Operations Security

Summary:

ABC Company is a manufacturing company that produces new technology that sells online directly to customers and retailers. The system they use is a core transactional Enterprise Resource Planning system called NEDS. NEDS is similar to many core systems that provide integrated applications on a common platform for financials, managing materials, sales distribution, and production planning (similar to Oracle or SAP). NEDS is located in the Netherlands, while ABC Company is located in Florence, Kentucky. On June 15, 2016, James Hurd (ABC’s Global Security Director) was notified that NEDS was burglarized during business hours involving individuals stealing equipment including blackberries, iPhones, laptops and hard drives.  Local police were notified and the incident was reported on that date. A police report only included identification of specific hardware that was stolen and several bicycles.

The burglary notification that was mailed was sent to a branch office of ABC Company in Mexico. James Hurd was notified by the Mexico office via email which included an attached electronic version of the burglary notification and police report on June 20, 2016.  James Hurd recognized that the incident actually occurred 5 days earlier. 

The letter contained the following information about the incident:

· The incident occurred in the application area that provides custom application development and reporting for the ABC Company. 

· The area that was impacted involved “potential data” used for sales analysis. Data from the ABC Company had been placed on laptops while some diagnostics were being carried out. 

· Compromised data could have included customer or retailer information from 2002-2014 consisting of names, address, bank account data or credit card numbers, SKU product numbers, descriptions, quantities, Purchase Order numbers, and purchase price.

You are James Hurd and need to respond to this incident by taking action immediately.  

You will need to complete the following: 

I. Develop an Incident Response Policy for ABC Company that will be used as your reference for your evaluation of this potential data incident (this is an attachment that should be included in your paper and referenced in your presentation).

II. Upon developing ABC Company’s Incident Response Policy, evaluate the incident described above: 

- Summarize the data incident and potential level of risk, include why? 

- Upon identifying the types of data that could potentially be impacted and what laws/regulations could be in violation of non-compliance if this data was breached

- Develop your action plan to evaluate this data incident (include your rationale for why the steps were necessary)

- Describe how the Incident Response Policy supported your actions 

- Identify any issues that made the evaluation more difficult

- Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)

- Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach to the company but it took the evaluation to get to this conclusion)

This presentation must be support by the research paper. 

Please note the following criteria:

Research paper:

• Research Paper must be in APA Style
• Research Paper must have at least 5      works cited of which 2 must be peer reviewed works/articles (note your      book can be included as a reference)
• Must be at least 5 double-spaced pages
• The Policy will be an Attachment and      not count toward the 5 Page requirement
• Graphs, illustrations and spreadsheets      are allowed, but will not count toward the 5 Page requirement

Grading criteria will include the following as this represents 40% of your grade:

Presentation will be 100 points and based on the following:

Completeness of the Topic (Policy, Processes, Action, Conclusion) 

Presentation Delivery 

Alignment of policy 

Paper will be 100 points:

- Meets Standard Criteria

- Completeness/content

- Incident Risk Policy as Attachment

- Logic of Processes and Actions (Thoroughness)

- Alignment of the Incident Risk Policy components in completing and supporting the evaluation

 

Executive Program Practical Connection Assignment

At UC, it is a priority that students are provided with strong educational programs and courses that allow them to be servant-leaders in their disciplines and communities, linking research with practice and knowledge with ethical decision-making. This assignment is a written assignment where students will demonstrate how this course research has connected and put into practice within their own career.

 

Assignment: Provide a reflection of at least 500 words (or 2 pages double spaced) of how the knowledge, skills, or theories of this course have been applied, or could be applied, in a practical manner to your current work environment. If you are not currently working, share times when you have or could observe these theories and knowledge could be applied to an employment opportunity in your field of study. 

Requirements:

Provide a 500 word (or 2 pages double spaced) minimum reflection.

Use of proper APA formatting and citations. If supporting evidence from outside resources is used those must be properly cited.

Share a personal connection that identifies specific knowledge and theories from this course.

Demonstrate a connection to your current work environment. If you are not employed, demonstrate a connection to your desired work environment. 

You should NOT, provide an overview of the assignments assigned in the course. The assignment asks that you reflect how the knowledge and skills obtained through meeting course objectives were applied or could be applied in the workplace. ?????????

 

 

 

 

 

 

 

 

 

Executive Program Practical Connection Assignment Rubrics

Component	Proficient (15 to 20 points)	Competent (8 to 14 points)	Novice (1 to 7 points)	Score
Assignment Requirements	Student completed all required portions of the assignment	Completed portions of the assignment	Did not complete the required assignment.
Writing Skills, Grammar, and APA Formatting	Assignment strongly demonstrates graduate-level proficiency in organization, grammar, and style. Assignment is well written, and ideas are well developed and explained. Demonstrates strong writing skills. Student paid close attention to spelling and punctuation. Sentences and paragraphs are grammatically correct. Proper use of APA formatting. Properly and explicitly cited outside resources. Reference list matches citations.	Assignment demonstrates graduate-level proficiency in organization, grammar, and style.   Assignment is effectively communicated, but some sections lacking clarity. Student paid some attention to spelling and punctuation, but there are errors within the writing. Needs attention to proper writing skills.   Use of APA formatting and citations of outside resources, but has a few instances in which proper citations are missing.	Assignment does not demonstrate graduate-level proficiency in organization, grammar, and style.   Assignment is poorly written and confusing. Ideas are not communicated effectively. Student paid no attention to spelling and punctuation. Demonstrates poor writing skills.   The assignment lacks the use of APA formatting and does not provide proper citations or includes no citations.
Maintains purpose/focus	Submission is well organized and has a tight and cohesive focus that is integrated throughout the document	Submissions has an organizational structure and the focus is clear throughout.	Submission lacks focus or contains major drifts in focus
Understanding of Course Content	Student demonstrates understand of course content and knowledge.	Student demonstrates some understanding of course content and knowledge.	Student does not demonstrate understanding of course content and knowledge.
Work Environment Application	Student strongly demonstrates the practical application, or ability to apply, of course objectives within a work environment.	Student demonstrates some practical application, or ability to apply, of course objectives within a work environment.	Student does not demonstrate the practical application, or ability to apply, of course objectives within a work environment.