Assignment 1: Case Study: Data Breaches and Regulatory Requirements

The National Institute of Standards and Technology (NIST) provides an extensive amount of information, resources, and guidance on IT and information security topics. The Federal Information Security Management Act (FISMA) provides standards and guidelines for establishing information security within federal systems. However, there have been, and continues to be, numerous security incidents including data breaches within federal systems. Review the information about FISMA at the NIST Website. Additionally, review the information, about the data breaches within government systems.

Select one of the data breaches mentioned to conduct a case analysis, or select another based on your research, and research more details about that incident to complete the following assignment requirements.

Write a three to five page paper on your selected case in which you:

1. Describe the data breach incident and the primary causes of the data breach.

2. Analyze how the data breach could have been prevented with better adherence to and compliance with regulatory requirements and guidelines, including management controls; include an explanation of the regulatory requirement (such as from FISMA, HIPAA, or others).

3. Assess if there are deficiencies in the regulatory requirements and whether they need to be changed, and how they need to be changed, to mitigate further data breach incidents.

The specific course learning outcomes associated with this assignment are:

• Describe legal compliance laws addressing public and private institutions.

• Examine the principles requiring governance of information within organizations.

• Use technology and information resources to research legal issues in information security.

• Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.

Assignment 2: Intellectual Property Laws and Security Measures

Intellectual property law is a major issue facing organizations, and many organizations have been fined significant amounts for violations of intellectual property law. As an information security manager in an IT consulting company, your executive management team is concerned about the potential intellectual property violations in the organization. To address these concerns, they have asked you to develop an intellectual property policy to implement within the organization.

Develop a policy document in which you:

1. Provide an overview of intellectual property law.

2. Describe who the policy applies to.

3. Create policy, standards, and guidelines concerning:

a. Patents
b. Trademarks
c. Copyrights
d. Ownership of company material

4. Develop intellectual property violation reporting procedures.

5. Develop intellectual property infringement ramifications.

The specific course learning outcomes associated with this assignment are:

• Analyze intellectual property laws.

• Use technology and information resources to research legal issues in information security.

• Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.

Assignment 3: Structural Modeling and Behavior Modeling

Refer to the functional model you verified and validated for ABS in the assignment to complete this assignment.

Based on your performance, ABS management was so satisfied that it wants you to develop both the structural and behavior models. This way, ABS can fully understand both the interaction that would take place between the users and the system, and the system itself in greater detail.

Note: You may create and / or assume all necessary assumptions needed for the completion of this assignment.

Write a four to five page paper in which you:

1. Create Class-Responsibility-Collaboration (CRC) cards and a class diagram based on the functional models through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.

2. Identify each use case in the functional model and create a sequence and communication diagram for each scenario of each use case identified through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.

3. Create a behavioral state machine for each of the complex classes in the class diagram.

4. Perform a CRUDE analysis to show the interactivity of the objects in the system.

5. Perform a verification and validation walk-through of each:Revise the requirements document created in Assignment 1 with additional information found in this assignment and document the assumptions.

1. Functional model
2. Structural model
3. Behavioral model

The specific course learning outcomes associated with this assignment are:

• Describe object-oriented modeling, structural modeling, and behavioral modeling.
• Develop class diagram based on business scenarios.
• Use technology and information resources to research issues in procuring and designing project requirements.
• Write clearly and concisely about project requirements and design topics using proper writing mechanics and technical style conventions.

Assignment 4: Design with UML

Advanced Business Systems (ABS) is a consulting and staffing company providing specialized staffing and consulting services to clients in a variety of different industries. It has offices in major U.S. metro areas and has ongoing relationships with Fortune 500 companies. Its areas of services range from software development and network engineering to geo-information systems. It has fifty plus regional offices in U.S. and five offices in Canada. It plans to expand to other countries in the future.

When an ABS client company determines that it will need a contractor or temporary professional, it issues a staffing request against the contract it had previously negotiated with ABS. The contract manager in ABS reviews the staff request and ensures that the request is valid with its current contract with its client from the database.

• If the request is not valid, the contract manager sends the staffing request back to the client and explains the reasons and asks for the need for starting a new contract.

• If the request is valid, the contract manager will start recruiting requests by putting the request into its staffing database. The staffing request is then sent to ABS placement department.

In the placement department, the placement specialists will check the job requirements and candidates qualifications.

• If there is a qualified candidate, the specialist will notify the candidate and put a note in the database.

• If a qualified candidate cannot be found or not immediately available, the specialist notifies contract managers and recruiting department; the recruiting department starts search outside immediately.

The recruiting department normally has thirty days to find an outside candidate and send the qualified candidates to the placement department to review. If an internal qualified candidate is confirmed with his / her availability, the confirmation will be sent to the arrangement department. In the arrangement department, the candidate works with the specialists to further confirm the placement details, such as starting date, location, compensation (e.g., per diem), and travel arrangement. The final confirmation will be sent to the client along with a billing schedule. If the client agrees with the arrangement, he/she acknowledges the arrangement with contract managers in the contract department. The contract manager then puts a memo into its database and closes the request.

Write a three to four page paper in which you:

1. Create a package diagram of the problem domain layer using the communication diagrams and the CRUDE matrix through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.

2. Perform and explain the verification and validation walk-through of the package diagram.

3. Create a set of invariants for attributes and relationships and add them to the CRC cards for each class in the structural model using Object Constraint Language (OCL).

4. List the classes in the structure model. Choose one (1) class and create a contract for each method in that class. Note: Be sure to use OCL to specify the preconditions and the post conditions.

5. Create a method specification for each method using both structured English and activity diagram for the algorithm specification through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.

The specific course learning outcomes associated with this assignment are:

• Determine the steps and principles of design modeling with UML.
• Document and describe the different state of objects throughout the life cycle.
• Use technology and information resources to research issues in procuring and designing project requirements.
• Write clearly and concisely about project requirements and design topics using proper writing mechanics and technical style conventions.

Format your assignment according to the following formatting requirements:

1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.

2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.

3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.

Discussions

Discussion 1: "Data Breach Notification"

Data breach laws have made us more aware of how our PII and other corporate data is compromised in recent years. Intellectual property is often the target of attacks from foreign entities and even governments. Banks don't like people to know how much money is stolen annually by hackers; despite their best efforts to prevent such theft. Discuss your thoughts on the subjects mentioned here based on your learning from this week.

Discussion 2: "Online Contracts"

Online contracts are becoming ubiquitous these days. They're sometimes signed online even in face-to-face meetings between parties. Based on your study this week, what are some pitfalls you previously didn't know? Describe an online contract or end-user license agreement you signed that made you think. Do you ever agree to things without fully reading them, even when the signature block says, "I have read and understand"? What do you think about this now that you have learned about online contracts?

Discussion 3: "Policies, Standards, Procedures, and Guidelines"

You studied policies, standards, procedures and guidelines. If you were the project leader at a small company being spun off from a larger company, how would you tackle the task of adapting your company's policies regarding information security? What are some of your greatest concerns? What rules are you likely to keep and which won't really apply? Remember to keep a balance. You don't want the employees to be so locked down by rules that they can't efficiently do their jobs.

Discussion 4: "Object-Oriented Design"

• Select an organization that you are familiar with and determine the most advantageous benefits of using object-oriented design in this organization and state why. In addition, explain the places within this organization that object-oriented design is not advantageous.

Discussion 5: "Data Management Layer Design"

• Recommend one to two methods to reduce space consumption and increase performance for object-oriented database. Provide a rationale for your recommendations.

Discussion 6: "Cloud Computing"

• Identify the main challenges for provisioning the physical architecture layer with cloud technologies. Additionally, recommend methods to mitigate those challenges.

The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.