Chat with us, powered by LiveChat Computer Science CS661 | Abc Paper

Due in 24hrs following templates



Citation Style Basics for CTU Students Updated December 1, 2016

Version 2.2.1



We created the CTU APA Writing Style Guide as a tool to help students understand and

apply the University’s citation method and writing expectations. CTU has adopted the American

Psychological Association (APA) citation style for all classes, graduate and undergraduate. APA

establishes a citation system that includes a set of rules and guidelines for manuscript preparation

and documentation of sources. When writing assignments of any type, you must document and

cite all sources properly using APA style. Citing and referencing sources correctly both

indicates your professional ability to include other voices in your work and prevents accusations

of plagiarism.

Our CTU APA Writing Style Guide answers some of the common questions CTU students

ask about using APA style for formatting documents, including in-text citations and constructing

references. However, if you have questions not answered in our guide, please consult either the

APA Style for CTU Students or The Publication Manual of the American Psychological

Association, 6th ed. (2010).

Along with our guide, use the APA Paper Template when composing essays or other

papers. This Microsoft Word document is already formatted for APA style using the

expectations outlined in our guide.

Refer to the Introductory APA Writing Style Guide if your assignment advises its use. The

introductory style guide emphasizes proper citation of sources and basic formatting but does not

require more advanced formatting, including title page, abstract, running head, or page numbers.


Assignment Style Format Checklist

The following checklist outlines the writing format requirements for all assignments unless the

assignment specifies different formatting requirements.

Discussion Board/Forum Post

If references are used or required for an assignment, include the following:

 In-text citations

 References list (at the end of the discussion post)

Essay/Paper/Individual Project

If you are submitting an assignment in essay format using Microsoft Word, include the


 Title page

 Running head and page numbers

 Double-spaced throughout without additional spacing between paragraphs

 Indent the first line of each new paragraph

 12 point Times New Roman black font

 1-inch margins

If references are used or required for an assignment, include the following:

 In-text citations

 References list as a separate page at the end of the document


If references are used or required for an assignment, include the following:

 In-text citations

 References slide at the end of the presentation


Why Do I Need to Understand and Utilize APA Style When Completing My Assignments?

1. To credit the outside sources you incorporate into your assignments, to avoid plagiarism,

and to situate yourself in the professional discussions occurring in your field.

2. To establish credibility as an author by demonstrating consistent application of a

comprehensive and industry-wide system of attribution.

3. To confirm for your audience (peers and faculty) where they can locate the information

you cite.

4. To create a uniform document acceptable for both academic and professional purposes

and audiences.

How Do I Include Resources in My Assignments to Avoid Plagiarizing?

 Review the requirements for your assignment. You must properly credit any sources you


 Use in-text citations and references to acknowledge and cite your sources. Place in-text

citations in the body of the paper, usually immediately following information included

from outside sources.

 Include a references list on the last page of the paper that includes the complete

bibliographical information for each source, cited in APA format.

Citing Sources in the Text

When citing a resource in a piece of writing, the basic information is included in the body

of the paper and the full information in the reference list. The in-text citation is the author’s last

name(s), year of publication, and, if appropriate, the page number. Consult the APA Style for

CTU Students guide for more examples on how to use in-text citations.


Outside sources can be included in the text in multiple ways. Use the skills of Direct

Quotation, Paraphrase, and Summary as the primary methods to include outside sources.

Using Paraphrase

To paraphrase is to use information from one source and restate the information in your

own words. When you paraphrase, you credit your source because the ideas you used are not

your own. Paraphrasing allows you to include particular information from a piece of evidence

without quoting the language directly, while maintaining the original intent of the source. Below

are examples of how to cite a source you have paraphrased in your writing.

Example 1:

According to Booth, Colomb, and Williams (2003), plagiarism should be avoided.

Example 2:

Plagiarism should be avoided (Booth, Colomb, & Williams, 2003).

In both examples, you include the author’s last name(s) and the year of the publication only. Do

not include author’s initials unless there are two or more authors with the same last name.

Using Direct Quotations

A quotation is a statement or a portion of a statement taken from an original text. Direct

quotations should be recorded accurately and used rarely, primarily to emphasize your point. A

good rule of thumb is to use a quotation when a paraphrase does not represent the information

properly or a better way to state the information is not clear. The more experience you gain with

writing and using sources, the better you become at determining which is better: a quotation or

paraphrase of the information.


Below are examples of how you could cite a direct quotation within the text of your

assignment. Please note: Direct quotations that are 40 words or more should start on a new line

and be indented without quotation marks to create a block quote.

Example 1:

According to Booth, Colomb, and Williams (2003), “In all fields, you plagiarize when

you use a source’s words or ideas without citing that source” (p. 202).

Example 2:

Many authorities have commented on the topic, but this is one of the most effective

descriptions: “In all fields, you plagiarize when you use a source’s words or ideas without

citing that source” (Booth, Colomb, & Williams, 2003, p. 202).

Formatting Your Paper

CTU provides a template in Microsoft Word that is already in APA format, located on the

APA Style for CTU Students site. We recommend you use the template when writing papers so

you do not need to spend time unnecessarily putting a document into the format. See section

8.03 of the APA Publication Manual for more information on formatting your paper.

An APA formatted paper has:

 1 inch margins

 double spacing throughout without additional spacing between paragraphs

 12 point Times New Roman black font

Each page of the document has a running head at the top left in the header. The running

head is a shortened version of the title, around 50 characters including spaces, in ALL CAPS.

Each page has a page number at the top right in the header. The title page is page 1, and

pages are numbered consecutively from there.


The first line of each paragraph is indented ½ inch (one tab or 5-7 spaces).

If appropriate, use headings as described in section 3.03 of the APA Manual.

Title Page

The first page of your document is the title page. The title of your paper, your name, and

the name of the university are centered in the upper half of the page. APA recommends the title

“should be fully explanatory when standing alone” (“Publication Manual,” 2010, section 2.01)

and be a maximum of 12 words. See section 2.01 of the APA Publication Manual.

On the title page, the running head is preceded by the words “Running head:”—all

subsequent pages have only the running head; use Microsoft Word’s “Different First Page”

header option to maintain the difference.




Only include an abstract if the assignment or instructor specifies you should. The

abstract is placed on page 2 with the label Abstract centered at the top of the page. The abstract

is a short summary of the whole paper rather than a repeat of the introduction. See section 2.04

of the APA Manual for hints on how to write a good abstract.


Start the reference list on a new page at the end of your paper. Title the page with the

word References centered at the top. See section 2.11 of the APA Publication Manual.

All of the sources you cite in your assignment, and only those sources, must be compiled

to create a references list. The References Page is the second step to confirm you’ve cited and

documented your sources successfully and avoided plagiarism. You should not have a source


cited in your essay that is not listed on the references page, and you should not have an entry on

your references page that is not cited in the body of your essay.

 The references list starts on a new page at the end of the paper and includes the complete

reference/bibliographic information for each source cited in the paper or presentation.

 The references list is double spaced without additional spacing between entries.

 All references are listed in alphabetical order by the author’s last name or, if no author is

listed, by the title of the source. If you are using multiple works by the same author,

place them in order of publication date.

 Each entry is formatted as a “hanging indent,” which means that the first line of each

entry is justified to the left margin and the second and following lines are indented 5-7

spaces (one tab). You can format a hanging indent in Microsoft Word by opening the

paragraph dialogue box, and in the “Indentation” section under “Special,” selecting

“Hanging” from the drop-down menu and under “By” selecting “0.5″.”

The specific APA format for a reference depends on the type of source included in your

assignment. For more information on specific formatting details, see the reference examples on

pages 9-14 of our document or consult the APA Style Guide for CTU students.


Reference Examples

Based on Publication Manual of the American Psychological Association, 6th ed. (2010):

Chapter 7, Reference examples, pp. 193-224

Consult the APA Style Guide for CTU Students for more reference examples.

Electronic/Internet Sources

Non-periodical Web document, Web page, or report.

Author’s Last Name, First and Second Initial or Name Corporate Author. (Date of Publication).

Title of document. Retrieved from http://Web address

Capital Community College. (2007, February). A guide for writing research papers based on the

styles recommended by the American Psychological Association. Retrieved from

Note: When creating references for Web documents and pages, writers frequently need to hunt

around for the required information. It is important to include as much of the required

information as possible in the reference.

If your source has no publication date:

Use “n.d.” in place of the date in both the references entry and the in-text citation: (Smith, n.d.)

Capital Community College. (n.d.). A guide for writing research papers based on the styles

recommended by the American Psychological Association. Retrieved from /apa/



Article from an online newspaper.

Author’s Last Name, First and Second Initial., & Author’s Last Name, First and Second initial.

(Year, Month Day). Title of article. Title of Newspaper. Retrieved from http://Web


Jackson, D., & Marx, G. (2009, October 12). State Senate hearing to examine nursing home

safety. Chicago Tribune. Retrieved from

Note: If the article is available through a search of the source’s website, give just the URL of the

home page. If the URL home page is not available by the search box, give the full URL to the


Journal article from an online source or library database.

Author’s Last Name, First and Second Initial. (Date of publication). Title of article. Title of

Newspaper, Magazine, or Journal, Volume(Issue number if known), page numbers. DOI

number or if no DOI is available use the following: Retrieved from the URL for the

journal’s home page

With DOI number.

Brewer, P. D. & Brewer, K. L. (2010, July/August). Knowledge management, human resource

management, and higher education: A theoretical model. Journal of Education for

Business, 84(6), 330-336. doi:10.1080/08832321003604938

Without DOI number.

Tomkiewicz, J., Bass, K., & Gribble, A. (2011, June). Potential pitfalls of ethnocentricism in a

globalizing world. College Student Journal, 45(2), 369-375. Retrieved from




Article from an online magazine.

Author’s Last Name, First and Second Initial. (Year, Month Day). Title of article. Title of

Magazine, Volume(Issue number if known). Retrieved from http://Web address

Crumley, B. (2009, October 12). Should students be paid to do well in school? Time. Retrieved


Corporate author, government report or document.

Name of Government Department or Agency. (Date of publication). Title of document (Report or

document number if given). Retrieved from http://Web address

United States Department of Education (2008, January 16). Secretary Spellings awards over $38

million to 20 states in school improvement grants. Retrieved from

Electronic book.

Author’s Last Name, First and Second Initial. (Year of Publication). Title of Book [Electronic

version, for example, DX Reader version]. doi number or Retrieved from http://Web


Urquhart, V., & McIver, M. (2005). Teaching writing in the content areas [Ebrary Reader

version]. Retrieved from






Entry in an online reference work, no author or editor.

Title of entry. (Year of Publication). In Title of reference work (edition number if given).

Retrieved from http://Web address

Paraphrase. (2009). In Merriam-Webster online. Retrieved from http://www.merriam-

Personal Communication

Use the following method to cite your instructor’s lecture in the classroom or in private

communication. These include emails, interviews, letters, or any other communication. Your in-

text citation should include the communicator’s name, the fact that it was personal

communication, and the date of the communication.

“Those zombies, they would control the world, you know? If we allowed it, we would be

out of control” (A. Smith, personal communication, January 1, 2000).

A. Smith said zombies would take over the world if we let them (personal

communication, January 1, 2000).

Do not include personal communication in the references list.

Live chat session.

Instructor/author last name, first initial. (Date). Title [type of posting (chat)]. Retrieved from

online location, course number and section, course title: http://Web address

Danley, L. (2009, January 9). APA chat 1: Introduction to APA style [Chat]. Retrieved from

Colorado Technical University, Virtual Campus, APA Style Lab:




Course materials.

Author’s Last name, First Initial. (Date). Name of presentation or document [type of source

(Multimedia presentation)]. Retrieved from Colorado Technical University Virtual

Campus, Course Code-Quarter session: http://Web Address

Colorado Technical University. (2009). LTR215 Phase 1 activity: Getting accustomed to

literature [Multimedia presentation]. Retrieved from Colorado Technical University

Virtual Campus, LTR215-0802B-01:

Blog post.

Author’s Last name, First Initial. (Date of blog post). Title of blog post [Web log message].

Retrieved from http://Web address

Catspaw. (2009, September 10). So what have you been up to at Google? [Weblog message].

Retrieved from

Note: Use the log in/user name if the author’s name is not listed.

Message posted to an online forum, discussion group, or newsgroup.

Author’s Last name, First Initial. (Date of message/post). Title of message/post [Type of post, for

example, Discussion board post]. Retrieved from http://Web address

Anderson, L. (2009, October 19). Re: Writing is an important skill [Discussion board post].

Retrieved from Colorado Technical University, Virtual Campus, The Writing Center:






Print Sources

Article from a scholarly/peer reviewed journal.

Author’s Last Name, First and Second Initial. (Year of Publication). Title of the article. Title of

the Journal, Volume(issue number if known), page numbers. doi number if one is


White, E. M. (2005). The scoring of writing portfolios: Phase 2. College Composition and

Communication, 56(4), 581-600.

Article from a newspaper (no author).

Title of the article. (Year, month day of publication). Title of the Newspaper, page numbers.

Boss defends trooper who used Taser on driver. (2007, December 2). Chicago Tribune, p. A3.

Book with two authors.

Author’s Last Name, First and Second Initial, & Author’s Last Name, First and Second Initial.

(Year of Publication). Title of book (Volume/Edition number). City, State of

Publication: Publisher.

Greenfield, S. B., & Calder, D. G. (1986). A new critical history of Old English literature. New

York, NY: New York University Press.

Chapter from a print book.

Author’s Last Name, First and Second Initial. (Year of Publication). Title of book

(Volume/Edition number, page numbers). Place of Publication: Publisher.

Hacker, D. (2008). A pocket style manual (5th ed., pp. 70-90). Boston, MA: Bedford/St. Martins.



American Psychological Association. (2010). Publication manual of the American Psychological

Association (6th ed.). Washington, DC: Author.


Type Your Title Here
Student’s Name
Colorado Technical University

An abstract is a single paragraph, without indentation, that summarizes the key points of the manuscript in 150 to 250 words. The purpose of the abstract is to provide the reader with a brief overview of the paper. This template is based on 6thed of the Publication manual of the American Psychological Association.
Note: an abstract is only required if the assignment calls for it. Consult with your instructor.

Type Your Title Here
Begin writing your paper with a .5” indent and continue the paper with an indent for each new paragraph.
Heading Level 1, Centered, Boldface
Heading Level 2, Flush left, Boldface, Uppercase and Lowercase
Heading level 3, indented, boldface, lowercase ends with period.
Heading Level 4, indented, boldface, lowercase, italicized, ends with period.
Heading level 5, italicized, lowercase, ends with a period
Note: Depending on the length and complexity of your paper you will use different levels of headings.

Encyclopedia, S. E. (1993). Article. In The new encyclopedia Britannica (vol. 38, pp. 745-758). Chicago, IL: Publisher.
Lastname, F. (2003). Book title: Subtitle. Sterling, VA: Publisher Name.
Newspaper article without an author. (1993, July 15). The Washington Post, p. A12.
Wittkopf, B., & Shaw, M. E. (2003, fall). Article title from the journal. Journal Name, 43(2), 18-22. doi:10:109.0932.9385.09

The final step in the planning phase is to review the plan to ensure that the Information Security Assurance Implementation Plan adequately addresses the requirements and that it is sufficiently detailed to allow the organization to move forward with the implementation phase based on your plan. This is also a good time to identify a model to ensure the development of secure Web-based and platform-based applications. In addition, you should identify methods to assess compliance with your plan.

For this assignment, you will add 3 pages describing a security-driven life cycle development model to prevent security holes for Web-based and platform-based applications, as well as methods to assess compliance with your plan and to assure the security of the organization’s information. Finally, you will further refine the Information Security Assurance Implementation Plan to produce the final draft version. Updates may be based on peer and instructor feedback.

The project deliverables for Week 5 are as follows:

Update the Information Security Assurance Implementation Plan title page with the new date.
Update the previously completed sections based on the instructor’s feedback.
Assessment and Assurance
Describe a security-driven life cycle development model to prevent security holes in applications for the organization.
Describe methods that will be used to assess compliance with the implementation plan and policies outlined in your plan and to assure the security of the organization’s information.
Information Security Assurance Implementation Plan final draft
Review the entire document for any changes and improvements that you would like to make.
Ensure that this final version of the plan is sufficiently detailed to allow the organization to move forward with the implementation phase based on your plan.
Any previous instructor feedback should be addressed with appropriate changes.
Be sure to update your table of contents before submission.
Name the document “yourname_CS661_IP5.doc.”

Running head: Software Information

Software Information
Christopher Slaton
Colorado Technical University

Table of Contents
Introduction 3
The Nature of the Origination 3
The company’s size, location 3
Weak One: 4
Information Security Overview 4
An overview of the information security plan for DB Schenker 6
Week Two: 8
Risk Assessment 8
Week Three: 9
Security Standards for Development and Deployment 9
Week Four: 10
Vulnerability Management 10
The emerging technology driven applications 12
Week Five: 13
Assessment and Assurance 13
Conclusion 13
References 14


Security has become a fundamental and inescapable concern for programming structures. The earlier decade has seen a huge development in the sheer number of attacks just as the straightforwardness with which attacks can be performed on structures. We acknowledge that to guarantee an item or system against hurt (expected or not), thought ought to be given to its necessities. Like other structure properties and quality credits, security ought to be considered from inception, toward the day’s end starting with necessities planning.

The Nature of the Origination

The organization which the information security will be applied is the transport and forwarding organization that is it deals with the transportation of goods and services. the system will be placed in DB Schenker to facilitate the organization forwarding system (Renata & John , 2012). The Security will be nonfunctional essential (NFR) that is logically fundamental in its importance, wonderful in its necessities, yet ought to regardless be composed with any excess pragmatic and non-valuable necessities and arranged into productive models, plans, and execution (Bilyana , Lillian , Quentin , & Adam , 2019). Like other nonfunctional essentials, the phenomenal nature and solicitations of security make it irksome and routinely unable to decide security concerns using “extensively valuable” necessities strategies, in this way security necessities planning is required. Under we explain all of these two thoughts, (for instance programming security, and security necessities planning).

The company’s size, location

The DB Schenker company is large and forwards goods and services to three quarters of USA. Security is interestingly perplexing and testing among non-practical necessities (NFRs); as Ian Alexander specifies, “security is not normal for any remaining regions in a detail, as somebody is intentionally and purposely attempting to break the framework. Security is a NFR that is progressively basic in its significance, extraordinary in its prerequisites, yet still should be coordinated with any remaining practical and non-useful necessities and planned into effective models, plans, and execution (Ariel , Shiliang , & Gilles , 2016).
Programming security will ensure that essential objectives three viewpoints (CIA), the safeguarding of the Confidentiality, Integrity, and Availability of the data resources and assets that the product makes, stores, measures, or communicates including the executing programs themselves (Lenin , Jitendra , & Sharad , 2012). In this sense, classification safeguarding alludes to the avoidance of unapproved divulgence; trustworthiness protection is tied in with forestalling unapproved modification; and accessibility conservation is tied in with forestalling unapproved annihilation or refusal of access or administration.


The DB Schenker security will involve basic unforeseen development, SQUARE was applied in a movement of client relevant examinations. Carnegie Mellon graduate understudies managed this Endeavor all through the pre-summer and fall of 2004 and the pre-summer of 2005. The relevant examination results were appropriated. Model gadgets were furthermore developed to help the collaboration. It involves 9 phases (Rohan , et al., 2014).
1. Yield to definitions: This movement serves to engage an undeniable correspondence between essentials engineers and accomplices.
2. Recognize security targets: Initially, the accomplices will state unmistakable security goals. In th (Lenin , Jitendra , & Sharad , 2012)is movement, the goals are changed, and conflicts are settled.
3. Make relics: The makers name the going with antiquated rarities that should be assembled: system designing blueprint, use case circumstances/diagrams, misuse case circumstances/graphs, attack trees, and standardized formats and constructions. These antiquated rarities structure the explanation behind the subsequent strides of the procedure.
4. Perform peril examination: In this movement, the shortcomings and risks related to the structure are recognized, similarly as the likelihood that the threats will incite attacks. The makers propose to apply existing threat evaluation procedures.
5. Select elicitation methodology: The technique picked in this movement will be applied in the ensuing stage to play out the veritable security requirements elicitation. Again, SQUARE recommends to apply a current methodology to be picked for the current Endeavor (Lenin , Jitendra , & Sharad , 2012).
6. Inspire security essentials: A basic point in this movement is to ensure that the necessities are verifiable and that they are not utilization or compositional restrictions as opposed to requirements.
7. Mastermind necessities: The evoked essentials are arranged (regardless) as demonstrated by the going with models: crucial, pointless, structure level, programming level structure restriction. Since the last are not considered as essentials, their unscripted TV dramas that the previous advances should be executed again.
8. Zero in on essentials: It is acknowledged that not all that necessities can be executed; therefore, the principal requirements ought to be perceived.
9. Requirements evaluation: In this last development, the necessities are checked for ambiguities, anomalies, stirred up assumptions, and such. Its result is the last security necessities chronicles for the accomplices.
The draft cycle was upgraded and base lined after the logical investigations were done; the base lined cooperation. On a fundamental level, Steps 1-4 are truly practicing that go before security requirements planning yet are imperative to ensure that it is productive. Brief depictions of every movement follow (Mead et al., 2005)

An overview of the information security plan for DB Schenker

The objective of the Multilateral Security Requirements Analysis (MSRA) procedure is to apply the principles of multilateral security during the necessities planning time of structures improvement (Federico , Ruggero , & Matteo , 2013). This is done by exploring security and assurance needs of the large number of accomplices of a structure to-be, recognizing conflicts, and joining the assorted accomplice sees. The strategy gets both from hypotheses on multilateral security and point of view arranged necessities planning. To express the particular security needs of the accomplices, MSRA customers grow security essentials from the perspectives of the different accomplices in regards to bundled functionalities of a system.
Security requirements result from the trade off of multilateral security destinations (Paul & David , 2013). Security targets are browsed a rich logical classification got from the CIA set of three, which in like manner consolidates properties, for instance, obligation and pseudonymity, etc Security destinations, and later essentials, contain the attributes accomplices who have a premium in the need, counter-accomplices towards whom an essential is communicated, and different various credits that are portrayed in the going with entries (Bilyana , Lillian , Quentin , & Adam , 2019).
An accomplice is portrayed as any individual or affiliation that has an interest in the structure to-be. Therewith, the elaboration of the security necessities isn’t limited to the utilitarian customers of the structure to-be, the last being suggested as performers (Federico , Ruggero , & Matteo , 2013). Or then again perhaps, a separation is made that allows the elaboration of both, the people who have a stake in the system security, and the people who will use the structure.
The variety Confidentiality Requirements Elicitation and Engineering of DB Schenker ponders just grouping necessities. Later work has focused in on the formalization of the protection necessities in CREE and the usage of defeasible reasoning to explore ambiguities and conflicts. Counter-accomplices insinuate those accomplices whom the security targets are focused on. These might actually be noxious aggressors or performers of the structure (Lenin , Jitendra , & Sharad , 2012). Further, MSRA works with an information model, the parts of which are the objects of the assorted security necessities. The information model is of a higher degree of reflection than a data model, as would be significant for a useful assurance of the system to-be.
Additional credits of a security need are: the owner of the security essential; the degree of comprehension among accomplices towards the security need; the goal of the essential. this is simply protection or consent); the information the essential areas; the seriousness, communicating if the security essential says something regarding the security of information that it isn’t unequivocally tending to; and the thinking, articulating why the information ought to be gotten. Further, transitory authenticity, portraying how long the security concern ought to be saved, is seen as a quality (Ariel , Shiliang , & Gilles , 2016).


Most of the software engineers are inadequately set up to inspire, separate, and demonstrate security necessities for instance the DB Schenker. Thusly, they much of the time botch security necessities for compositional security segments that are by and large used to fulfill essentials, and end up making designing and plan decisions. Charles Haley and his partners see a comparable issue. They show that couple of rules, (for instance, the Common Criteria and the US National Institute of Standards and Technology PC security handbook) propose portraying security necessities with respect to security instruments (Bilyana , Lillian , Quentin , & Adam , 2019). In any case, as they raise, “Portraying necessities to the extent limit leaves out key information: what things need getting and, even more fundamentally, why the articles need guaranteeing.”
The Comprehensive Lightweight Application Security Process (Clasp) communicates that all requirements will be Smart necessities: express, quantifiable, appropriate, reasonable, and recognizable. Affix gives no models, in any case, with respect to what an ordinary security essential should take after (Ariel , Shiliang , & Gilles , 2016). He describes a security essential as “a positive need that executes a supplanting security technique.” He suggests isolating security necessities into classes, such as recognizing confirmation, uprightness, and insurance requirements. For example, the essential “The application will perceive the aggregate of its client applications preceding allowing them to use its abilities” is a distinctive evidence need, however “The application won’t allow unapproved individuals or ventures permission to any correspondences” is a security essential.
When the Personnel Information just to people from Human Resources Dept.”. By conveying security essentials practically identical to unequivocal utilitarian necessities, they ensure that they can achieve adequate distinction to coordinate draftsmen and let them affirm that the requirements are truly fulfilled (Federico , Ruggero , & Matteo , 2013). These models in any case, we haven’t found an overall recognized importance of “security essential” in the


As much as organizations have moved so fast to adopt new technology, there is still frail understanding and compliance to information system standards and regulations. According to Ismail (2017), this has not only come due to ignorance to this standards and regulation or the hasty need to have competitive advantage with new technologies use but also due to slow formation of these standards, policies and framework in the pace of the developing technologies. Since information security entitles process and methods to protect data, storage, computer processes and transmission from risk and vulnerabilities, Information security standards and regulation designate the technical specifications or precise criteria harmonized and agreed upon to protect data, systems other computer hardware from potential risk and vulnerability (Ismail, 2017).
Regulations laws on the hand mean directives that any organization within the law jurisdiction should follow in implementation of information system. Standards and regulation in information security are very important. They not only set ground for efficiency and effectiveness of information security but also harmonize the different information security methods and process to promote innovation. Standardization also provides structured methods that make it not only easy to disseminate ground breaking ideas but also knowledge about the foremost strategies information security (Tirumala &Anjan, 2016)..


There are various standardization bodies for information security assurance, however, the International Standardization Organization (ISO) standards have become the must-read standards for any information security engineer and standards to be complied by most organization IT security systems. ISO standards mostly referred as ISO 27001 and ISO 27002; the latest version of ISO 27001 is international standards that describe the best Information security management system (ISMS) practices (Rajkumar &Paralikar, 2019). In a nutshell ISO 27001 a standard among the ISO 2700 series that describes information security implementation process. Overviews of this standard require that for any information security implementation organization must:
i. assemble a project team that would initiate the project
ii. should conduct a gap analysis which means the reasons behind the information security implementation
iii. should develop the scope of the ISMS
iv. Should initiate a high-level policy development for the ISMS
v. Perform a risk and vulnerability assessment
vi. Select and apply controls
vii. Develop a risk documentation
viii. To Conducts a staff awareness training program
ix. Conduct an international audit to assess and review the implemented ISMS
x. Lastly the organization should opt for certification audit

ISO 27002 is the newest ISMS implementation standards that include a supplementary standard that focuses on information’s security controls that should be followed the implementation of ISMS (Rajkumar &Paralikar, 2019). The controls are listed as Annex A, ISO 27001. This section explains in details how each control works, the objective of the controls and how an organization can implement the controls.
The BS ISO/ IEC 27004: 2009 is also an important information security management system standard. This standard does not only provide requirement for maintaining and improving ISMS but also provide guidance in the development of measure to assess the effectiveness of ISMS implementation in organization. BS ISO/ IEC 27004: 2009 is designed to be applicable in all organization (Tirumala &Anjan, 2016). Though the standard mostly align to the ISO/IEC 27001 standardization is currently being updated to align to ISO 27002; the new version of ISO 27001.

BS ISO/IEC 27003:2010; is a standard that provides the core Information security management systems design recommendations. The standard provides vivid instructions to planning of ISMS projects in organization of all sizes. Though BS ISO/IEC 27003:2010 is still based on the ISO 27001 it also being updated to align to the new ISO 27002 principals (Rajkumar &Paralikar, 2019).
Other important standards are the ISO/ IEC 18043:2006; which as standards that provide a framework for improving data protection and maintaining compliance of the ISO 27002. These standards legislate the best practice to maintain ISO 27001 and 27002 compliance.

Law/ Regulations

In the United States, there various laws associated with information security. These laws include the controlled Unclassified Information (CUI) Found in the Federal Information Security Management Act 2002 (FISMA). This law requires complaint of an information security system to the security controls required in the ISO 27001/ 2 and the USA NIST SP 800-171r1 (Rajkumar &Paralikar, 2019). These laws also come to create a uniform set of requirement for information security controls for securing security civilian data and sensitive government information. another law is the digital millennium copy right Act 1998 (DMCA) which requires any institution or organization manage a digital copyright compliance ISMS that comprise of the following: annual disclosure, strategy or strategies to combat the distribution of unauthorized materials, have an alternative source of the authorized copies of the copyrighted digital materials and lastly have strategic plan review

Why These Standards Are Applicable In the Organization

These standards and laws are applicable in this organization because of the required installation of security systems to curb the various security risk and vulnerability detected during the risk and vulnerability assessment. Accordingly, the standards would provide requirement for maintaining and improving ISMS and a guidance in the development of measure to assess the effectiveness of ISMS implementation in the organization. the federal information security management Act 2002 (FISMA) and digital millennium copy right Act 1998 (DMCA) will ensure uniformity in the set organization information security controls with other organizations’ security control and government information controls (Tirumala &Anjan, 2016).

Process That Would Be Affected by the Standards

These standards influence the organization’s ISMS process right from design, implementation and assessment. Accordingly, ISO 27001 a standard describes information security implementation process, ISO 27002 standards effect on information’s security controls, The BS ISO/ IEC 27004: 2009 provides requirement for maintaining and improving and guidance in the development of measure to assess the effectiveness of ISMS implementation in organization (Tirumala &Anjan, 2016).


I will start will with The BS ISO/ IEC 27004: 2009 which provides requirement for maintaining and improving and guidance in the development of measure to assess the effectiveness of ISMS implementation in organization. Then comply with ISO 27002 which starts the standards effect on information’s security controls and lastly follow the ISO 27002 that describes information’s security controls


Vulnerability management is a security process that is specifically designed and undertaken to proactively mitigate, solve and prevent the exploitation of information framework vulnerabilities that exist in an organization system. The practice involves several processes including; identifying vulnerability(s), classifying the vulnerability(s), finding a solution, and mitigating the identified vulnerability within the system. Vulnerability management is an integral process of information and network security and is conducted alongside risk management with other security management practices (Syed, 2020).
DB Schenker is a company that distribution of goods and services across the United States, the vulnerability on its system would be the information access points that may be exploited to corrupts its database or get crucial goods transport details. The vulnerability management in this scenario would be conducted in six phases; assets inventory, information management, risk assessment, vulnerability assessment, reporting and solution tracking, and response planning. This chapter will cover the six phases the challenges to be encountered in each section and the justifications for undertaking the vulnerability management.

Asset Inventory

The initial stage of vulnerability management is coming up with the company’s inventory, the DB Schenker devices inventory. However, a massive challenge in most companies they lack effective and updated asset register and inventory making the initial securing stage harder. For the DB Schenker case, the solution to the asset inventory will be assigning one personnel, an employee the task of asset inventory management to ensure that all company resources are recorded and the inventory is updated daily. Asset inventory management is a powerful tool that information security admins can use to quickly find and path devices and systems with security upgrades. Lack of effective, well maintained, and updated asset inventory will have to curb vulnerabilities or discover them during new security scanning or patches being installed or during upgrades.

Information Management

The second step in the vulnerability management process would be controlling how information is communicated into the organization, DB Schenker. The topmost critical information flow is internet traffic coming from the DB Schenker’s network. There has been an increase in the attacks through worms, viruses, and malware threat attacks that DB Schenker needs protection against. The traffic flow in and out of the DB Schenker local networks has been on the rise. The rise in the traffic flow has a high potential of bringing in more malware into the DB Schenker system. This implies that more attention needs to be directed to the flow of information to avoid such threats from getting in or out of the DB Schenker network.
Despite malware attacks being a major concern in information management, DB Schenker organization is crucial not to be leaked to the public. Information management ensures that the inorganization data is kept secret and secure from attacks.

Risk Assessment

The is a crucial step in vulnerability management, before any solutions of the risks recommended and assessed in the DB Schenker network, the security will conduct an extensive analysis of the vulnerabilities that the network faces. In a normal information security environment, the team will be able to attend to all vulnerabilities, as there will enough resources and time. However, in the real-world setting there are several limiting factors that they would encounter for DB Schenker’s case the resistance from the board meaningless financial support. Making risk assessment crucial as the information security has to come up with a priority list of the vulnerabilities to handle first and those to deal with later. For DB Schenker the priority will be securing their network and organization data.
ISO 27001, clause 4.2.1, and ISO 27005 clause 7.4 outlines the main goals of the selection process of the technique and the process for risk assessment (Humphreys, 2008). The figure below outlines it:

Figure 1.

Vulnerability Assessment

Vulnerability and risk assessment are closely related; however, a vulnerability assessment is concerned with the identification of DB Schenker’s vulnerable assets. To vulnerable assets in the DB Schenker network will involve conducting a series of ethical hacking and penetration tests. The devices on the DB Schenker network are targeted by this attack ranging from printers to servers. Penetration testing verifies the existences of vulnerabilities, the aim of a vulnerability assessment is done to uncover the existence of the vulnerabilities in the DB Schenker network. The aim is achieved through simulation of a real hacking environment using similar tools and methodologies that the attackers might use.

Reporting and Solution Tracking

The reporting stage is aimed at helping the information security team of DB Schenker to better comprehend the current security status and the areas which still pose high-security threats and point out the perpetrator of the vulnerabilities. The report also makes it easy for the team to present the current status to the board of the company. The solution finding or tracking intuits the end of the vulnerability management process. The process is prematurely terminated after analysis of the threats and vulnerabilities and noting of the acceptable risks.

Response planning

Despite being seen as the easiest stage, it is also as important as the rest of the phases in the vulnerability management of the DB Schenker network. Is seen to be easy as all the identification, analysis, and steps are already outlined, however, it is important failure to undertake it means the DB Schenker network will still be exposed to vulnerabilities.

Justification of Vulnerability Management

The vulnerability management strategy proposed will be beneficial to the DB Schenker company not only to the information security team but also to the whole organization. The implementation of the strategy implies that in case of vulnerabilities the company will have a fallback strategy to keep their daily activities running. The strategy ensured the company is safe from attacks and their information is secure. The process might be costly but the saves the company additional costs that may be incurred in case of an attack without the strategy.

Week Five:

Assessment and Assurance



Ariel , E., Shiliang , H., & Gilles , P. (2016). Remix: online detection and repair of cache contention for the JVM. Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, 251-265.
Bilyana , L., Lillian , A., Quentin , E. H., & Adam , S. M. (2019). Applying Indications and Warning Frameworks to Cyber Incidents. International Conference on Cyber Conflict (CyCon), 900, 1-21.
Dima, A. M., &Maassen, M. A. (2018). From Waterfall to Agile software: Development models in the IT sector, 2006 to 2018. Impacts on company management. Journal of International Studies, 11(2), 315-326.
Federico , C., Ruggero , G., & Matteo , K. (2013). The effect of global supply chain configuration on the relationship between supply chain improvement programs and performance. International Journal of Production Economics, 143(2), 285-293.
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247-255. doi: 10.1016/j.istr.2008.10.010

Jed , D. G., Paul , H., & Klara, K. P. (2017). Educating for the 21st-century health care system: an interdependent framework of basic, clinical, and systems sciences. Academic Medicine, 92(1), 35-39.
Lenin , R., Jitendra , P., & Sharad , A. (2012). Appinsight: Mobile app performance monitoring in the wild. 10th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 12), 107-120.
Ismail, U. (2017). Requirement Gathering for Open Source Software by Using SCRUM and Feature Driven Development (Doctoral dissertation).
ISMAIL, U., QADRI, S., & FAHAD, M. (2015). Requirement Elicitation for Open Source Software By using SCRUM and Feature Driven Development. International Journal of Natural & Engineering Sciences, 9(1).

Paul , L. D., & David , C. C. (2013). Information technology and business-level strategy: Toward an integrated theoretical perspective. Mis Quarterly, 483-509.
Renata , F. M., & John , F. E. (2012). The acquisition of an artificial logographic script and bilingual working memory: Evidence for L1-specific orthographic processing skills transfer in Chinese–English bilinguals. Writing Systems Research, 4(1), 8-29.
Rajkumar, A., &Paralikar, A. (2019, December). Test Driven Development: Process for AUTOSAR Software Development. In INCOSE International Symposium (Vol. 29, pp. 99-108).

Rohan , G., Hongqiang , H. L., Y , C. H., Jitendra , P., Lihua , Y., & Ming , Z. (2014). Duet: Cloud scale load balancing with hardware and software. ACM SIGCOMM Computer Communication Review, 44(4), 27-38.
Syed, R. (2020). Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system. Information & Management, 57(6), 103334. doi: 10.1016/
Tirumala, S., Ali, S., &Anjan, B. G. (2016). A Hybrid Agile model using SCRUM and Feature Driven Development. International Journal of Computer Applications, 156(5), 1-5.
Zima, D. (2015). Modern methods of software development. Task Quarterly, 19(4), 481-493.

error: Content is protected !!