Culminating AssignmentConcept Paper:   Red Team Assessment Strategies in CybersecurityDirections:1.  Read the scenario, access the resources, and review the rubric below to help you understand the assignment.  The final paper will be due in Week 7.  You should begin working on the assignment right away, and you will share your progress in Week 6.  2.  Write a paper that follows the listed parameters, addresses the important concepts, and includes the required sections:Parameters: 

• Ranges from 4 – 5 double-spaced pages and use IEEE formatting style. 
• Uses Times New Roman font (size 12), with one-inch margins on all sides.
• Includes at least three (3) quality resources to support your ideas.  You may use the resources provided and/or others of your choosing.  They must be cited appropriately.

Important Concepts:

• Compare and contrast red teaming versus penetration testing based on the presented case.
• Describe the approach to red team assessment.
• Discuss how different types of organizations are utilizing red teaming.

Required Sections:

• Title 
• Introduction:  Clear description of the topic, including a summary of what is already known about that topic.
• Body: 
  • Address important concepts.  
  • What evidence do you have to support your topic?  
• Conclusion:  Why is it important to study this topic? Why is this worth investigating further?
• Reference Page:  IEEE style  

3.  Your paper should enable a casual reader to understand this topic and its importance.  Please make sure the following outcomes are addressed within your paper:

• Explain the common tools and tactics used in red teaming.
• Use technology and information resources to research the evolution of red team assessment techniques.

Due:  In week 7 with the specific date posted in Blackboard.  You will be directed to complete and share parts of this assignment in Week 6.  Scenario:  A large multinational fintech wanted to conduct a Red Team Assessment to evaluate its ability to detect and respond to a real-world cybersecurity attack.The read team started their assessment by sending a phishing email that persuaded the victim to log in to a fake portal hosted on a server to obtain valid credentials. While a small number of users clicked on the malicious link sent in the email, none of them submitted their credentials. This could be attributed to the regular social engineering tests and security awareness training delivered to staff.After the failed phishing campaign, the team went back to the drawing board to come up with a new plan of attack.  Reviewing the company’s Twitter account, the team discovered that they host a monthly community event at one of their buildings. The team registered for the event to deploy a purpose-built device into their internal network. The device will allow the team to gain remote access to the network using either an independent wireless connection or a 3G/4G mobile connection.Two members of the red team attended the event. They managed to slip away from the main event to see if there were any unlocked offices or conference rooms. Once a room had been found. One team member acted as a lookout while the other plugged the device and checked that he could reach it from his mobile phone. Shortly afterward the testers left the event and joined the rest of the team in a coffee shop down the road.  Once connected to the network, the team started mapping the internal network and gathering additional information. Over the next couple of days, the team captured several password hashes, which were achieved by exploiting a weakness in Windows’ broadcast protocols. However, users appeared to be using strong complex passwords and it was not possible to crack the hashes to recover clear-text passwords. The team then decided to relay a captured hash belonging to a user and use it to log in into a workstation where they had local administrative privileges. This allowed them to extract the clear-text password of the currently logged-in users from memory.Resources to help you complete this assignment:

• Red Team Exercise. (2019, September 25). Retrieved July 11, 2021, from Sisainfosec.com website: https://www.sisainfosec.com/services/red-team-exercise/ 
• (N.d.). Retrieved July 11, 2021, from Varonis.com website: https://www.varonis.com/blog/red-teaming/ 
• Wood, B. J., & Duggan, R. A. (2002). Red Teaming of advanced information assurance concepts. Proceedings DARPA Information Survivability Conference and Exposition. DISCEX’00. IEEE Comput. Soc.

Rubric:Points: Assignment: Red Team Assessment Strategies in CybersecurityCriteriaNeeds ImprovementBelow 60-70 FFair70-79 CProficient80-89 BExemplary90-100 A1. Compare and contrast red teaming versus penetration testing based on the presented case. Met outcomes.Weight: 25%Did not submit or incompletely compared and contrasted red teaming versus penetration testing based on the presented case.  Did not meet outcomes.Partially compared and contrasted red teaming versus penetration testing based on the presented case.  Partially met outcomes.Satisfactorily compared and contrasted red teaming versus penetration testing based on the presented case.  Met outcomes.Thoroughly compared and contrasted red teaming versus penetration testing based on the presented case. Exceeded outcomes.2. Describe the approach to red team assessment.Weight: 30%Did not submit or incompletely described the approach to red team assessment.Partially described the approach to red team assessment.Satisfactorily described the approach to red team assessment.Thoroughly described the approach to red team assessment.3. Discuss how different types of organizations are utilizing red teaming.Weight: 30%Did not submit or incompletely discussed how different types of organizations are utilizing red teaming.Partially discussed how different types of organizations are utilizing red teaming.Satisfactorily discussed how different types of organizations are utilizing red teaming.Thoroughly discussed how different types of organizations are utilizing red teaming.5. 3 ReferencesWeight: 5%No references were provided.Does not meet the required number of references; some or all references poor quality choices.Meets the number of required references; all references high-quality choices.Exceeds the number of required references; all references high-quality choices.6. Clarity, writing mechanics,  formatting.Weight: 10%More than 6 errors present5-6 errors present3-4 errors present0-2 errors present 

What are some of the differences between demand influences and supply influences on our pricing decisions? 

Increased prices typically result in lower demand and vice versa.  However, this is not always the case.  Identify a product in which a price increase or decrease resulted in the opposite demand and explain the factors why.

After reviewing this week’s resources and your research, consider the challenges marketers face as they seek to balance supply and demand. 

In 350 words

Week Resources:

How to price your product: 5 common strategies. Link https://www.bdc.ca/en/articles-tools/marketing-sales-export/marketing/pricing-5-common-strategies 

How to choose a pricing strategy for your business https://quickbooks.intuit.com/r/pricing-strategy/6-different-pricing-strategies-which-is-right-for-your-business/ 

Now that you have successfully completed the database design for NCAA the challenge is to implement this database. The chosen DBMS is Oracle 11G. 

1. Use the enclosed recommended relational table design. Complete logical and physical design of the Database consisting of following. 

o For each of the table determine the appropriate integrity constraints consisting of following. 

o Appropriate Data Types and size for each attributes 

o Attributes requiring values (not null) and possible default values 

o Attributes requiring constraint (do not define too many constraint) 

o Define Referential Integrity using foreign keys 

§ Whether Null values are allowed in foreign keys 

o Based on the above complete design of base tables 

o Submit this design as a word document justying your design. 

2. Using SQL on Oracle creates all the above tables. Implement the constraints (decided above) if supported by ORACLE. Use the same table name and column name as given in enclosed design. (You must submit a text file of create table statements). 

3. Enter enough (at least 10 rows) sample data in each tables either through insert commands or through SQL Developer. Remember to enter valid data in terms of constraints and referential integrity. 

Hints: 

Avoid using on delete cascade. Use the default of set to null. 

Remember to create tables with no foreign keys first. Also enter data into them first. 

A Recommended Design: 

CONFERENCE (CONFERENCE_ID, CONFERENCE_NAME) 

CONF-STATISTICS (CONFERENCE_ID, YEAR, WINNING_PCT, AVG_ATTENDANCE, RECRUITING_INCIDENT_COUNT) 

SCHOOL (SCHOOL_ID, SCHOOL_NAME, S_ADDRESS, S_CITY, S_STATE, S_ZIP, CONFERENCE_ID) 

SCHOOL_DATA (SCHOOL_ID, YEAR, INSTATE_PLAYERS, OUTSTATE_PLAYERS, TOTAL_SCHOLARSHIP, TOTAL_GRADUATES, PERCENTAGE_GRADUATED) 

STADIUM (STADIUM_ID, STADIUM_LOCATION, STADIUM_SIZE, STADIUM_NAME, AVG_TICKET_PRICE, SCHOOL_ID) 

TEAM (TEAM_ID, TEAM_NAME, NO_GAMES_WON, NO_GAMES_LOST, RANK, SCHOOL_ID) 

HIGH-SCHOOL (HIGH_SCHOOL_ID, HIGH_SCHOOL_NAME, NO_ACTIVE_ATHLETES) 

PLAYER (PLAYER_ID, PLAYER_NAME, YEAR_ENTERED, SCHOLARSHIP_COUNT, RATING, STATUS, GPA, YEAR_ENTERED, TEAM_ID, SCHOOL_ID, POSITION, HIGH-SCHOOL_ID) 

INJURY (INJURY_CODE, INJURY_DESC) 

PLAYER_INJURY (PLAYER_ID, INJURY_CODE, GAME_ID, INJURY_DATE) 

COACH (COACH_ID, COACH_NAME, CURRENT_TITLE, SALARY, BEGIN_DATE, TEAM_ID) 

COACH_EMP_HISTORY (COACH_ID, TEAM_ID, FROM_DATE, TO_DATE, JOB_TITLE, SALARY) 

RECRUITMENT_ INCIDENT (INCIDENT_ID, TEAM_ID, PLAYER_ID, INCIDENT_DATE, INCIDENT_CODE) 

INCIDENT (INCIDENT_ID, INCIDENT-DESC) 

COURSE (COURSE_ID, SCHOOL_ID, COURSE-NAME) 

PLAYER-COURSE (PLAYER_ID, COURSE_ID, SCHOOL_ID, GRADE) 

GAME (GAME_ID, SCORE-DIFF, GAME-DATE, ATTENDANCE, START-TIME, TEAM1_SCORE, TEAM2-SCORE, TEAM1-INJURY-COUNT, TEAM2-INJURY-COUNT, TEAM1-ID, TEAM2-ID, STADIUM-ID)

Now that you have successfully completed the implementation of the NCAA database, created tables in ORACLE and loaded sample data the challenge is to write queries, reports and make the database easier to use by creating views, functions and stored procedures. 

1. Create following views: 

a. List of players as shown in figure 6-4 of the case study. 

b. A view providing Team name, percentage of games won, percentage of games lost. 

c. A view providing school-id, school name, year, ratio of out of state player to instate playes, number of players that did not graduate. 

d. Run query select * from view_name for each of the above views to display data. 

2. Write SQL to support following reports given in the case study. You can use views created above. 

Fig. 6-1, Fig. 6-7, Fig. 6-10, Fig. 6-11, Fig. 6-12, Fig. 6-14, Fig. 6-15 

3. Create following stored procedures 

a. Find game played at a particular stadium that had maximum total number of enjuries (using stadium_id as input), display id’s of two teams, date, attendence, score differencial, and total number of injuries. 

4. Create functions for following 

a. Function to compute average attendace for home games (assume team 1 is the home team) played by a school (school id as input). 

Choose a publicly available data visualization. (be sure to provide the link, cite, and reference).

Analyze the visualization within the context of the data visualization workflow.

Create a proposal of enhancements to create a better user/viewer experience.

Use the data visualization workflow as framework for both your analysis and your proposal.

Consider the various roles of the project team as specified by Kirk’s concept of “hats”.

APA compliance required.

References and In-text citations required.

Minimum word count = 1500.

Week 15 Discuss in five hundred words or more a situation at work where you felt you had to consider the ethics of something you were being asked to do. Use at least three sources. Use the Research Databases available from the Danforth Library, not Google.   Include at least 3 quotes from your sources enclosing the copied words in quotation marks and cited in-line by reference to your reference list.  Example: “words you copied” (citation) These quotes should be one full sentence not altered or paraphrased. Cite your sources using APA format. Use the quotes in your paragraphs. Do Not Doublespace. Write in  format not in bulleted, numbered or other list format. . Reply to two classmates’ posting in a paragraph of at least five sentences by asking questions, reflecting on your own experience, challenging assumptions, pointing out something new you learned, offering suggestions. These peer responses are not ‘attaboys’.    It is important that you use your own words, that you cite your sources, that you comply with the instructions regarding length of your post and that you reply to two classmates in a substantive way (not ‘nice post’ or the like).  Your goal is to help your colleagues write better.  

The human resource department is updating its HIPAA Basic Training for Privacy and Security course. As a security analyst for the hospital, you have been tasked with covering the topics in the training related to the HIPAA security rule and the information that hospital staff need to know regarding personally identifiable information (PII), personal health information (PHI), and electronic personal health information (ePHI) to comply with federal regulations.

This week, you will submit your PowerPoint presentation. The presentation should include narrative voice overlays for each slide. Include one to two slides (i.e. for a total of 4-8 slides) for each bullet point below explaining the following:

• HIPAA Security Rule (1-2 slides )
• HIPAA, PII, PHI, and ePHI Definitions (1-2 slides )
• Safeguarding of PII, PHI, and ePHI (1-2 slides )
• Disclosures of PII, PHI, and ePHI (1-2 slides )

Note:

The slide count of your presentation does not include the title slide, table of the content slide, introduction slide, and references slide. Include 2-3 quality references to support your assertions.

Use the given PowerPoint template in the project template section under the content area. You may also want to refer to the HIPAA Learning Resources from last week.

How Will My Work Be Evaluated?

In this training guide, you will demonstrate how to integrate your IT skills in an organizational setting. You’ll be combining your technical skills with effective communication techniques to provide learning resources for the client/customer.

You will not be evaluated on the voice recording quality.

The following evaluation criteria aligned to the competencies will be used to grade your assignment:

• 1.2.2: Employ a format, style, and tone appropriate to the audience, context, and goal.
• 1.3.3: Integrate appropriate credible sources to illustrate and validate ideas.
• 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.
• 2.3.3: Explain inferences and deductions that follow logically from the evidence provided.
• 12.1.3: Communicate policies, processes, and/or procedures to stakeholders.
• 12.3.1: Select controls.
• 12.3.2: Describe the implementation of controls.
• 12.3.3: Explain how to assess controls.
• 12.9.1: Describe organizational compliance with government legislation that impacts technology.
• 12.9.2: Explain organizational compliance with industry regulations.

When you are finished, submit your work by using the box below.

 –  Pick one of the following terms for your research: Stakeholder, corporate citizenship, reputation, corporate governance, or executive compensation. 

–  The paper should have a ‘Definition, Summary and Discussion’ headings ( Summary should have 150-200 words and discussion should have 300-350 words. )

– Attach minimum 2 references

– Absolutely no plagiarism, attach a plagiarism report with 0% similarity index

Find the solutions to Problems 1 and 2 based on the following query:

SELECT EMP_LNAME, EMP_FNAME, EMP_AREACODE, EMP_SEX

FROM EMPLOYEE 

WHERE EMP_SEX = ‘F’ AND EMP_AREACODE = ‘615’

ORDER BY EMP_LNAME, EMP_FNAME;

1. What is the likely data sparsity of the EMP_SEX column?

2. What indexes should you create? Write the required SQL commands.

3. Using Table 11.4 as an example, create two alternative access plans. Use the following assumptions: 

a. There are 8,000 employees.

b. There are 4,150 female employees.

c. There are 370 employees in area code 615.

d. There are 190 female employees in area code 615.

Need help in 2 Discussions

350-400 Words Each

Some businesses have no alternative but to use satellite communication solutions.

• Give some examples of when you think this would be appropriate and what considerations you need to take into account when choosing a satellite option.
• How would this affect your need for ATM or your large business WAN operations?
• You’ll need to know how to deploy your teams and resources to support these networks. Talk about your first thoughts on how you might do this based on what you’ve learned in class so far.
• 2000 words