Cyber Security Research Paper Essay Example for Free

Cyber Security Research Paper Essay 1. Preface This security profile of the Department of Veterans Affairs (VA) is based on two documents of public record. The first is the published VA Handbook 6500 (VAH 6500) which defined policy and procedures for systems within the purview of the VA (Department of Veterans Affairs, 2007). The second document is the Federal Information Security Management Act Assessment for FY 20011 commissioned by the VA Office of Inspector General (OIG) and performed by Ernst Young in accordance with Federal Information Security Management Act (FISMA) guidelines (VA Office of Inspector General, 2012, p. i). 2. Identification of Controls This security profile presents one control function from three primary policy and procedure controls. These controls are â€Å"System/New Technology Development Life Cycle† from Management Controls, â€Å"Security Training, Education, and Awareness† from Operational Controls, and â€Å"Remote Access† from Technical Controls. These controls are selected based on the lack of resolution based on information provided fiscal year 2006, 2010 (VA Office of Inspector General, 2011) and 2011 (VA Office of Inspector General, 2012) FISMA audits. 3. Management Controls The protection of systems via risk mitigation techniques are referred to as management controls. Management controls are designed to minimize risk associated with development process and systems implementation. 4.1. VAH6500 Section 6.a.(7) System/New Technology Development Life Cycle VAH6500 requires that any new technology undergo a systems development life cycle (SDLC) specific to the VA. The cycle consists of Initiation, Development / Acquisition, Implementation, Operation / Maintenance and Disposal. Systems must be able to encrypt/decrypt data. Systems not capable of this must receive a waiver from the OIG. 4.2. Implementation Assessment The SDLC program provided does not provide the necessary information for an effective program. No supporting material or references to NIST SP 800-64 Rev2 Security Considerations in the System Development Life Cycle or VAH 6500.5 Incorporating Security and Privacy into the System Development Life Cycle is made. 4.3. Implementation Impact The OIG 2011 FISAM Assessment indicates that â€Å"FISMA Section 3544 requires establishing policies and procedures to ensure information security is addressed throughout the life cycle of each agency information system† (VA Office of Inspector General, 2012, p. 9). Based on the lack of consistency in use of SDLC and change control, major security risks may go unnoticed. 4. Operational Controls Operational controls focus on techniques and procedures put in place by Information Technology staff or systems managers. The purpose is to increase security and provide deterrence via system controls. 5.4. VAH6500 Section 6.b.(11) Security Training, Education, and Awareness VAH6500 provides a concise policy which states any individuals that access sensitive information or systems must complete annual security training. Key persons with â€Å"significant† roles must attend additional training. All training is monitored for completeness. Policy indicates before employees can use systems security training must be completed. 5.5. Implementation Assessment Policy indicates that fourteen key pieces of information must be covered before an individual is allowed to begin work. This training must also be refreshed annually. The tracking of this information is the responsibility of the local ISO (Department of Veterans Affairs, 2007, p. 57). 5.6. Implementation Impact The distributed manner of training management is not conducive to consistent security training. The OIG 2011 FISAM Assessment findings indicate a centrally managed training database be used to ensure personnel receive the proper training needed for their job function (VA Office of Inspector General, 2012, p. 15). 5. Technical Controls The technical control area focuses on minimizing and/or preventing access to a system(s) by unauthorized individuals via technical measures. The measures are designed to ensure the confidentiality, integrity and availability of a system(s) (VA Office of Inspector General, 2012, p. 54). 6.7. VAH6500 Section 6.c.(3) Remote Access Control VAH6500 relies on nineteen policy requirements to enforce technical control. VA policy states that no sensitive information may be transmitted via internet or intranet without proper security mechanisms that meet NIST FIPS 140-2 criteria (Department of Veterans Affairs, 2007, p. 61). Each department within the Agency is responsible for monitoring remote access and privilege functions. Access can be revoked by a supervisor or superior at any time. The remaining requirements cover contractor access, PKI certificate distribution and termination of accounts. System protection is the responsibility of the ISO for each area of access. 6.8. Implementation Assessment VAH6500 does not utilize NIST SP 800-46 Guide to Enterprise Telework and Remote Access Security. The OIG 2011 FISAM Assessment also indicates some remote access systems do not provide Network Access Control (NAC) to block systems that do not meet predefined security requirements (VA Office of Inspector General, 2012, p. 6). 6.9. Implementation Impact The diversity of ISO management practices coupled with a lack of specific procedures for management, auditing and access creates opportunity for security breaches. 6. Summary The three controls outlined in this document show the disparity between written policy, procedure, and implementation. In order for the VA to be successful in meeting the standards of future FISMA assessments, a fundamental change in operations within the VA is required. 7. Comments The multifaceted nature of operations within the VA requires guidelines that meet the needs of multiple departments within the Agency. All three controls discussed in this document have very broad definitions to accommodate the extensive variety of services the VA provides. This flexibility coupled with a drop in training acceptance, legacy systems (VA Office of Inspector General, 2012, p. 7) and the lack of an â€Å"implemented components of its agency-wide information security risk management program† (VA Office of Inspector General, 2012, p. 3) will continue to limit future progress. These delay factors provide an understanding of why twelve recommendations from prior FISAM assessments remain open. Of the twelve recommendations listed in the VA FISMA FY 2011 report, only three have been closed, while three other recommendations have been superseded by new recommendations (VA Office of Inspector General, 2012, p. 19). The recent announcement of the Continuous, Readiness in Information Security Program (CRISP) seems to indicate a fundamental shift in the way the VA views security issues (United States Department of Veterans Affairs). In order for this program to be successful, this message must be understood and acted upon by all persons under the VA umbrella. 8.References Department of Veterans Affairs. (2007). VA Handbook 6500. Washington, DC: US Government Printing Office. Retrieved February 20, 2013, from http://www.va.gov/vapubs/viewPublication.asp?Pub_ID=56 Department of Veterans Affairs. (2010). Strategic Plan FY 2010-2014. Washington, DC: US Government Printing Office. Retrieved February 20, 2013, from http://www.va.gov/op3/Docs/StrategicPlanning/VA_2010_2014_Strategic_Plan.pdf National Institute of Standards and Technology. (2010). Guide for Assessing the Security Controls in Federal Information System (NIST 800-53a). Washington, D.C.: US Government Printing Office. http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf United States Department of Veterans Affairs. (n.d.). CRISP. Retrieved February 21, 2013, from United States Department of Veterans Affairs: http://www.saltlakecity.va.gov/features/CRISP.asp VA Office of Inspector General. (2011). Department of Veterans Affairs Federal Informati on Security Management Act Assessment for FY 2010 (10-01916-165). Washington, D.C.: US Government Publishing Office. Retrieved from http://www.va.gov/oig/52/reports/2011/VAOIG-10-01916-165.pdf VA Office of Inspector General. (2012). Department of Veterans Affairs Federal Information Security Management Act Assessment for FY 2011 (11-00320-138). Washington, D.C.: US Government Printing Office. Retrieved February 20, 2013,from http://www.va.gov/oig/pubs/VAOIG-11-00320-138.pdf

Different Kinds Of Love In Great Expectations Essay -- Great Expectatio

In Great Expectations, there are many odd points of view of love and what love should mean. Pip’s love toward Estella is a yearning craze, and he is blinded by her fascinating beauty. On the other hand, Uncle Joe has a very respected love for Mrs. Joe, considering how harshly she treats him, Mrs. Joe doesn’t seem to love Joe at all. Biddy’s love for Pip seems true, until Pip leaves his home to become a gentleman. Estella also gets married to a man that loves her, Bently Drummle, but does not return his love, and chooses to marry for profits only. Love plays a large part in this story, binding some of the characters together, and ruining other’s relationships. When Pip was very young, he was confused at what love should really be. It is no surprise that Pip has a very odd point of view about women at this point in the story. He’s met so many harsh women, he must think at his young age, that most women are like that. Estella, Pip’s first love, looks down on him, and Miss Havisham, confuses him and even tells Estella to break his heart. It is a mystery to know how Pip actually learns what love is with all the confusion from when he was young. Estella does not return Pip’s love when they are young, but when they grow older, she learns to love him dearly as a friend. When Pip traveled to London to become a gentleman, he becomes very close friends with the convict Magwitch. Later, Pip finds out that Magwitch is Estella’s real father, and on his deathbed, Pip, by his side, admits h...

Developments in transportation Essay

â€Å"Developments in transportation, rather than in manufacturing and agriculture, sparked American economic growth in the first half of the nineteenth century.† is not accurate. While development in transportation played a fundamental role in America’s growth, if it were not for developments in manufacturing and agriculture the new technology in transportation could not have successfully been completed. Without the raw materials, and the products which came out of the early US iron and steel industry, (which were all ultimately determined by the United States agricultural market), the transportation revolution could not have been carried out. Also, with the rapid growth of the agricultural markets, American economic growth boomed. All three factors, (transportation, agriculture and manufacturing) played an equal role in sparking the American economic growth in the first half of the nineteenth century. The cotton gin was just one of the few reasons in which the American economy grew at a rapid pace. Eli Whitney’s intention in 1793 of the cotton gin, which separated raw cotton from seeds and other waste, caused the economy to boom, with the growth of southern farms. As the southern plantations who could keep up with this new boom in cotton got larger and larger, small farmers moved west. This migration of small farmers to the west caused a need for developments in transportation to link the nation. In turn, these developments in transportation caused a boom in economy. Therefore, both manufacturing inventions and transportation inventions caused the growth in economy. New inventions and capital investment led to the creation of new industries and economic growth. As transportation improved, new markets continuously opened. The steamboat made river traffic faster and cheaper, but development of railroads had an even greater effect, opening up immense areas of new territory for development. These new developments just opened up entrepreneurs eyes, and helped them to create the â€Å"boom† parts of the cycles in the 19th century. The new factories which sprang up around the US starting with mills such as the Lowell mills also led to new developments which helped the United States  economy grow. More jobs were created, and wage earners were able to make twice the amount of the price of goods. Although these booms in the economy did not last for every long, it can not be intelligently argued that new developments in transportation were the only reasons in which the United States economy boomed during this time. New inventions, and new ways of creating goods, which came along with the Industrial Revolution truly opened up the nation’s workforce, and sprang its economy as well.

The Lady Of Shalott, By William Shakespeare - 1709 Words

William Shakespeare’s play Hamlet, has become a staple in contemporary society. Apart from the multitude of ingenious in this play, the character of Ophelia particularly places great importance on modern day woman. Ophelia’s importance throughout the play has been many times viewed as only her relation to Hamlet and the effect she has on him. Ophelia is important not just in this sense, but in respect of what she tells the reader about the society she lived in, in contrast to the society one lives in today. Alfred Lord Tennyson’s poem The Lady of Shalott, parallels closely to the life of Ophelia. Tennyson’s poem written over 200 years after Hamlet, is about a young woman who lives on an island off the coast of Camelot. There is a curse†¦show more content†¦Ophelia is the most one-sided yet consistent out of all the vital characters in Hamlet. She has great potential to be a tragic heroine and overcome the misfortunes forced upon her but instead, s he slowly diminishes into insanity following Hamlet’s contradictory treatment towards her, and murder of her father: â€Å"She speaks much of her father, says she hears there’s tricks i’th’ world, and hems, and beats her heart,† (Shakespeare, Hamlet, 4.5. 4-5). Ophelia is a young woman, with no womanly guidance to aid her. Her father Polonius, and brother Laertes, care for Ophelia and go to great lengths to preserve her innocence. Her loyalty to her father and brother is out of pure gratitude and appreciation for their concern. She obeys her father and brother’s command not to see or accept any letters from Hamlet, despite her love for him: Polonius: â€Å"This is for all: I would not, in plain terms, from this time forth, have you so slander any moment leisure, as to give words or talk with the Lord Hamlet. Look to ’t, I charge you†(1.3.131-135) Ophelia: â€Å"I shall obey, my lord†. (1.3.136) Polonius believes he knows what is best for Ophelia, and it is his ego that initiates her antic disposition. Polonius is convinced, Hamlet’s madness is due to Ophelia breaking ties with him. This theory is what drives Polonius to concern the king, Claudius, and use Ophelia as a pawn to get to the bottom of Hamlet’s madness. Hamlet unravels their plan, and when encountered with