Department of Defense Information Assurance Risk Management Framework (DIARMF) will replace the DoD’s DIACAP process. As of Mar 2011 it is still being developed. The former DoD Information Assurance Certification & Accreditation Process (DIACAP) will undergo the same change as the NIST SP 800-37, C&A guide did when it changed to the rev 1, Guide for Applying Risk Management Framework. Some of the changes from DIACAP to DIARMF will consist of:

NIST SP 800-53 controls
Change focus from C&A to Risk Management
Definition of how to bridge between DoD systems and NIST defined system (subsystems & Platform IT for example)
DIARMF will look more like NIST 800-37 rev 1

It is unknown how DIARMF authorization packages will look. Currently, the DIACAP consist of DIACAP packages (DIP, SIP, scorecard, POA&M with artifacts) and NIST 800-37 rev 1 consists of a Security Authorization Package (System Security Plan, Security Assessment Report & POA&M). Also, the roles between the NIST Risk Management Framework and the DoD 8500 series are different. So far, the DON CIO and ASD (NII) have come up with mapping between the roles and the 800-53 controls.

The DIARMF will hopefully cover all of the gaps between the DoD C&A process and the new NIST 800-37, Risk Management Framework.

An Ishikawa diagram is also sometimes called a “fishbone” diagram because when it is completed, the result is usually an image of fish bones radiating off of a core spine. It was originally developed by a Japanese quality management processes which facilitates in determining the key relationship among various processes for application in process improvement. This diagram may also refer to as the cause and effect diagram.

Based on my experience, Ishikawa diagram is the basic need in order for you to create an effective system for companies. One of my project before was to develop a Billing and Reservation System for a specific hotel. I will explain here how to create Ishikawa diagram for a hotel, or you might use this as a basis for your project.

Steps in creating Ishikawa diagram:

1. List the problem/issue to be studied in the head of the fish. You should always put the problem/issue at the head of the fish because from the head of the fish originates the main branch of the diagram.
2. Now you must identify the major categories that cause the problem. In doing this, you can use the 6M’s which are the Machine, Method, Materials, Measurement, Man and Mother nature. But what’s on the image attached is only 4M’s since my professor only required the 4Ms. Label each fishbone with the 6Ms or 4Ms.
3. After identifying the major causes, you must now identify the sub-causes of the 4Ms or 6Ms you use.
4. After listing the major causes and sub-causes you may now analyze your diagram. Analyze the results of the fish bones; make sure that adequate amount of detail has been provided under each major category.

Now, doing Ishikawa Diagram is not easy as you think, you must conduct research especially on the company where the system you are developing intended for. You should analyze the image below for proper understanding.

Almost 2 consecutive weeks from now, I am continuously receiving these kinds of emails that are really strange because I received this in my spam folder. Try to read both emails; they have almost the same formats and content. I tried my best to research about this kind of emails and it is really a dating scam emails. I don’t even know them, so why they are going to send me emails like this. And I am a female, obviously in their email they are looking for a male partner.
Based on my research this is the way how they work:
1. They will first act like an angel and will get your attention every now and then.
2. They will agree on your sentiments and everything you say to them is like making them happy to get your trust.
3. Here comes there drama telling that they need money for food, utility bills, hospital bills etc.
4. Since you already trust her, you will give her the amount she needs, after that your money fly way!
Another thing is, sometimes they are not going to asked for money but they just need your email address, chances are you’re not the only one who receive this kind of email because they are trying to collect emails as many as they can, so once you replied on emails like this expect to receive as many spam emails in your spam folders. The emails they collected were part of their marketing plan or they just sell it to others.
So I just suggest don’t ever replied to this kind of emails! Unless you really know them and it is a verified email. Just read the emails below to find out the truth, those emails are not edited, it’s the original email I received.
From: lenny dan

To: lennydan22@yahoo.com – look at this: my email should be in this area but that’s not my email address, I think they are using some sort of program to generate and send emails.

From: lenny dan

To: lennydan22@yahoo.com – look at this: my email should be in this area but that’s not my email address, I think they are using some sort of program to generate and send emails.

lennydan22@yahoo.com
Hello
My name is Lenny, i saw your profile and it was interesting so i would like to know more about you. It will be a pleasure to read from you, if you wouldn’t mind, you can email me in private at ( lennydan22@yahoo.com ) so that i can reply you quickly and also send my picture for you to know me. I want you to know that real love matters. I will be expecting your mail soon, kiss.
Your lovely new friend,
Lenny

From: inocencia

To: – When I received this email, this area was blank but why I received this email if I did not see my email address in this area, please look at the above explanation.

Hello dear
My name is Miss inocencia i i come acrossyour email address at internet google today that is the reason why i write to you to get accquintance with you, I will like you to contact me back with my private email so that i will send you my pictures for you to know whom i am,although i came on line searching for a true and honest man .I believe we can move from here!!!Remember,color,language or distance does not matter,but love matters a lot in life.
best of my regards
From inocencia.

Below is the exactly email content I received from this email address nn–890@att.net with a name of “yahoo claiming award”. Before opening this email, I was not surprised anymore with the content saying that I am a winner of ONE MILLION UNITED STATE DOLLARS. Because in the first place, I always received this kind of email and it goes directly to my spam folders which is really strange. Second is there is no such thing as yahoo lottery, even if you search in Google all results will probably articles about scams.
I suggest when you encounter this kind of email; don’t immediately jump into conclusion that you are really a winner of a lottery or any online raffle because it is obviously a spam email especially if it goes directly to your spam folder. It is always good to check, do some research about it, before communicating to the sender of the email or to the address/phone number indicated on the email. I hope this can help, always remember it is better to be safe than sorry.

YAHOO LOTTERY RESULTS 2011

CONGRATULATIONS!!!

Yahoo! announces you as one of the 25 lucky winners in the ongoing 12 Yahoo lottery Award of the Year Held on 20th of February 2011.

All 25 winning email addresses were randomly selected from a batch of 50,000,000 international emails each from Canada, Australia, United States, Asia, Europe, Middle East, Africa and Oceania as part of our international promotions program which is conducted annually, consequently, you have been approved for a total pay out of ONE MILLION UNITED STATE DOLLARS (USD$1, 000000)

This Lottery was promoted and sponsored by a conglomerate of some multinational companies as part of their social responsibility to the citizens in the communities where they have operational base.

Further more your details(e-mail address) falls within our Bangkok representative office in Bangkok Thailand, as indicated in your play coupon and your prize of (USD$1, 000000) will be released to you from this regional office in Bangkok Thailand.

Your fund is now deposited with our Bank/Security Company Bangkok Thailand and insured in your name. Due to mix up of some numbers and names, we ask that you keep this award from public notice until your claim has been processed, and your winning Payment have being sent to you or remitted to your account, as this is part of our security protocol, to avoid double claiming and unwarranted taking of advantage of this program by participants, as has happened in the past.

HOW TO CLAIM YOUR PRIZE
These are your identification numbers.
Ticket number…………………063-14628115-20
Serial number…………………..77710-0
Lucky number……………….02-09-12-27-18-04,10
Ref number……………….N.EGS/42275486009/16

To begin your lottery claims, Please contact our Yahoo Lottery Coordinator as follows,

Email: donalsoniva@yahoo.co.th
Name: Donalson Iva
Tel: +(066) 817752351

You are to send the completed verification form below to the coordinator whose email address is given above so that you will be advised on what to do to get your prize money.
Congratulations once more!!

1. FULL NAME
2. COUNTRY OF ORIGIN
3. PRESENT ADDRESS.
4. DATE OF BIRTH
5. OCCUPATION
6. TELEPHONE NUMBER
6. FAX NUMBER
7. MARITAL STATUS
8. TICKET NUMBER, SERIAL NUMBER,LUCKY NUMBER AND REF NUMBER.

Remember, all prize money must be claimed not later than 27th of February 2011. Any claim not made by this date will be returned to HER MAJESTY’S DEPARTMENT OF THE TREASURY. And also be informed that 10% of your lottery winning belongs to (THE PROMOTIONS COMPANY). Because they are the company that bought your ticket and played the lottery in your name.

Note also that this 10% will be remitted after you have received your winnings prize, because the money is insured in your name already.

NOTE: In order to avoid unnecessary delays and complications, please remember to quote your reference and batch numbers in all correspondences with us, Furthermore, should there be any change of address, please do inform our Coordinator as soon as possible. Yahoo lottery is a free service that does not require you to be a Yahoo! Registered user.

An original copy of your lucky winning ticket and your deposit certificate will be sent to you by Administrative Remittance Bank UOB Bank Bangkok Thailand.

CONGRATULATIONS!!!! Once again from all members of our staff and thank you for being a part of our International Promotions program.

We wish you continued good fortunes.

Yours Sincerely,

Dr. Mark Hisashi
Vice President Yahoo! Lottery Org.

Mrs. Rose Akira,
President Yahoo! Lottery Org

Dear Child of God,

Calvary Greetings in the name of the LORD Almighty and Our LORD JESUS CHRIST the giver of every good thing.

Good day and compliments of the seasons, I know this letter will definitely come to you as a huge surprise, but I implore you to take the time to go through it carefully as the decision you make will go off a long way to determine my future and continued existence. I am Mrs. Jane Dawson an aging widow of 61 years old suffering from long time illness.

I have some funds I inherited from my late husband, the sum of $8,000,000.00 and I needed a very honest and God fearing Christian who can withdraw this money then use the funds for Charity works. I WISH TO GIVE THIS FUNDS TO YOU FOR CHARITY WORKS. I found your email address from the internet after honest prayers to the LORD to bring me a helper and I decided to contact you if you may be willing and interested to handle these trust funds in good faith before anything happens to me.

I am desperately in keen need of assistance and I have summoned up courage to contact you for this task, you must not fail me and the millions of the poor people in our todays WORLD. This is no stolen money and there are no dangers involved,100% RISK FREE with full legal proof. Please if you would be able to use the funds for the Charity works kindly let me know immediately.

Please kindly respond quickly for further details.

Warmest Regards,

Mrs Jane Dawson.

11 Mar 2011, Japan just had a series of huge earthquakes (including one that was 8.9). The result was a huge tsunami and loss of life still being calculated. The tsunami of fraud and scams have already started on Facebook and have surely hit the shores of email spam inboxes everywhere.

Example:

Submission date: March 2011

To:

The quake triggers a tsunami that threatens much of the Pacific. Up to 300 bodies are found in the city of Sendai in northeastern Japan, an area believed to have been hit hardest by the massive waves.

Hundreds are dead after the worst earthquake in generations struck off the northeast coast of Japan on Friday, setting off a devastating tsunami that swallowed swaths of coastal territory and fanned out across the Pacific Ocean, threatening everything in its path.

The DoD is working on using the National Institute of Standards and Technology (NIST) Certification & Accreditation method of assessing & authorizing systems. The NIST system of C&A is actually known as Risk Management Framework (RMF). This would require the the Assistant Secretary of Defense Networks & Information Integration ASD(NII) office to move the DoDI 8500.2, Information Assurance (IA) controls to be mapped to the NIST SP 800-53, Recommended Security Controls. I am not certain yet whether they will eliminate the 8500.2 or just have all departments move to the NIST SP 800-53. They will also need to switch the DoD Information Assurance Certification & Accreditation Process (DIACAP) to the NIST SP 800-37 rev 1, Risk Management Framework or something similar.

If the transition is anything like their move to from DoD Information Technology Security Certification & Accreditation Process (DITSCAP) to the DIACAP then they will give about 2 years for the DoD to transition. As of Mar. 2011, there is no policy on this. It is serious because its on the DIACAP KS and the Department of Navy CIO has been releasing information on it since 2009. The DON CIO & the ASD (NII) have been working on the project to transition from DIACAP to some sort of DoD Risk Management Framework. So far, they have mapped the DoDI 8500.2 IA controls to the NIST SP 800-53 Controls: Certification and Accreditation Transformation: Security Control Mapping. Here is a May 2010 update to the NIST to DIACAP mapping. 800-53 to DoD IA contols map also includes the Director of Central Intelligence Directive (DCID) 6/3 controls. This is very telling. The plan seems to be to have one standard for all Federal Information System.

Since DoD 8510.01, DIACAP & NIST SP 800-37, Risk Management Framework (RMF) cover so much of the same ground, I think the only real benefit is that reciprocity between Federal agency will be easier if all departments have one standard of risk management and one security control set.

The DON uses the certification and accreditation (C&A) process to assess and understand the residual risk associated with operating information systems (IS) and information technology (IT). The DON is participating with the DoD, the IC, and the rest of the Federal government in C&A transformation. One goal of transformation is to achieve common security controls enabling the DON, the DoD, the IC, and the rest of the Federal government to develop systems to the same protection standards.

The recently released National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, revision 3 provides recommended consolidated security controls in an effort to achieve common security controls across the Federal government.

The DON will continue to use the DoDI 8500.2 as the authoritative source for security controls until otherwise specified. However, understanding the changes represented in NIST SP 800-53r3 will be essential as DoD and the DON begin transitioning to this new set of security controls. To support the transition, the DON CIO developed this security control mapping document to demonstrate how existing DoD and IC security controls map to the security controls recommended by the NIST SP 800-53r3 publication.

—Security Control Mapping Document Aids Transition, DON CIO Site

One of the reasons I failed the CCENT was that I didn’t prepare for router/switch simulators that are on the test. I knew the theory and concepts behind Interconnecting Cisco network devices, but I hadn’t spent much time on the command line of an actual router. Since the test is timed you don’t have a lot of time to try to figure commands out on the fly. You certainly can, because Cisco command line is pretty user friendly.

To prepare for the test you must be comfortable in the Internetwork Operating System (IOS). That is why my CCNA, CCNP buddies encouraged me to set up my own Cisco network. They told me how to buy them cheap, what components to buy and how I should actually network them to prep for the Cisco certs.

Cheap Cisco Equipment:
Talking about what actual Cisco models to buy in this post will not be effective since anything I name will be completely obsolete by the time you read this. But I will tell you that my CCNA/CCNP friends recommended buying old Cisco equipment from ebay and Craig’s list. And even schooled me on what was a good deal. In some cases I would just give them money and they would buy if for me. I ended up buying a lot of stuff I don’t need but you are more than likely much smarter with your money.

What to Buy:
They told me that it was important to buy two switches and two routers to practice with routing protocols and spanning tree. They explained that it is important to understand the behavior of the technologies in order to know how to troubleshoot. Theory is important too, but to prepare for the CCENT you must get comfortable with the command line interface so you don’t waste time figuring out basic stuff on the fly.

courtesy of Cisco land

DIAGRAM:
Build a diagram first! This is difficult for me because I like to just jump in and try things. But creating a network diagram and understanding what it is you want to set up is very important.

from rate my network diagram

Virtual Cisco LAB:
Another very useful tool for those who really can not afford to drop $100 dollars on old Cisco equipment is the use GNS3. Its like a VM Ware for Cisco IOS. It allows you to create a virtual network and mess around with actual Cisco IOS. Its really pretty cool… and (best of all) it free!! Aside from air, I am not sure there is anything more useful. Its is a great tool if you are serious about studying for the CCENT/CCNA/CCNP.

courtesy of gns3.net