer some of the younger, go-getter employees the right to transfer to VBM’s South Carolina plant.
Please analyze each legal issue presented by this fact pattern. Be sure to
- Identify each legal issue raised by the facts, and identify by name the laws that govern those issues.
- Identify and describe the rule/test that a court would apply to each issue. If there is a relevant case in the textbook, please identify it, and briefly state how the court applied the test or rule in that case.
- Then apply the rule or test to the facts in this question set as to each issue that you’ve identified.
- If additional information would be helpful to your analysis, identify that information and how it would impact your analysis.
QUESTION SET TEN
In light of the labor and employment law that we have studied, what has been the most significant piece of knowledge that you will take away from this class?
[supanova_question]
ISSC362 Phishing Attack Role of Spam Email and Client Side Scripts Discussion Writing Assignment Help
Need to respond to two student discussions with at least 150 words minimum for each response. Below in the bold are the questions the students are responding to.
For this assignment, create a new message and address the following items in your response.
- Describe how a phishing attack works. Explain the role of the spam email, domain name, and website in the phishing attack
- Identify and describe the four basic techniques for arranging an enterprise’s Internet point of presence.
- Explain how the Web browser authenticates a server that uses SSL. What is the impact on business and our social lives?
- Explain the operation of server-side scripts and client-side scripts. How are they the same? How are they different?
Student one:
Good day Professor and fellow Classmates:
Describe how a phishing attack works. Explain the role of the spam email, domain name, and website in the phishing attack.
Simply put a phishing attack attempts are basically a method to trick the end user into submitting their personal details and/or confidential data. The most common way to obtain this information is through email correspondences. Just that method alone is used almost every single day which indicates it is the most effective way for cyber criminals to exploit (Palmer, 2019).1
One of the phishing types known is a social engineering attack. This type of attack aside from user data, it steals login credentials, and credit numbers. This happens when the attacker masquerades as a trusted source which manipulates its victims into opening the message via email, instant messaging, or by SMS texting (Imperva, 2019).2
Spam emails are a type of moneymaking advertising technique that this a very low and cost effective for the attacker to use. Users receiving these types of messages will fall for and buy the advertised product, hence which emails the sender to make money and perpetuating a new phenomenon of problems for users (Runbox, 2019).3
Domain names are simple to recall because it uses simple words that can be remembered easily. They are used to communicate with the DNS server of the website it needs to visit. The Domain Name System (DNS) is what translates the friendly name to an IP address (Lifewire, 2019).
Instant messaging, sometimes referred as either IM or IM’ing. It is the exchange of real time messages either by a stand-alone or software application. Different from chat rooms, users engage in conversation sessions that is based between two users in private with a back-and-forth style of communicating with each other (WhatIs.com, 2019).5
Identify and describe for the four basic techniques for arranging an enterprise’s Internet point of presence.
Well to distinguish the four basic techniques to arrange an enterprise’s internet point of presence (POP) it important to note they are single firewalls, bastion, bastion hosts, three-legged firewalls, and followed by dual firewalls (Smith, 2019). Firstly, the single firewall does not utilize a DMZ, because like with servers it resides inside a firewall. Of those four, it appears that the oldest and the least common method of choice is the bastion host. Further, it is because it requires a more detail set up which then relies on patching and updates in order to be secured from attacks. It can allow internet services to run while acting as the firewall. Nonetheless, with today enterprises utilizes and separates firewalls instead. Next, is the three-legged firewall which is being used to connect to an internet service provider, to include the intranet, and to a DMZ. The outbound traffics are transmitted via the DMZ allowing it to access the internet but restricts all inbound connections from the internal network. Lastly, dual firewalls routinely utilizes two separate firewalls. The first one protects the system from the internet, and the second protects the internal network activities from the DMZ. This method suits better than say the three legged firewall because it uses multiple layers of protection. However, the way all four firewalls are setup makes it more complicated in creating a defense rule management (Smith, 2019).6
Explain how the Web browser authenticates a server that uses SSL. What is the impact on business and our social lives?
So a web browser that authenticates utilizes SSL a user will experience a message indicating that the site has a trusted certificate which resides within the server and presents it on the browser which contains some ciphering. Then the user will accept by sending a cipher suite to the server and decide which suite is appropriate for both the user and the server, respectively. Once this has been established the server then presents it public key confirming to the user who they say they are. When accepted, the both the server and browser will exchange information of the private key. Then both the public and private key will share encrypted information that only both can decrypt together.
Lastly, the impact of the SSL it has on businesses and social media is at a grand scale. What it does it adds a great deal of security when transmitting sensitive information over the web. Recommendation, you should be conducting any business over the web that contains sensitive information without utilizing an SSL protocol. Otherwise, you risk being attacked (IBM, 2019).7
Explain the operation of server-side scripts and client-side scripts. How are they the same? How are they different?
Server-side scripts are used for consistency in a website’s layout or format and includes the most accurate content on the page (Smith, 2016). Client-side scripts are run by the user’s browser and can be accessed from the website’s pages directly (Smith, 2016).
The operation of a server-side scripts are the dependability of a website’s design that suggests that the website’s content be accurate within the pages. Client-side scripts run via the end user’s browser and it is accessed from within the website’s straightforwardly (Smith, 2019).6
References:
1 Palmer, D. (2019). What is phishing? Everything you need to know to protect yourself from scam emails and more | ZDNet. Retrieved from https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/
2 What is phishing | Attack techniques & scam examples | Imperva. (2019). Retrieved from https://www.imperva.com/learn/application-security/phishing-attack-scam/
3 What is spam, and how to avoid it – Runbox. (2019). Retrieved from https://runbox.com/email-school/what-is-spam-and-how-to-avoid-it/
4 What a Domain Name Is and How It Works. (2019). Retrieved from https://www.lifewire.com/what-is-a-domain-name-2483189
5 What is instant messaging (IM)? – Definition from WhatIs.com. (2019). Retrieved from https://searchunifiedcommunications.techtarget.com/definition/instant-messaging
6 Smith, R. E. Elementary Information Security. [VitalSource]. Retrieved from https://online.vitalsource.com/#/books/9781284093070/
7 IBM Knowledge Center Error. (2019). Retrieved from https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/sslprocess.html
-Allan
Student two:
- Phishing attacks are popular social engineering attacks used in the reconnaissance phase of an attack to gather information. Phishing attacks often occur in the form of spam email. An end user is spammed with an email appearing to be legitimate; however, the website is often illegitimate, yet seems like a legitimate website. An example would be clicking on a link that goes to a domain name of amazons.com vice amazon.com. This is a subtle difference of adding an s to the domain name. Once at the website, the attacker may seek to gather login information or even credit cards, completing the phishing attack. This similar attack is successful in replicating work domain names, often tricking employees into reauthenticating and stealing their login information.
- Internet points of presence are the single point in which traffic enters and exits an internal network to gain access to the Internet. As noted by Smith (2016) PoPs are often established through a single firewall, bastion host, three-legged firewall, or dual firewalls. Single firewalls provide no DMZ capabilities and serve as filters for internal and external traffic. Bastion hosts can be paired with a single firewall for additional security and serve as a guardian for all traffic. Bastion hosts are usually configured for a sole purpose, such as a proxy or DNS server. Other services are removed to prevent attacks against the services. Several organizations leverage a three-legged firewall, one connected to 3 sources, typically the Internet, DMZ, and internal network. External users can come in through the firewall and utilize services in the DMZ, but not in the internal network unless a trusted IP. Another method of implementing a DMZ is through dual firewalls. In this model, instead of 3 connections on one firewall, external traffic hits the first firewall, enters a DMZ, and then passes an internal firewall for intranet access.
- SSL encryption is an end to end encryption method that encrypts layer 4 of a packet, making it impossible to determine the port traffic is actually intended for. Attackers can leverage tunneling and encryption to hide malicious traffic as fake web traffic to gain access through port 80 or 443 and then exploit the system once inside the firewall (Smith, 2016).
- Server scripts and client scripts serve similar purposes, to automate basic tasks and ease the experience of users and administrators. Everyday servers and clients use scripts to clean up files, transfer data, and execute tasks. Server scripts are often written in a higher language due to increased processing power. Javascript is a common scripting language built for clients. If a user visits a site and attempts to download a file, the server executes a form of the get command through a script and downloads it to the appropriate location on the client. Servers can also call on client scripts to provide resources and files when necessary for an action, which can result in a security vulnerability if exploited.
-Nick
References
Smith, R. E. (2016). Elementary information security, 2nd Edition. Subury, MA: Jones & Bartlett Learning.
[supanova_question]
https://anyessayhelp.com/
-Allan
Student two:
- Phishing attacks are popular social engineering attacks used in the reconnaissance phase of an attack to gather information. Phishing attacks often occur in the form of spam email. An end user is spammed with an email appearing to be legitimate; however, the website is often illegitimate, yet seems like a legitimate website. An example would be clicking on a link that goes to a domain name of amazons.com vice amazon.com. This is a subtle difference of adding an s to the domain name. Once at the website, the attacker may seek to gather login information or even credit cards, completing the phishing attack. This similar attack is successful in replicating work domain names, often tricking employees into reauthenticating and stealing their login information.
- Internet points of presence are the single point in which traffic enters and exits an internal network to gain access to the Internet. As noted by Smith (2016) PoPs are often established through a single firewall, bastion host, three-legged firewall, or dual firewalls. Single firewalls provide no DMZ capabilities and serve as filters for internal and external traffic. Bastion hosts can be paired with a single firewall for additional security and serve as a guardian for all traffic. Bastion hosts are usually configured for a sole purpose, such as a proxy or DNS server. Other services are removed to prevent attacks against the services. Several organizations leverage a three-legged firewall, one connected to 3 sources, typically the Internet, DMZ, and internal network. External users can come in through the firewall and utilize services in the DMZ, but not in the internal network unless a trusted IP. Another method of implementing a DMZ is through dual firewalls. In this model, instead of 3 connections on one firewall, external traffic hits the first firewall, enters a DMZ, and then passes an internal firewall for intranet access.
- SSL encryption is an end to end encryption method that encrypts layer 4 of a packet, making it impossible to determine the port traffic is actually intended for. Attackers can leverage tunneling and encryption to hide malicious traffic as fake web traffic to gain access through port 80 or 443 and then exploit the system once inside the firewall (Smith, 2016).
- Server scripts and client scripts serve similar purposes, to automate basic tasks and ease the experience of users and administrators. Everyday servers and clients use scripts to clean up files, transfer data, and execute tasks. Server scripts are often written in a higher language due to increased processing power. Javascript is a common scripting language built for clients. If a user visits a site and attempts to download a file, the server executes a form of the get command through a script and downloads it to the appropriate location on the client. Servers can also call on client scripts to provide resources and files when necessary for an action, which can result in a security vulnerability if exploited.
-Nick
References
Smith, R. E. (2016). Elementary information security, 2nd Edition. Subury, MA: Jones & Bartlett Learning.