Chapter 14 – Critique

Please answer the following questions on the word document and submit the document in Webcourses when complete. This assignment should not be submitted in a narrative (i.e. written paper) format. Chapter 14 will guide you through each of the sections and explain that question. Please use this resource.

1. Collection of data
   • What was the context of the study?
   • What were the objectives of the study?
   • What was the primary exposure of interest? Was this accurately measured?
   • What was the primary outcome of interest? Was this accurately measured?
   • What type of study was conducted?
   • Describe the source of the study population, process of subject selection, sample size, and ratio of propositi to comparison subjects. (Propositi are exposed subjects in an experimental or cohort study and cases in a case– control study.)
   • Could there have been bias in the selection of the study subjects? How likely was this bias?
   • Could there have been bias in the collection of information? How likely was this bias?
   • What provisions were made to minimize the influence of confounding factors prior to the analysis of the data? Were these provisions sufficient?
2. Analysis of data
   • What methods were used to control confounding during data analysis?
   • Were these methods sufficient?
   • What measures of association were reported in this study?
   • What measures of statistical stability were reported in this study?
3. Interpretation of data
   • What were the major results of this study?
   • How is the interpretation of these results affected by information bias, selection bias, and confounding? Discuss both the direction and magnitude of any bias.
   • How is the interpretation of these results affected by nondifferential misclassification? Discuss both the direction and magnitude of this misclassification.
   • Did the discussion section adequately address the limitations of the study?
     What were the authors’ main conclusions? Were they justified by the findings?
   • To what larger population can the results of this study be generalized?

.  This paper should be 5-7 pages long (at least 1800 words). The directions for writing this assignment is as follows:

First: Develop & analyze two or three ethical theories we have covered in class so far.  By this, I mean you should pretend that I am a rational and clear-thinking person who does not know anything about the theories.  You want to tell me about these theories by explaining the content of the relevant readings to me.  Your explanation should be thorough but concise.

Please choose two or three of the following essays to develop and analyze in your paper:

• King, “Letter from Birmingham Jail”
• Timmons, “Why I am Not a Moral Relativist (and Neither Are You)”
• Singer, “Moral Mammals” (atheist position)
• Hare, “Moral Mammals” (theist position)
• JS Mill, “Utilitarianism”
• Kant, “The Categorical Imperative”
• Aristotle, “The Nature of Virtue”
• Held, “The Ethics of Care”
• Jaggar, “Love and Knowledge: Emotion in Feminist Epistemology”

Second, evaluate these theories by comparing and contrasting them with one another, and by applying them to one of the case studies below.  When you examine the theories and apply them to the case study, be sure to discuss the merits of the theories, any weaknesses they may have, and what challenges they may pose to and for a moral thinker.  In doing this, be sure to make explicit connections back to the reading content.

Note that the case study content should not take up the majority of your essay, but should still be integrated in a way that supports your discussion of the course content.  In other words, you should use this case study as an ongoing illustration or example for your discussion of the course content.

Once again, be sure that the course content is given primary attention in your paper, and is covered in a way that demonstrates an understanding of the whole reading and not just the first few pages of the reading.

Case Studies (choose only one to discuss in your Midterm)

1. You come from a culture called the Benzites, who place a high value on community and hospitality.  Benzites greet each other by blowing their breath onto one another’s faces. To many, this may seem quite strange and awkward.  However, in your culture and religious tradition this is a representation of the gods who breathed their holy breath onto you, in order to bless you with a healthy life.  In fact, breathing on one another is believed to be a way for one to pass their strength and vitality on to those whose health is more vulnerable.
   When the Covid-19 pandemic hit, however, this centuries-old tradition was put into compromise.  National mandates prevented people from breathing onto one another, and many Benzites viewed this as an attack on their freedom of religion.
   As someone who has studied ethics, what do you think is the right thing to do in this situation?  Should the governmental authorities be more sensitive to your cultural and religious tradition?  As a Benzite, should you advocate for the mandates, disobey the mandates, or try to find some compromise?
2. The culture of Ferengi is a culture that does not have a problem with cheating and plagiarizing.  In fact, they believe that these are a highly-valued skills.  Even though they are considered forms of stealing, and they do damage the reputation and honor of the one being cheated upon, Ferengi still consider it acceptable.  After all, cheating and plagiarizing helps one gain experience in creative manipulation, resourcefulness, and ingenuity – all which are viewed as essential tools in helping one reach success.
   Now, consider what would happen if a Ferengi became a student at Sacramento State University, which has a very specific policy on academic honesty (see page 7 of this Syllabus). Would a Ferengi be morally justified in plagiarizing at Sac State?
3. Bajorans are a minority population within the nation of Cardassia.  The Cardassians take great pride in their history and culture; however, part of this greater culture includes treating many minority populations, especially the Bajorans, with fear and suspicion.  You are a Kelpian, which is another minority population within Cardassia.  Generally, the Kelpian subculture you come from is more passive – you are taught to work hard, but mind your own business and never bring attention to yourself.
   One day you are walking down the street when you notice that a Bajoran is being roughed up by several Cardassian SAs (Security Authorities).  The Bajoran looks afraid and appears to be in a great amount of pain.  He is pleading with the SAs, but they do not seem to be easing up on him.  A few SAs look up and see you staring at them.  One of them yells at you, “This is none of your damn business, Kelpo!  Be a good model citizen and don’t make any waves. Go on now… walk away.”
   Considering what we have learned about ethics & morality, how might you assess this situation, and what do you think you ought to do?
4. In a television episode of Doctor Who (called “The Beast Below”), a spaceship carrying a city of humans has been kept alive by severely torturing a sentient, self-aware being.  Without this torture, there is no certainty over whether this being, called a star whale, would continue to help the city survive.  In fact, one would guess that the star whale would abandon the city for inflicting 300 years of torture upon it.
   When the queen of the city learns of this torture, she is given two options: either release the star whale from its incredible suffering and thus risk the lives of the humans in the city; or allow the star whale to continue on with its torture so that well-being of the city is ensured. If you were the queen, what would be the right thing to do?
5. You have a good friend who is pretty well-off financially. You yourself do not have a lot of money, but it is still important for you to honor her by buying her a gift for her birthday.  Because you are in serious credit card debt, you carry some cash in your wallet instead and stop by the shopping mall. Before you walk inside, you notice a thin homeless individual standing in the rain, shivering and asking people for money or food.  You notice that people respond to this individual by saying things like, “Sorry,” or “Get a job,” or “You’re probably going to use the money to buy drugs and alcohol anyways.” These reactions cause you to think about the money in your pocket.  You can use the cash to buy this homeless person a warm jacket and a meal, or you can walk right into the mall to buy what you were going to buy – a birthday gift for your good friend.  What ought you do in this situation?

Some Reminders:

– you must explicitly and comprehensively use material & required readings in your essay, in order to demonstrate an understanding of the course material. If you fail to use the required course content, you will fail the paper.

Remember that your midterm also has a page requirement.  You might count each page you write as worth around 40 points each.  If you write only a 2-page paper, for example, the highest score you might receive is only 80 out of 200; if you write a 3-page paper, the highest score you might receive is only 120 out of 200; if you write a 4-page paper, the highest score you might receive is 160 out of 200.

Please be sure to also check out the Course Syllabus to see the policies on academic honesty, formatting guidelines, citation of sources, late work submissions, and other requirements.

World Music                                                                                       Name__________________________

 Study Guide: The Caribbean

1. Rake ‘n’ scrape is a traditional music of _______________________ with instrumentation that typically includes:

2. Define the term “Diaspora”

3. The Caribbean also shares a _______________ history. The region was born in the violence of the middle passage, _____________, _____________________, and imposed _________________ laws, languages, religions, and economies.

4. What does the term “religious syncretism” mean?

5. A variety of syncretic religious systems have developed in the Caribbean including ______________ in Haiti, ____________ in Cuba,   _____________ in Trinidad, and   ____________ in the Bahamas.

6. What were the two indigenous groups that inhabited the Caribbean prior to Colonization? What happened to them?

7. African and European derived musical practices, instruments and aesthetics predominate throughout the Caribbean. In many instances, these traits combine to create new instruments and new genres of music. List as many examples as you can throughout the chapter:

African traits/instruments:

European traits/instruments:

New instruments/styles:

8. What is kalenda, and what role did this genre play in early Carnival celebrations in Trinidad?

9. The banning of drumming in Trinidad during the late 19^th century resulted in a new genre of music called ___________________ that consists of different sized bamboo percussion instruments that accompany vocals and utilize polyrhythm.

10. What is the typical instrumentation for Calypso music in Trinidad?

11. Why were Calypsonians considered potentially dangerous by elites and government officials?

12. The ____________________, which replaced the tamboo bamboo ensembles in Trinidad in the 1940s, is composed of idiophones made from oil drums that have been tuned to play a range of pitches.

What is the engine room?

How do these ensembles mirror Western orchestral roles?  How do they differ?

13. ______________ developed as a secular alternative to sacred African-derived drumming traditions in Cuba and consists of two main sections: ________________ ( narrative text) and _________________ (call and response with the chorus and percussion).

14. How has rumba music been popularized and disseminated throughout the Caribbean and North America. How has the genre been altered for “exportation” to Western nations?

15. Describe the unique origins of the Garifuna people

In what areas would you find the Garifuna people today?

16. ______________ is a song genre usually composed by_____________ and performed during festivals, at wakes, and at celebrations that follow dugu ceremonies.

17. What are some difference between punta and punta rock? Why did the Garifuna popularize a traditional musical genre?

18. In what ways do the Garifuna continue to face significant challenges to their identity?

19. In what ways does merengue music from the Dominican Republic emphasize Iberian traits?

20. How have travel and tourism affected musical development in the Caribbean?

Research Process
• Conceptual Phase
• Design and Planning Phase
• Empirical Phase
• Analytic Phase
• Dissemination Phase
Guidelines for Critiquing Research Report
Systematic Process of Appraising Research Projects
What is Research Critique ?
Why Research Critique ?
• To assess the strength and limitation of research report
• To facilitate critical thinking about results reported
• To apply those result to the workplace
Research Report Format ( IMRaD)
• Introduction
• Materials and Methods
• Results
• Discussion
What are the types of research critique ?
• Student Nurses Critique
• Nurse Practitioner
• Nurse Educators
• Nurse Researchers
• Abstract
• Verbal critique
• Publish critique of Published articles
• Peer review critique
• Research Funding
Research Critique Tips
1. Read the entire study carefully
2. Examine the organization and presentation
3. Seek clarification for unknown term
4. Highlight and examine each step of the research process.
5. Identify the strengths and challenges without bias.
6. Consider modifications for future studies.

Conclusion
• A critique of a piece of research is not a criticism of the work but an impersonal
review to highlight the strengths and limitations of the study.
• It is important that all nurses have the ability to criticality appraise researc

Using the information from Chapter 7 and the tax research resources from Chapter 5 write a tax research memo for the firm’s records (TAX FILE MEMORANDUM). No client memo is necessary. Refer to pages 5-15 through 5-16 for a sample memo format. Use Checkpoint to find your primary sources and only cite primary sources. Some Internal Revenue Code (IRC) sections to consider include, but not limited to, the following: 162(a); 263(a); 1016(a)(2); 1012; 168; 168(i)(13); 168(k); 230F(a); 179(d)(1); 179(b)(2); 179(b)(3), etc.

When writing this research memo, you may have a number of research issues. Use the numbered items to develop your tax issues. List them separately (bullet points or numbered). Some of the bullet items are not research issues but information that should be incorporated and answered in your analysis. The memo sections may have multiple research issues. You should address each research issue in a separate paragraph in the Research Issues section of the memo. The same for the Law and Analysis section of the memo. Do not repeat the sections of the memo multiple times.

Not-so-Green Acres Farm, is a newly formed working farm in Massachusetts. During the current year, the company acquired and placed in service (PIS) the following assets. The farm has a store to purchase dairy (cow and goat) items including milk and specialty cheeses. There is also a petting area and hayrides to offer to visitors on weekends and holidays. A list of the year’s acquisition is outlined below.

Other: The company has taxable income for the year of $500,000.

Required:

Research the following to assist the company in maximizing tax savings for the year using the various available cost recovery methods. You will be required to (1) submit a research memo document and (2) an Excel template (provided) to calculate depreciation and support your analysis. Your analysis and your computations must be consistent between the written document and the Excel spreadsheet calculations.

When drafting your memo your analysis should address the following:

1. Provide a concise but comprehensive overview of the concept of cost recovery. (5 points)

2. Determine (tax perspective) if the costs above are deductible expenses or capitalized costs. Define what constitutes an acquisition to be capitalization. Explain. (5 points)

3. Compute the corporation’s MACRS deprecation with respect to the assets placed in service this year. Assume that the Company does not elect to use Section 179 or bonus depreciation. Use the provided Excel template and detail each acquisition with the required information. Refer to Revenue Procedure 87-56 and Publication 946 (provided) for information on asset class information. (15 points)

4. The farm is considering a purchase of a new farm tractor for $700,000. The tractor could be purchased in December or postponed until January of the next year. What effect would this decision have on the depreciation calculation with regard to the assets already placed in service. Hint: Depreciation will be a larger amount is not the answer. Be specific. (10 points)

5. What is Sec 179 Expensing election? How much and what assets are eligible? Are any of the asset not eligible? If so, explain. Does the farm face either, or both of the two limitations? Be specific in your explanation. (15 points)

6. What is bonus depreciation? How much and what assets are eligible? Are any of the asset not eligible? If so, explain. Does the company face any limitations? Be specific in your explanation. (10 points)

7. Assume that the corporation will maximize its cost recovery deductions. Using the Excel template, calculate the amount of MACRS depreciation, Section 179 and bonus depreciation. (15 points)

8. Explain the order of application and the overall strategy an organization would use to determine the method and amounts used for each. (5 points)

9. Use appropriate format, technical language, the written analysis should reflect your own word with appropriate references. It is not necessary to detail all the depreciation amounts for each asset in your memo. A summary of the amounts is appropriate. Be sure to cite only primary sources (law) in the body of the memo. Your written analysis should be consistent with the Excel calculated amounts. (15 points)

10. Write a reflection paragraph discussing what you learned from completing the assignment. Be specific. Also, what could be done to improve the assignment. Your reflection should be incorporated at the end of your written document after your conclusion. (5 points)

INDIVIDUAL FINAL ASSIGNMENT

Final Project:

1) Imagine you’re starting your own Cloud Computing business. What are the potential challenges and issues you’ll face while starting a new business?

2) Look through the NIST framework and come up with a guideline for your company based on the NIST framework.

The NIST Framework is designed to help you protect your small business from cyber security threats — this info can be found on week 7 ( attached pdf )

Questions ::

Identify: What Type of cloud services will your business be using? What Processes need to be protected?

What type of cloud service (unmanaged, Multiple cloud providers, Outsourced IT service providers) What level of service (IaaS, PaaS, SaaS) (Module Two-Week Two)

What type of Cloud Deployment will you use?

Will you be using a web hosting, what type? Will you be using any bare metal hosting?

What cloud platform will you be using? ( Azure, AWS, Google, IBM, Oracle, Linux or other)

Will you use any of the “recent developments in cloud computing” ?

2.Protect: What tools and processes do you need to have in place to PREVENT a Cyber attack?

3. Detect: What tools and process do you need to help detect a cyber attack?

4. Respond: How will your business respond to the attack?

5. Recover: What structures do you have in place to recover from the attack? How will you restore your processes?

Will you use any Virtual Machines?

The most recent topic discussed in class has been the memory hierarchy, specifically focusing on cache memories and optimizations.  This assignment is designed for you to use a programming tool to research the memory hierarchy of a computer system.  The overview and details of the assignment are contained in the attached document.  Also provided are the source code and a ZIP file containing a Windows executable version of the program.  This program will be used to collect performance data for the memory hierarchy for the test system you select.  The source code is provided so that if you use a non-Windows system, you can compile the code for the system you intend to use.

Introduction

The memory hierarchy of a given microprocessor typically is composed of at least three levels of cache between the CPU and main memory.  It is possible for a fourth level to be present in the form of eDRAM in some CPUs.  In multicore processors, each core will have its own level 1 and level 2, with level 3 shared among all the cores.  The hierarchy of the memory system is designed to provide seamless transfer of data from main memory to the CPU; it is not usually possible to determine by observation how many levels of cache a system has.

The goal of this assignment is to attempt to expose the memory hierarchy through programming. A program, written in C, is provided that exercises access through all levels of the memory hierarchy to RAM and collects performance information in the form of memory access times.  This information may provide a hint as to the structure of the memory hierarchy of the system being tested.

Background

The basis for this assignment comes from Case Study 2 described on pages 150 – 153 in the text book.  A program is provided that is designed to generate data that will allow timing various accesses to the memory hierarchy.  This program, which can be downloaded from Blackboard, is written in C.  A compiled version in the form of an executable for Windows systems is also provided.  For non-Windows systems, the source program should be compiled using a C compiler for the target system.

Additional documentation about the process is provided as an appendix to this assignment.

Notes About the Program

There are two important components embedded in the program.  The first is the ability to access the system clock to collect timing information of memory accesses.  Most programming languages provide a programming interface for this purpose in the form of a function or method.  The time.h header file provides this function in C and allows the capture of timing values in nanoseconds.

The second component is an appropriate data structure that can be accessed by dynamically varying the stride of the memory access.  The memory access stride is defined as the distance between addresses between two successive memory accesses and is generally a power of 2.  For this assignment, the simplest data structure for our purpose is a two-dimensional array whose size must be declared large enough to encompass the largest potential cache size.  The program declares a 4096 x 4096 maximum cache size which is equivalent to 16 mebibytes.

Program Design

The provided program is written in C because it compiles directly to native executable files and will typically provide more accurate results on most operating systems.  You may entertain the option of adapting the sample program to another language.  Java programs compile to bytecode which are interpreted by the JVM (Java Virtual Machine) and this additional overhead of execution may affect the timings that are collected.  Python is similar to Java in that it is an interpreted language but it is possible to produce an executable file using an add-on utility (your option).  If you wish, you may try to rewrite the program in a language that is most convenient for you.

The output of the program is directed to a text file so you have a record of the timing information your program generates.  The output is also printed on the monitor so that you can follow the program’s execution.  The format of the output is the size of the cache, the stride and the time for the read/write of the array on each cache size/stride increment.  The program is set up to output the data into a comma separated text file where each row represents a cache size, each column a stride value.  This format makes it possible to import the data into Excel so that the analysis part of this assignment somewhat easier.

Program Structure

There are two nested loops: the outer loop increments through the cache sizes (from 1K – 16M) and the inner loop increments through the strides for each cache size (1 – cache size/2).  Within the inner loop are two do loops. The first performs repeated read/writes to the matrix.  The second repeats the loop without access to the matrix to capture the overhead of the loop.  The difference between the two times provides the data access times which are averaged over the number of accesses per stride. This is represented by the variable loadtime in the program.

This program takes a long time to run because it constantly loops on each cache size and stride for 20 seconds.  Even on a fast computer, the run time can be more than 1.5 hours.  So, you need to allow enough time for the program to complete execution.

Observations and Analysis (What To Do For This Assignment)

Run the program on a computer system to generate a complete sequence of memory access timings. Once the program has completed, you will need to analyze the results. Using Excel or a comparable spreadsheet, you can import your data and then create graphs to show your data.  A sample graph, as presented in the textbook on page 152, is shown below.  You can use the graph you create using your own results data as a reference for your analysis and conclusions. Review the results and see if you can use the results to answer the following questions:

1. At what cache size and stride level do significant changes in access times occur?
2. Do these timing changes correlate to typical cache sizes or changes in stride?
3. Is it possible to determine the cache sizes of the different levels based on the produced data?
4. What in your data doesn’t make sense? What questions arise from this data?

Compare your data against the actual cache information for the system.  For Windows-based systems, there is a freeware product called CPU-Z which will report detailed CPU information including cache.  On Unix & Linux systems, /prod/cpuinfo or lspci will provide similar information. MacCPUID is a tool used for displaying detailed information about the microprocessor in a Mac computer.  Both CPU-Z and MacCPUID are free and can be downloaded from the Internet.  You may also refer to the specifications for the processor which are published online.

If time allows, run the program on a second, different system and compare the results.  Are they similar or different?  How are they different?

What to submit ?

1. A spreadsheet file where you consolidated and analyzed your results
2. A summary of your observations (create a separate tab in the spreadsheet)
3. Additional comments about your experience with this assignment (challenges, difficulties, surprises encountered, etc.) on the same page as your summary

Note:  due to many potential factors that could influence the outcome of your work on this assignment, there is no right vs. wrong solution.  Grading will be based on the observed level of effort presented through your analysis and documented results.  Your analysis should not just be a reiteration of the results, but should reflect your interpretation of the results, as well as posing any questions you formed in viewing the results.

Example graph from textbook showing program results:

Assignment Addendum

Cache Access Measurement Process Summary

Most contemporary processors today contain multilevel cache memory as part of the memory hierarchy.  Each level of cache can be characterized by the following parameters:

Size:                                        typically in the Kibibyte or Mebibyte range

Block size (a.k.a. line size):     the number of bytes contained in a block

Associativity:                          the number of sets contained in a cache location

Let D = size, b = block size and a = associativity. The number of sets in a cache is defined as D / ab. So if a cache were 64 KB with a block size of 64 bytes and an associativity of 2, the number of sets would be 64K / (64*2) = 512.

The program that you are using for this assignment is supposed to exercise the memory hierarchy by repeatedly accessing a data structure in memory and measuring the time associated with the access.  We stated that a simple two-dimensional array would suffice as the test data as long as its size was declared larger than the largest cache size in the system.  An appropriate upper limit would be 16 Mbytes as most caches are smaller than this size.  The program logic should vary the array size from some minimum value, e.g. 1 Kbyte, to the maximum and for each array size vary the indexing of the array using a stride value in the range 1 to N/2 where N is the size of the array.  Let s represent the stride.

Depending on the magnitudes of N and s, with respect to the size of the cache (D), the block size (b) and the associativity (a), there are four possible categories of operations.  Each of these categories are characterized by the rate at which misses occur in the cache.  The following table summarizes these categories.

T is access time and M is the miss penalty representing the time that it takes to read the data from the next lower cache or RAM and resume execution.

Discussion

Category 1:  N £ D

The complete array fits into the cache and thus, independently of the stride (s), once the array is loaded for the first time, there are no more misses.  The execution time per iteration (T_no-miss) includes the time to read the element from the cache, compute its new value and store the result back into the cache.

Category 2: N > D and 1 £ s < b

The array is bigger than the cache and there are b/s consecutive accesses to the same cache line.  The first access to the block always generates a miss because every cache line is displaced before it can be reused in subsequent accesses.  This follows from N > D. Therefore, the execution time per iteration is T_no-miss + Ms/b.

Category 3: N > D and b £ s < N/a

The array is bigger than the cache and there is a cache miss every iteration as each element of the array maps to a different line.  Again, every cache line is displaced from the cache before it can be reused.  The execution time per iteration is T_no-miss + M.

Category 4:  N > D and N/a £ s < N/2

The array is bigger than the cache but the number of addresses mapping to a single set is less than the set associativity.  Thus, once the array is loaded, there are no more misses.  Even when the array has N elements, only N/s < a of these are touched by the program and all of them can fit in a single set.  This follows from the fact that N/a £ s.  The execution time per iteration is T_no-miss.

By making a plot of the values of execution time per iteration as a function of N and s, we might be able to identify where the program makes a transition from one category to the next.  And using this information we can estimate the values of the parameters that affect the performance of the cache, namely the cache size, block size and associativity.

Our approach is somewhat flawed in that we are neglecting the effect of virtual memory and the use of a TLB (translation-lookaside buffer).    For our purpose, we can neglect these issues and still gain an understanding of the operation and performance of the caches in a given system.

yber Defense Analysis

System Security Plan (SSP) Guideline for CMI Presentation

Most of the guidance for creating a System Security Plan is aimed at large Federal Government organizations and

contractors. These publications include the FEDRAMP Cloud SSP Guide, NIST Special Publications 800-18 r1, and 800-

1711

. But this guidance may also be used by the private sector and a smaller organization such as CMI. In fact, the

majority of materials downloaded from NIST are from private sector requestors. But a full SSP process can be quite

laborious. It involves;

1. Listing a large volume of basic organizational information such as authorization, contacts, mission, and

applicable law & regulation,

2. Determining of the boundaries of the information technology system including applications, technical operating

environment [hardware, software, data & communications], interconnections, information sharing, physical

locations & containment, personnel involved, and processes for use,

3. System Categorization, i.e. determining levels of confidentiality, integrity, & availability (CI&A) for the system

using [low, moderate, high] labels, and

4. Applying a specific set of controls, i.e. defensive measures, termed Low, Moderate or High, for the set of CI&A.

These controls are set by NIST and listed separately for systems classified as Low, Moderate, or High. Federal

government organizations must comply with applying those specific types of controls to those systems.

5. A Plan of Action and Milestones to assure that the organization is brought up to required levels of security and

maintained at those levels.

Modified Approach for CMI

With CMI, a moderate sized commercial organization, a modified approach is justified. Such an approach would include

a;

A. Brief Description of the organization

B. Brief Description of the system(s) or technology(s) under review and their requirements in CI&A.

C. Summary of Systems Threat, Vulnerability, Impact and Likelihood (TVIL) findings,

D. Selection of Controls to be applied to their systems for CI&A given their TVIL, and

E. Brief outlook on expected implementation timetable and resources for maintaining assurance.

An SSP writer should attempt to incorporate organizational activities supporting cyber security explored thus far in the

course into the plan. Figure 1 below demonstrates this. More detail requirements follow the figure.

Figure 1- Integration of Previous Assignments into an SSP

1

a. FEDRAMP SSP Moderate Baseline for Cloud Template https://www.fedramp.gov/assets/resources/templates…

b. For a government SSP: NIST SP 800-18 – Guide for Developing Security Plans for Federal Information Systems

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp…

c. For a contractor SSP: NIST SP 800-171 Revision 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

https://nvlpubs.nist.gov/nistpubs/SpecialPublicati…

Your presentation should be structured similarly to the outline above.

Viewpoint

In presenting this report you should take a specific viewpoint toward the SSP’s area of concern, choosing any one of the

following:

1. Selection of a specific technology area, e.g. Wireless, with its TVIL findings and CI&A requirements, and then the

expected effects of applying security controls across selected application systems using wireless technology.

2. Selection of a specific functional area, e.g., Accounting, Personnel or Marketing, then outlining the requirements

and effects of applying security controls across all of the applications & technology in use in that area.

3. A complete CMI cross cut of security application on all systems, infrastructure, TVIL and Controls across the

entire organization given findings and CI&A requirements.

You will need to specify this up front in your Executive Summary along with the Organization level material.

Determining/ Describing system boundaries

Most organizations employ many different automated information technology systems composed of people, processes,

and technology for accomplishing their goals. So an organization will have, for example, a payroll system, an accounting

system, a product inventory system, and a sales recording system. These systems may be housed in different locations,

on different internal or external vendor hardware, in clouds, or on mobile devices. There are many potential system and

sub-system variations. For example within a sales department they may be operating a scheduling app with customers,

traditional productivity apps – word processing, spreadsheets etc, a travel app, perhaps a web based app like Salesforce,

and coordinating content for advertising,

For CMI you should specify 1) the applications they are running and 2) the infrastructure on which it operates.

Confidentiality, integrity, & availability

For CMI the current environment is less complex. From a network viewpoint it may be seen as one system. However,

from an audit standpoint, transactions in the accounting function would be viewed differently from transactions in the

customer service or credit departments. Each will employ different applications and likely be operating on different

hardware processors. This must be considered when determining what controls should be applied. Typically,

confidentiality is more often an issue with personnel records, integrity with financial records, and availability with

customer service. Controls that might be applied tend to fall within categories such as the following:

 Confidentiality: Encryption, Access Control

 Integrity: Certificates, Hashing, Audit

 Availability: Network up time, Backups

Keep this in mind as criteria when selecting controls.

Systems Threat, Vulnerability, Impact and Likelihood (TVIL) Findings

A good part of this course was spent examining vehicles for discovery of threats & vulnerabilities. Controls should be

identified that will mitigate the specific TVIL identified.

 nMap: port issues, Unidentified Devices on the Network

 Nessus: Software Vulnerabilities

 Wireshark: Potentially Malicious Network traffic

 Penetration Testing Discoveries using specialized query tools, audit and social engineering

 Risk Assessment Discoveries

 Your presentation should include a summary of the threats & vulnerabilities discovered or hypothesized for CMI.

Determining & Applying Defensive Controls

For most security shortfalls there is a solution. These solutions fall into the general categories of people, process, and

technology. Yu 2 and others have formulated a Matrix approach, called the Cyber Defense Matrix (CDM) toward

mapping the controls to the area of challenge. It utilizes the common elements of Information Systems [Devices, Data,

2 Yu, S. (2019) The Better Cyber Defense Matrix. RSAConference. https://published-

prd.lanyonevents.com/published/rsaus19/sessionsFiles/14226/STR-T09-Cyber-Defense-Matrix-Reloaded_POSTABLE_VERSION.pdf

etc.] along with the functions of cybersecurity [Identify Protect Detect Respond Recover] as defined in the Cyber Security

Framework3

.

Figure 2, below, from Yu (2019) illustrates this concept. So for a network that is prone to malicious activity, a

requirement exists to detect malicious activity on devices and in the network. Examining the matrix below we see

Endpoint Detection & Response, along with DDOS mitigation as suggested defensive measures.

Figure 2 Mapping of Cyber Solutions in a Cyber Defense Matrix (CDM). Source: Yu, S. 2019

In his presentation Yu outlines a number of other uses for the matrix. One of those extensions is the use of the CIS Top

20 within the CDM framework. See it applied in Figure 3, below. For network detection we see controls 6.1-8 apply as

well as 11.3, 12.2 etc. As an example, CIS 6.1 is:

6.1

Utilize Three Synchronized

Time Sources

Use at least three synchronized time sources from which all servers and network devices

retrieve time information on a regular basis so that timestamps in logs are consistent.

One hundred seventy specific numbered defenses may be found in a spreadsheet “CIS Top 20 Cybersecurity Controls

Detail.xlsx” located in Modules 8 on the Google Drive. You should download the spreadsheet and examine the controls.

Figure 3- Cyber Defense Matrix for CIS Top 20 Security Controls

Many of your module readings were Lecturettes and associated articles on a variety of challenges in cybersecurity

including Wireless, Web, Authentication, Malware Analysis, etc. In each of these lecturettes, solutions to these

challenges were discussed and could be applied to the issues facing CMI. There are many sources for controls. Do not

feel constrained to explore other options.

 Use the controls you found relevant in your Risk Assessment, along with those outlined in the Lecturettes, in the

articles and finally also those that may be found in the CIS Top 20. Optionally you may locate specific vendors by

3 NIST Cyber Security Framework (2018). https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.0…

referring to the TAG Group’s Vendor List4

that is located on the Google drive under Module 8, or by performing an

online search.

Presentation

 Your 10-20 PowerPoint slides should follow the organization/sections of the SSP in Figure 1, above. It should be

amalgamated with an oral addition using PowerPoint, Voice Thread or any other video & oral capture

application that places it into a common format such as wmv, wmf or mp4.

 The presentation should be deposited into the Grade Book with a link to the full audio/video if deposited in

some other location.

 The PowerPoint presentation must be supplemented by annotation for each slide, i.e. notes that support or

explain the slide as if a non-hearing person wished to capture the speaker’s thoughts or a non-sighted person

could follow along

COMPETENCY

Assess the need for developmentally and culturally appropriate communication practices in and out of an early childhood education setting.

SCENARIO

Your program’s Parent Advisory Board (PAB) has indicated its desire to understand more about ensuring cultural appropriateness across the program’s communication efforts. Therefore, the PAB has assigned to you the task of finding a research-based article that addresses cultural appropriateness in early childhood education, and then providing a summary of your selected article as a training piece about this topic.

INSTRUCTIONS

Research and select a professional article published by a reputable source (not about.com or Wikipedia) that addresses cultural appropriateness in early childhood education. Construct reflection paper in APA format, that includes the following components:

• Summary of the article’s content.
• Your assessment of the article’s suggested practices.
• A reflection on two specific examples of how you will apply these practices toward increased communication in an early childhood setting.

The reflection should also include:

• Professional language, including proper grammar, spelling, and punctuation.
• Reference page with an APA formatted reference that matches the article you chose.
• Intext citations (in APA format) showing where your reference is referred to within your content.

RESOURCES

• For APA formatting assistance, visit the APA guide
• How to use the Online Library FAQ: https://rasmussen.libanswers.com/faq/268645
• Best databases for ECE:
• Education Research Complete
• Education via ProQuest
• ERIC
• Grammarly FAQ: https://rasmussen.libanswers.com/faq/33180
• APA Tutoring FAQ: https://rasmussen.libanswers.com/faq/100663