Michelle Vidrine

1-Case Study 4-7

The reading curriculum in your district is 10 years old and no longer effective. There are no supportive materials for the ELL students or students who are struggling. There are also no materials to enrich the higher achieving students. Students are falling further and further behind especially in the younger grades. During the last adoption, 10 years ago, teachers were asked for their input but then the assistant superintendent went against their recommendations and purchased a different series. While some teachers are new to the district, there are some that are still upset about the former assistant superintendents decision.

As the principal, I would approach the new assistant superintendent with the request to purchase new materials. I would also mention how the last adoption did not go well. With the assistant superintendents support, I would go back to my teams and ask them for the criteria they would like to see in the new reading series. I would ask for volunteers and let everyone know that they can be as involved in the early stages as they feel comfortable, but you may call upon everyone once it is time to pilot. The committee would use predetermined criteria and select the top choices to look at deeper. This would include speaking to company representatives, other schools using the series and piloting. I would have all teachers fill out an anonymous survey at the end of the pilot and also ask for any feedback that they might want to share with the group. I would make certain to address the problems we have had with the high/low students as well as the ELL and make sure that thi curriculum will be of value to them.

ـــــــــــــــــ

2- Michelle Vidrine

Case Study 4-1

You are the principal and were the chair member of a committee that purchased a new reading textbook series and resources 2 years ago. Last year was the first year of implementation and you have reassured your teachers to take their time and explore the resources available. You did not make anything required to be used this first year. In December of that first year, you updated the board members and superintendent. You shared your plan on letting the teachers explore and become more comfortable with the new series. In April, the superintendent meets with you and asks how you will present a year-end report on the new curriculum. You are surprised as you have already told the board that teachers are still getting to know all of the components of the new series. You tell the superintendent that you had planned to debrief the teachers at the end of the year and make changes and recommendations for the fall. The superintendent moves your presentation to the fall but now wants you to include test data.

As the principal, I would meet with my staff for that year-end debriefing as soon as possible. I would also tell the teachers that you will be collecting test data. I would reassure them that this is the first year and you do not expect to see great scores. Experts say it takes at least three years before seeing true results. Time is needed for students to get use to the change and staff needs time to learn how to use the resources. We can call this baseline data. I would also include much of this in the presentation to the board as well as the recommendations that the teachers have come up with. I would be sure to share all of the positives though be prepared to answer for any scores that may have dropped.

____________

Michelle Vidrine

3-Case Study 4-5

A principal in a junior high school is in a wealthy district with 2 other junior highs and 10 elementary schools. The board of education has taken over the task of renovating a different school each year. That school is moved to a vacant elementary building during renovations. This principal is proud of his innovative staff that embraces change. The principle suspects that his school will be chosen to be the first junior high to go through renovations because he and his building are seen as “easy going”. The superintendent announces that renovations will take place at all 3 schools at the same time but only during the summer months. In exchange for this plan, which means staff will not have to move to a new building, the superintendent is looking at this principal to be the first to change his junior high into a middle school. This is going to be a huge change in philosophy as well as class design. The principal agrees to visit a school already implementing this and a board member rides to the school with the principal. Along the way, the board member states that she does not agree with this change and will do her best to vote it down. The principal is now in the positions of choosing sides.

If I were in this position as the principal, I would have to look more into recent research on the topic of middle school philosophy to make sure that I have the most current information. I need to make sure that all the junior high principals share the same views and would ask for them to also visit the school that is already implementing this approach. I don’t feel that this change can happen before the school year starts. I think all of the administrators need to sit down and discuss what they are looking for while keeping the success of students as the goal. Next, we would come up with a plan and timeline on how to unroll this. Teachers will have to be provided with staff development and materials need to be purchased. With the support of the team, I hope the superintendent will see that a change this large is going to take time if it is going to be successful.

As the principal, I would not get involved with the board member and superintendent’s differences. I would focus on what is best for my students and staff and let them iron out their own problems.

read the article first

then answer the questions

the answer must be meaningful

more than 250 words

Case:Sovereign Wealth Funds: Barbarians at the Gate or White Knights of Globalization?

The report must be typed and written as if you were writing a recommendation to a CEO or other major decision maker.

All submissions must be typed (maximum three pages, single-spaced, 12 point font Times New Roman and 1” margins). Supporting appendices (graphs, tables and references), if needed, are in addition to the three pages.

The originality of each report will be checked using the university’s anti-plagiarism software.

Questions to help you with the analysis:

1.Should we be afraid of sovereign wealth funds?

Should sovereign wealth funds be regulated? How? By whom?

Project #1: Integrating NIST’s Cybersecurity Framework with Information Technology Governance Frameworks

Scenario

You have been assigned to your company’s newly established Risk Management Advisory Services team. This team will provide information, analysis, and recommendations to clients who need assistance with various aspects of IT Risk Management.

Your first task is to prepare a 3 to 4 page research paper which provides an analysis of the IT Governance, IT Management, and Risk Management issues and problems that might be encountered by an e-Commerce company (e.g. Amazon, e-Bay, PayPal, etc.). Your paper should also include information about governance and management frameworks that can be used to address these issues. The specific frameworks that your team leader has asked you to address are:

• ISO/IEC 27000 Family of Standards for Information Security Management Systems
• ISACA’s Control Objectives for Information Technology (COBIT) version 5
• NIST’s Cybersecurity Framework (also referred to as the “Framework for Improving Critical Infrastructure Security”)

The Risk Management Advisory team has performed some initial research and determined that using these three frameworks together can help e-Commerce companies ensure that they have processes in place to enable identification and management of information security related risks particularly those associated with the IT infrastructure supporting online sales, payment, and order fulfillment operations. (This research is presented in the Background section below.) Your research paper will be used to extend the team’s initial research and provide additional information about the frameworks and how each one supports a company’s risk management objectives (reducing the risks arising from cyber threats and cyberattacks against information, information systems, and information infrastructures). Your research should also investigate and report on efforts to date to promote the use both frameworks at the same time.

Your audience will be members of the Risk Management Services team. These individuals are familiar with risk management processes and the e-Commerce industry. Your readers will NOT have in-depth knowledge of either framework. For this reason, your team leader has asked you to make sure that you include a basic overview of these frameworks at the beginning of your paper for the benefit of those readers who are not familiar with CSF and COBIT.

Background

SECURITY CONTROLS

Security controls are actions which are taken to “control” or manage risk. Security controls are sometimes called “countermeasures” or “safeguards.” For this assignment, it is important to understand that it is not enough to pick or select controls and then buy or implement technologies which implement those controls. A structure is required to keep track of the controls and their status — implemented (effective, not effective) and not implemented. The overarching structure used to manage controls is the Information Security Management System.

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

An Information Security Management System is the set of policies, processes, procedures, and activities used to structure the organizational unit which is responsible for managing the cybersecurity or information security program in a business. Companies can and do design their own structure for this program including: scope, responsibilities, and resources. Many companies, however, choose to use a defined standard to provide guidance for the structure and functions assigned to this organization. The ISO/IEC 27000 family of standards is one of the most frequently adopted and is comprised of best practices for the implementation of an information security program. The ISO/IEC 27001 standard specifies the requirements for and structure of the overall Information Security Management System and ISMS program. The ISO/IEC 27002 standard provides a catalog of security controls which can/should be implemented by the ISMS program. For additional information about the standards, please see this blog https://www.itgovernance.co.uk/blog/what-is-the-iso-27000-series-of-standards.

Note: there are a number of free resources which describe the contents and purposes of the ISO/IEC 27000 family of standards. For your work in this course, you do not need access to the official standards documents (which are not freely available).

CONTROL OBJECTIVES FOR INFORMATION TECHNOLOGY (COBIT)

COBIT is a framework that defines governance and management principles, processes, and organizational structures for enterprise Information Technology. COBIT includes a requirement for implementation of an Information Security Management System and is compatible with the ISO/IEC 27000 series of standards for ISMS implementation.

COBIT 5 has five process areas which are specified for the Governance and Management of enterprise IT. These areas are:

• Evaluate, Direct, and Monitor (EDM)
• Align, Plan, and Organize (APO)
• Build, Acquire, and Implement (BAI)
• Deliver, Service, and Support (DSS)
• Monitor, Evaluate, and Assess (MEA)

Beginning with version 5, COBIT has incorporated Information Security as part of the framework. Three COBIT 5 processes specifically address information security: APO 13 “Manage Security,” DSS04 “Manage Continuity,” and DSS05 “Manage Security Services.”[1]

NIST CYBERSECURITY FRAMEWORK (CSF)

The NIST Framework for Improving Critical Infrastructure Security, commonly referred to as the Cybersecurity Framework or CSF, was developed in collaboration with industry, government, and academia to provide a common language and common frame of reference for describing the activities required to manage cyber-related risks and, in so doing, protect and defend against cyber attacks. Unlike many NIST guidance documents, the CSF was designed specifically for businesses – to meet their needs and support attainment of business objectives. Originally designed for companies operating in the 16 critical infrastructure sectors, the CSF is now being required of federal government agencies and departments and their contractors. The Executive Summary of the NIST CSF version 1.1 provides additional background and supporting information about the purposes, goals, and objectives of the CSF.

The Cybersecurity Framework is presented in three parts:

• Core Functions (Identify, Protect, Detect, Respond, Recover)
• Implementation Tiers (risk management processes and practices)
• Profiles (specific to a business or industry – goals and desired outcomes)

COMMONALITIES BETWEEN ISO/IEC 27000, COBIT, AND NIST CSF

There are a number of common elements between the information security frameworks defined in the ISO/IEC 27000 family of standards, the COBIT standard, and the NIST Cybersecurity Framework. Each of these frameworks addresses risks that must be addressed by businesses that depend upon digital forms of information, information systems, and information infrastructures. Each framework presents structured lists of IT Governance and IT Management activities (processes and practices) which must be adopted and implemented in order to effectively manage risk and protect digital assets from harm or loss. Each framework also provides a list or catalog security. Each framework also provides lists of goals or objectives which must be met in order to assure the effectiveness of controls implemented to defend against cyber threats and attacks. Finally, these frameworks provide

The ISO/IEC 27001:2013 and COBIT 5 controls and process areas have been cross referenced to the NIST Cybersecurity Framework Functions, Categories, and Subcategories in the NIST CSF document.[2] Table 1 below shows examples of the mapping between COBIT 5 and NIST CSF as provided in Table 2: Framework Core: Informative References in the NIST CSF document.

Table 1. Example Mappings from ISO/IEC 27001 to COBIT 5 Processes to NIST CSF Functions

ISO/IEC 27001:2013[3]	COBIT 5 Process	NIST CSF Function	NIST CSF Category	NIST CSF Subcategory
A.5.1.1	APO 13.01	Identify	Governance (ID.GV)	ID.GV-1
A.16.1.6	DSS 04.02	Identify	Risk Assessment (ID.RA)	ID.RA-4
A.6.1.1, A.7.2.1, A.15.	DSS 05.04	Identify	Governance (ID.GV)	ID.GV-2
A.12.6.1, A.18.2.3	DSS 05.01, DSS 05.02	Identify	Risk Assessment (ID.RA)	ID.RA-1

ADOPTION AND USE OF IT SECURITY FRAMEWORKS

A 2016 survey conducted by Dimensional Research for Tenable[4] found that over 80% of the responding organizations used an IT security or cybersecurity frameworks to structure their IT security management program. This finding was similar across all sizes of companies and across industries. Over 40% of the respondents used multiple frameworks. The NIST CSF was utilized by over 40% of the respondents – approximately the same number who adopted the ISO/IEC 27000 standards. One notable finding was that in some cases the NIST CSF adoption was required by a business partner or a federal contract.

Research

• Read / Review the weekly readings
• Consult Aligning COBIT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit http://www.isaca.org/Knowledge-Center/Research/Documents/Aligning-COBIT-ITIL-V3-ISO27002-for-Business-Benefit_res_Eng_1108.pdf for additional information about the activities / controls included in ISO/IEC 27002 and COBIT. This reference should be used in conjunction with the “Informative References” listed in NIST’s Cybersecurity Framework Core definitions.
• Review the following outlines and explanations of the ISO/IEC 27001 and 27002 standards
  • ISO/IEC 27001:2013 Plain English Outline (excerpts for Information Security provisions) http://www.praxiom.com/iso-27001-outline.htm and http://www.praxiom.com/iso-27001.htm
  • ISO 27002:2013 Translated into Plain English http://www.praxiom.com/iso-27002.htm

Read the following analyses and articles about COBIT 5 and its information security related functions

---

[1] Source: http://www.isaca.org/COBIT/Documents/COBIT-5-for-Information-Security-Introduction.pdf

[2] Source: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

[3] Names for many of the ISO/IEC 27001 controls can be found here: https://www.bsigroup.com/Documents/iso-27001/resources/BSI-ISO27001-mapping-guide-UK-EN.pdf

[4] Source: https://static.tenable.com/marketing/tenable-csf-report.pdf

complete the assignment, for this assignment you will need the MySQL software downloaded. if you dont have it i have the instructions to download it let me know plz . I have attached the assignment for bellow