RISK ASSESSMENT on the Department of the Army IT Systems Essay Example for Free

RISK ASSESSMENT on the Department of the Army IT Systems Essay 1.Introduction 1.1 Purpose This risk assessment was to identify threats and vulnerabilities related to the Department of the Army (DoA) Information Technology (IT) systems. It will be utilized to identify vulnerabilities in the Computer Network Defense (CND) Capabilities and mitigation plans related to DoA’s IT systems. It was realized that this was a potential high-risk system as noted by the Department of Defense (DoD) Chief Information Officer (CIO). (DoD, 2012) 1.2 Scope This risk assessment applies to all DoA Non-secured Internet Protocol Router Network (NIPRNET) and Secured Internet Protocol Router Network (SIPRNET) for Regular Army and Reserve Components. This is a major system that is used by millions of Soldiers, contractors and DA civilians worldwide. The DoA’s IT system is comprised of Army Global Network Operations and Security Center (A-GNOSC) which is responsible for the Army’s day-to-day Tier 2 CND Service Provider. The research methods will present both quantitative and qualitative data which will identify hazards and vulnerabilities to include International-Transnational Terrorism and Domestic Terrorism and present an assessment of the potential risks from them. Information will be collected mainly from DoD’s and DA’s websites. SYSTEM CHARACTERIZATION The DoD uses DODI 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), as the process for implementing Certification and Accreditation (CA) within their information system. The Information Assurance (IA) Controls, or security measures that must be implemented on a system, as stated in the DODI 8500.2, Information Assurance (IA) Implementation. The control selection relies on the Mission Assurance Categories (MAC) and Confidentiality Levels (CL). Information Systems (IS) will be allotted a MAC level which shows the importance of the information which is used to determine the IA controls for integrity and availability regarding DODI 8500.2 and will be decided by the DoD or Army by the DIACAP  team (Information Assurance, 2009) MISSION ASSURANCE CATEGORY MAC IIs a high integrity, high availability for DoD ISs handling information that is determined to be vital to the operational readiness or mission effectiveness of deployed and contingency forces in terms of both content and timeliness. The consequence of loss of integrity or availability is unacceptable and could include the immediate and sustained loss of mission effectiveness. MAC IIIs a high integrity, medium availability for DoD ISs handling information that is important to the support of deployed and contingency forces. The consequence of loss of integrity is unacceptable. Loss of availability is difficult to deal with and can only be tolerated for a short time. MAC IIIIs a basic integrity, basic availability for DoD ISs handling information that is necessary for the conduct of day-to-day business, but does not materially affect support to deployed or contingency forces in the short- term. The consequences of loss of integrity or availability can be tolerated or overcome witho ut significant impacts on mission effectiveness or operational readiness. CONFIDENTIALITY LEVELAll ISs will be assigned a confidentiality level based on the classification or sensitivity of the information processed. The confidentiality level is used to establish acceptable access factors and to determine the DODI 8500.2 IA Controls applicable to the information system. DOD has defined the following three confidentiality levels: 1.ClassifiedInformation designated top secret, secret or confidential in accordance with Executive Order 12356. 2.SensitiveInformation the loss, or unauthorized access to or modification of could adversely affect the national interest or conduct of Federal programs, or Privacy Act information. Includes, but is not limited to For Official Use Only (FOUO), Privacy data, unclassified controlled nuclear information, and unclassified technical data. 3.PublicInformation has been reviewed and approved for public release. Note. Mission Assurance Categories table is taken from Information Assurance. (2009) Applications (not an inclusive list): Anti-Spyware General –V4R1, 3 Dec 09, Application Services –V1R1, 17 Jan 06  Application Security Development V3R1, 10 May 10 CITRIX Xen App, V1R1, 23 Jul 09 ESX Server -V1R1, 22 Apr 08 Database –V8R1, 19 Sep 07 Desktop Applications General –V4R1, 3 Dec 09 Directory Services –V1R1, 24 Aug 07 ERP –V1R1, 7 Dec 06 ESM –V1R1, 5 Jun 06 HBSS STIG –V2R5, 22 Feb 10 IM –V1R2, 15 Feb 08 InTFOT-V1R1, 2 Oct 09 ISA Server 2006 OWA STIG, V1R1 5 Feb 10 McAfee Antivirus –V4R1 –3 Dec 09 Microsoft Exchange 2003 –V1R1, 6 Aug 09 MicrosoftIE6 –V4R1, 3 Dec 09 MicrosoftIE7 –V4R1, 3 Dec 09 MicrosoftIE8 –V1R1, 26 Apr 10 Microsoft Office 2003 –V4R1, 3 Dec 09 Microsoft Office 2007 –V4R1, 3 Dec 09 Mozilla Firefox –V4R1, 3 Dec 09 Symantec Antivirus –V4R1, 3 Dec 09 SunRay4 Thin Client –V1R1 –26 Mar 09 VTC STIG –V1R1 –08 Jan 08 Web Server –V6R1, 11 Dec 06. DISA STIG. (2012) THREAT IDENTIFICATION Data from the DoD shows a 20% rise in attacks against its information systems from 43,880 to 54,640 between 2007 to 2008. â€Å"Each of these penetrations involves a series of actions that do not differ substantially whether the intruder is acting on behalf of a terrorist group, a foreign government, a corporation, or is acting as individual. The severe intrusions into cyber systems involve penetrating system security, navigating and mapping the cyber system, targeting the nodes that control the system and contain the most critical data, and often, extracting the data.† (Wortzel, 2009) â€Å"In February 2011, the Deputy Secretary of Defense said that more than 100 foreign intelligence agencies have tried to breach DOD computer networks and that one was successful in breaching networks containing classified information.2 Also, the President of the United States has identified this threat as one of the most serious national security challenges facing the nation.† (Dâ€⠄¢Agostino, 2011, pp. 1) VULNERABILITY IDENTIFICATION THREAT CapabilitySecurity Test ResultsAudit CommentsSeverity SW BaselineNo SW baselineThe DA does not have a documented software inventory. A failure of this control does not lead to an immediate risk. IA Impact AssessmentConfiguration Management Plan (CMP) is not completeThe certification team through document review, that DA does not have formal procedures for IA impact assessment.Failure to assess changes for IA impact could lead to changes being made to the environment that unknowingly  introduce vulnerabilities increasing the risk of compromise. Ports, Protocols, and ServicesOpen ports protocols and services (PPS)The certification team determined through interviews and device configuration reviews, that DA does not perform regular review of their open PPS.Unnecessary open PPS increase the risk of systems being compromised. CONTROL ANALYSIS Incident Handling, IA Training and Certification, Information Assurance Vulnerability Management (IAVM), IA Program Management, Public Key Infrastructure (PKI), Certification and Accreditation, Federal Information Security Management Act (FISMA), Wireless Security, Army Web Risk Content Management, Personally Identifiable Information (PII), Portable Electronic Devices (PED), Minimal Information Assurance Technical Requirements, Classified Systems Management and Physical Security and Environmental Controls (Information Assurance, 2009) LIKELIHOOD DETERMINATION THREATSTerrorist (mail bomb)Denial of ServiceUnauthorized Access 1. VulnerabilityUncontrolled accessUpgrading Firmware onlineUnattended computer while logged on 2. MitigationControlled access e.g. common access card, buzzerUpgrade from trusted source onlyLog off computer before leaving area 3. Threat Probability615 Threat Probability: Highest number equals highest probability Note. Threat Matrix is taken from DA Anti-Terrorism Plan (2012). (CH 5 DOD O 2000.12H) IMPACT ANAYLYSIS Criticality Assessment Matrix AssetImportanceEffectRecoverabilityMission FunctionalityTotal Servers 1097834 Routers875626 Highest score = most critical Lowest score = least critical RISK DETERMINATION ValueNumeric Rating Major Deficiency9-10 Significant Deficiency7-8 Moderate Deficiency5-6 Minor Deficiency3-4 Negligible Deficiency1-2 CONTROL RECOMMENDATIONS Move the IA Program out of Technical lanes and into Command lanes, clearly define functions for a Command IA Program, define Concept for the Command IA Team (technical and non-technical), develop a reporting methodology for the Command IA Program, develop and provide a Command IA Training Program, develop a Command IA Program Management Course (CIAPMC), develop a Risk Management Model for Information Protection (IP): IA/CND, establish an â€Å"Acceptable Risk Criteria† for the Command IA Program and transform the Army’s IA Policy Formulation Process. (DAIG IA, 2009) SUMMARY Risk Vulnerability/ThreatRisk LevelRecommended ControlsAction Priority Hardware baseline inventory is incomplete. This could lead to the introduction of unauthorized into the network and also makes it difficult to maintain an effective life cycle managementLowComplete current hardware baseline and continue to identify and document future assets.Low Configuration management is not complete and this could lead to changes being made to the environment that unknowingly introduce vulnerabilities. This should be assessed by an IA team before introduced to the network.LowFinalize the configuration management process and implement a plan to assess IA impact of change to the system.Low Open ports, protocols and services. Changes made to the open PPS will lead to exploits and/or data compromise.MediumEnsure that the change management process relating to PPS are developed and enforced.Medium REFERENCES Bendel, B. (2006). An Introduction to Department of Defense IA Certification and Accreditation Process (DIACAP). Retrieved from http://www.xlr8technologies.com/CMS/admin/Assets/lunarline/pdfs/lunarline_dia cap_process1.pdf D’Agostino, D. (2011). Defense Department Cyber Efforts: More Detailed Guidance needed to Ensure Military ServicesDevelop Appropriate Cyberspace Capabilities. Retrieved from http://www.gao.gov/new.items/d11421.pdf DoD CIO. (2012). Department of Defense Instruction, Number 8582.01. Security of Unclassified DoD Information on Non-DoD Information Systems. Retrieved from http://www.dtic.mil/whs/directives/corres/pdf/858201p.pdf Hudson, J. (2009). Department of the Army Information Security Program. Retrieved from http://www.apd.army.mil/pdffiles/r380_5.pdf Stonebumer, G., Goguen, A. Feringa, A. (2002). Risk Management Guide for Information Technology Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf Information Assurance. (2009). Retrieved from www.apd.army.mil/pdffiles/r25_2.pdf DIACAP (n.d.) – DoD 8500. Retrieved from http://www.securestate.com/Federal/Certification%20and%20%20Accreditation/Pages/DIACAP-D0D8500.aspx DISA STIG. (2012). Retrieved from http://iase.disa.mil/stigs/a-z.html DoD Anti-Terrorism Program. (2012). Retrieved from http://www.dtic.mil/whs/directives/corres/pdf/200012p.pdf Wilson, C. (2005). Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress. Retrieved from http://www.history.navy.mil/library/online/computerattack.htm Wortzel, L. (2009). Preventing Terrorist Attacks, Countering Cyber Intrusions, and Protecting Privacy in Cyberspace. Retrieved from

A Rose for Emily by William Faulkner Essay -- A Rose for Emily by Will

â€Å"A Rose for Emily" by William Faulkner Respect, admiration, and fame from the general public can come at somewhat of a cost. The cost can be anything from a decrease in privacy to an actual effect on ones mental state. In this essay I will use the short story â€Å"A Rose for Emily" by William Faulkner to describe how general fame, no matter how large or small can be uplifting, but at the same time extremely destructive. Emily is the most renowned lady in the town. Since she carries this type of status there is a strict reputation she must keep. As with today’s celebrities, they not only represent themselves, but there town as well. Ms. Emily is no exception. Since she was closely â€Å"guarded† by her father, she was rarely seen outside of the house and could never find a spouse suitable eno...

Being Single

Being  single doesn't necessarily mean you're available. Sometimes you have to put up a sign that says, â€Å"Do Not Disturb† on your heart. | If  you aren't happy being single you will never be happy in a relationship. Get your own life and love it first, then share it. If  you're single, focus on being a better you instead of looking for someone better than your ex. A better you will attract a better next. Being  single doesn't necessarily mean one is not wanted. In many cases it means that one knows what they want and if they can't find that someone special then they'll remain single forever because they're OK and happy with who they are and just want that someone special to complete them and take their happiness a higher level. â€Å"Being single† is a term used to describe the state of a person being single and not committed. A single person unlike a committed person is not involved in any relationship. A single person has a multitude of friends and acquaintances and enjoys his single status. Being single is a privilege for many, since they are free to live life individually, without the pressures and expectations that are often associated with a committed relationship. Life is truly an unpredictable affair and you have no idea about how it can change at any point of time. So, people some people prefer being single rather than getting committed to someone. Dealing with relationships and making them successful is not everyone’s cup of tea. Relationships require emotional investment, as well as a lot of time to make things work. So, staying single is what people prefer usually. Stephanie Mills had once remarked, â€Å"I enjoy being single, but I loved being married. †

Mental Illness And Musicians Writing A Song Essay

Mental Illness and Musicians Writing a song can be a grueling process if the inspiration isn’t there. Without an emotional basis to stimulate inspiration, nothing of creative value can be accomplished. Musicians consistently look to their emotions when it comes to song writing. Passion is a key ingredient in producing something of artistic significance. By that logic, a more emotional person should also be a more creative one. But what about those with bipolar disorder? Wouldn’t their periods of mania be a sort of creative gold mine? Mental illness can drive creativity and can be proven through the examination of established musicians, the use of music as therapy, and the chemical structure of the brain itself. Neurotransmitters in the brain can give researchers insight as to why people feel the way they do. Dopamine, for example, is the neurotransmitter associated with satisfaction. Activities such as watching your favorite TV show or eating your favorite food can caus e the release of dopamine in the brain. Moreover, dopamine can act as a stimulant to increase communication between neurons and widen the brain’s range of effects. (Hillman). A study by Dr. Fredrik Ullen, of the Karolinska Institute, examined the dopamine receptors in â€Å"highly creative types† and found that their dopamine systems highly resemble those of people who suffer from schizophrenia. In both cases, there is a low density of dopamine receptors in the thalamus, which acts as aShow MoreRelatedBipolar Disorder in Song Lyrics Essay1024 Words   |  5 Pagesopen. The lead singer and song writer of alternative rock band Blue October, Justin Furstenfeld explains on a suicide prevention video that he has â€Å"battled with bipolar disorder, psychiatric tendencies as well as anxiety issues throughout much of his life and admits he self-harmed during his teenage years and has reoccurring suicidal thoughts† (Freunde fà ¼rs Leben, 2010). Many songs that he wrote are about his mental illness and problems he faced because of it. In the song X Amount of Words, FurstenfeldRead MoreMusic Therapy: What Are the Benefits?1193 Words   |  5 Pagestoday’s medical fields. People recognized that music does have healing properties ever since ancient times. Primitive people believed that different illnesses came from either breaking taboos or from religious or magical forces. The combination of dance, song and music in healing ceremonies was thought to expel illnesses and restore balance to the human body. These practices and religious beliefs continued throughout the Middle Ages. It wasn’t until the 18th century that scientists began to research onRead MoreMusics Health Effects1229 Words   |  5 Pagesunlock the secret’s of music, this knowledge can start being applied to the real world. This includes the world of business, academia, and more recently medical fields. So in short, music can provide stress relief, it improves focus, and it improves mental health. Music effect on stress relief is due in part to it’s effect on mood. This may seem like a sentence within a sentence, but it is much more than that. When listening to classical music, one is brought into a state of calm. When listening toRead MoreCreativity And The Mad Genius1765 Words   |  8 PagesErnest Hemingway was the only one to seem to have a genetic disposition towards mental illness. None of these men led similar lives. Van Gogh only saw one of his paintings sold, while Beethoven was an acclaimed composer by the age of twenty-nine. Hemingway was friends with some of the greatest literary minds of the day, and Robin Williams was one of the most successful comedians to date. The common link, besides their mental illnesses, is the idea that each of these men were searching for something moreRead MoreMusic and Memory: The Impression of the Soul1985 Words   |  8 Pageshow 2 different types of music can affect the memory of teenagers and young adults. The majority of studies done by the University’s and non-profit organizations all ask how music affects memory of senior citizens and how this may help their mental illness. I desired to test teenagers and young adults since I feel that our education system is established around students memorizing data and statistic, whereas teachers memorizing lesson plans. If the entire idea of the education system is to memorizeRead MoreThe History Of Ludwig Van Beethoven2152 Words   |  9 Pagesplaying on the piano. Famous for more than just writing the piece Fà ¼r Elise that most of us all know. He composed many songs with a force that not just every musician has; musical emotion. Each of his pieces captured and held a story about Beethoven. Did you know Beethoven was deaf? How could a composer, a musician, a musical genius, lack such an important and valuable sense and still continue to create such beautiful pieces? What was it like for this musician to have dealt with the struggle of not bein gRead MorePsychedelic Musicians in Rock and Roll Essay2742 Words   |  11 PagesPsychedelic Musicians in Rock and Roll In 1967 the Beatles were in Abbey Road Studios putting the finishing touches on their album Sgt. Peppers Lonely Hearts Club Band. At one point Paul McCartney wandered down the corridor and heard what was then a new young band called Pink Floyd working on their hypnotic debut, The Piper at the Gates of Dawn. He listened for a moment, then came rushing back. Hey guys, he reputedly said, Theres a new band in there and theyre gonna steal our thunder. WithRead MoreMusic Therapy1769 Words   |  8 Pagesare many people who have no idea what it is. During W.W.I., music therapy in the United States began to develop when music was used in the Veterans Administration Hospitals as an intervention to address traumatic war injuries. There were several musicians who were not working and they would go to the Veteran hospitals to play for the injured soldiers. â€Å"Numerous doctors and nurses witnessed the effect music had on veterans psychological, physiological, cognitive, and emotional stateâ €  (University HospitalsRead MoreA Descriptive Study of the Practice of Music Therapy in Hong Kong17388 Words   |  70 Pagessense of self-awareness, and thereby to enhance his or her quality of life. The process may take place in individual or group music therapy sessions. (APMT, 2006) To summarize, the objective of music therapy is to help clients maintain physical and mental health through a series of treatments by a professional music therapist. The above three definitions, which are often cited by music therapists and scholars, not only explain what music therapy is, but also establish a new perspective or approachRead MoreSocial Networking Sites-Boon/Bane15517 Words   |  63 Pagestend to hide the real stuff by using code language you may never understand. Teens are basically using them to stop parents and employers from judging them on the basis of their social activities such as partying, drinking and drugs. Instead of writing they are drunk, teens post Getting MWI or mad with it, reports telegraph.co.uk. , a regular user says Of course the code language exists and it is quite a trendy and potent way to say things without stating the obvious. Things are not as safe