UN DIPLOMATIC & COURIER COMPANY
Office Address
38 Airport Road
Benin City
Edo State
Nigeria
Tel: +2348137053694
Email: idsc@diplomats.com

Attention: Check Owner,

This is to bring to your notice and reminds that your Cashier Bank Draft worth of Eight Hundred Thousand Dollars ($800,000 USD) is still here with us in our office Un Diplomatic Security Company.

I am Angela Scott the director of this company which i simply making it up to you that Mr. Hansen Ahmad was the one who brought cashier check and deposit with us before he travelled to Japan, under the securation of your package delivery to you.

Important Notice: We have been waiting for you all this while for you to pay the Un Diplomatic Security Keeping charges that was require in your previous mail which is $80 USD only to release your cashier Check to you.

I hereby notify you to understand that you are given 14th of January 2011 which is the final deadline to claim your check, if we do not receive your payment of security keeping fees for safe protecting of your check parcel delivery. Note that after this day your check will return back to the CENTRAL BANK OF NIGERIA as Government property if you do not pay the security fee of your check.

This is the reason we are writing to inform you that you have to claim your cashier check before the deadline date issue to you. I advise that you should proceed with us and send the security fee for safe protecting of your check $80 USD via Western Union to the name below:

RECEIVER’S PAYMENT INFORMATION

NAME: CLINTON OJO
CITY: BENIN
STATE: EDO
COUNTRY: NIGERIA
TEXT QUESTION: COLOR
TEXT ANSWER: PURPLE
AMOUNT SENT: …………
MTCN NUMBER: ………….

As soon as your payment of $80.00 has been sent quickly E-mail us with the payment details or a scan copy of the western union payment slip for verification purpose.

Once your payment is confirmed your cashier check will be delivered to you via first class courier in next 2 days.

Thanks.

Regards,
Angela Scott
Package Dispatcher

Beware of TUNDE FOWLER, who purports to be from the Office of the Presidency. He is a consumate liar and cheat as is his Greek counterpart, DR. CHRISTOS TSIKOUDIS.

Risk Management of IT: National Security Systems

Risk Assessments and Risk Management will apply to National Security Systems (NSS).

What is a Risk Assessment?

A risk assessment is the results/process to determine the likelihood that a threat will exploit a weakness. Risk assessment is a part of the risk management.

What is risk management?

Risk Management is the on-going process of determining assessing, identifying and prioritizing of risks.

Is My System a National Security System?

NIST SP 800-59, Guidance for Identifying an information system as an NSS. 800-39 is a 17 page document developed in conjunction with the Department of Defense, including the National Security Agency, for identifying an information system as a national security system. It is basised on the Federal Information Security Management Act of 2002 (FISMA).

Who determines if you have an NSS?

The head of each agency is responsible for designating an agency information security official to determine which, if any, agency systems are national security systems.

Tools to determine if you have a NSS system:

National Security System Identification Checklist (NIST SP 800-59, Appendix A). The NSS ID Checklist asks (6) questions. Answering yes to any of these questions qualifies your system as an NSS:
• Does the function, operation, or use of the system involve intelligence activities?
• Does the function, operation, or use of the system involve cryptologic activities related to national security?
• Does the function, operation, or use of the system involve command and control of military forces?
• Does the function, operation, or use of the system involve equipment that is an integral part of a weapon or weapons system?
• Is the system critical to the direct fulfillment of military or intelligence missions?
• Does the system store, process, or communicate classified information?

NSS RMF
The guidance of CNSSI 1253 is the result of NIST collaborated with the Intelligence Community (IC), Department of Defense (DoD), and the Committee on National Security Systems (CNSS) to ensure NIST SP 800-53 contains security controls to meet the requirements of National Security Systems (NSS).

KEY DIFFERENCES BETWEEN CNSS INSTRUCTION NO. 1253 AND NIST PUBLICATIONS

The key differences between CNSSI 1253 and the rest of the NIST publications is that NSS systems do not follow “high-water mark”, NSS maybe tailored through risk-based adjustment, control profiles, and a method that allows organization to practice reciprocity.

NSS and High Water Mark
Both FIPS 200 and NIST 800-53 apply the concept of a high-water mark (HWM) when categorizing information systems according to the worst-case potential impact of a loss of confidentiality, integrity, or availability of information or an information system. This Instruction does not adopt this HWM usage. In the National Security Community, the potential impact levels determined for confidentiality, integrity, and availability are retained, meaning there are 27 possible three-value combinations for NSI or NSS, as opposed to the three possible single-value categorizations obtained using the guidelines in FIPS 200. – CNSSI 1253

Risk-Based Adjustment
Potential impact-based security categorizations for NSS may be tailored through the use of a risk-based adjustment. This adjustment takes into consideration the physical and personnel security measures already employed throughout the National Security Community and factors such as aggregation of information.

Control Profile
Method by which organizations may designate sets of controls for NSS based on their enterprise-wide risk assessment and taking into account business objectives, system risks, and mission needs.

NSS Reciprocity
It is the policy of the National Security Community that member organizations practice reciprocity with respect to the certification of systems and system components to the greatest extent practicable. Reciprocity of certification reduces the cost and time to implement systems and system components.

Anti-Terrorist And Monetory Crimes Division
FBI Headquarters In Washington, D.C.
Federal Bureau Of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C. 20535-0001

Attn: Beneficiary,

This is to Officially inform you that it has come to our notice and we have thoroughly completed an Investigation with the help of our Intelligence Monitoring Network System that you legally won the sum of $800,000.00 USD from a Lottery Company outside the United States of America. During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be paid to you via a Certified Cashier’s Check.

Normally, it will take up to 10 business days for an International Check to be cashed by your local bank. We have successfully notified this company on your behalf that funds are to be drawn from a registered bank within the United States Of America so as to enable you cash the check instantly without any delay, henceforth the stated amount of $800,000.00 USD has been deposited with Bank Of America.

We have completed this investigation and you are hereby approved to receive the winning prize as we have verified the entire transaction to be Safe and 100% risk free, due to the fact that the funds have been deposited at Bank Of America you will be required to settle the following bills directly to the Lottery Agent in-charge of this transaction whom is located in United Kingdom. According to our discoveries, you were required to pay for the following –

(1) Deposit Fee’s ( Fee’s paid by the company for the deposit into an American Bank which is – Bank Of America )
(2) Cashier’s Check Conversion Fee ( Fee for converting the Wire Transfer payment into a Certified Cashier’s Check )
(3) Shipping Fee’s ( This is the charge for shipping the Cashier’s Check to your home address )

The total amount for everything is $200.00 (Two Hundred-US Dollars). We have tried our possible best to indicate that this $200.00 should be deducted from your winning prize but we found out that the funds have already been deposited at Bank Of America and cannot be accessed by anyone apart from you the winner, therefore you will be required to pay the required fee’s to the Agent in-charge of this transaction via Western Union Money Transfer Or Money Gram.

In order to proceed with this transaction, you will be required to contact the agent in-charge ( Mr. Bruce Hutchinson ) via e-mail. Kindly look below to find appropriate contact information:

CONTACT AGENT NAME: Mr. Bruce Hutchinson
E-MAIL ADDRESS: brucehutchinson00@gala.net
Telephone Number : +234-802-959-2149, 0092348029592149.

You will be required to e-mail him with the following information:

FULL NAME:
ADDRESS:
CITY:
STATE:
ZIP CODE:
DIRECT CONTACT NUMBER:

You will also be required to request Western Union or Money Gram details on how to send the required $200.00 in order to immediately ship your prize of $800,000.00 USD via Certified Cashier’s Check drawn from Bank Of America, also include the following transaction code in order for him to immediately identify this transaction : EA2948-910.

This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $200.00 ONLY to Mr. Bruce Hutchinson via information in which he shall send to you, if you do not receive your winning prize of $800,000.00 we shall be held responsible for the loss and this shall invite a penalty of $200.00 which will be made PAYABLE ONLY to you (The Winner).

Robert Mueller
Washington DC FBI.
Room, 7367
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001

NOTE: In order to ensure your check gets delivered to you ASAP, you are advised to immediately contact Mr. Bruce Hutchinson via contact information provided above and make the required payment of $200.00 to information in which he shall provide to you

Risk Management Guide for IT: SDLC

NIST 800-30, risk management guide for IT discusses how risk management framework matches to the system development life cycle (SDLC) , risk assessment methodology, risk mitigation, and good practice of ongoing risk assessment.

A system and its information must be protected from cradle to grave. That is why risk management applies to the entire system development life cycle. The level of risk to the system and its data depends on the criticality or importance of the system to the business and/or mission it supports.
The system development life cycle consists of: Initiation, Development/Acquisition, Implementation, Maintenance/Operations, and Disposal.

How Risk Management Framework matches to the System Development Life Cycle

Guidance for Health Insurance Portability and Accountability Act (HIPPA)

NIST Special Publication 800-66 offers guidance for HIPPA. HIPPA is broken up into (5) different Titles:
Title 1) Healthcare accessibility, portability and renewability
Title 2) Healthcare Fraud and abuse prevention; Healthcare Liability; Administrative Simplicity
Title 3) Tax-related healthcare provisions
Title 4) Group Health plan
Title 5) Revenue Offset

The focus of NIST SP 800-66 is Title 2 Administrative Simplification, HIPPA Security Rule. The HIPPA Security Rule is broken into Electronic Data Interchange (code set, identifiers, transactions), Privacy, Security.
Security includes all efforts to protect the confidentiality, integrity & availability of electronic protected health information (EPHI). HIPPA Security is applicable to covered entities. Covered entities include: Covered Healthcare providers, health plans, Healthcare Clearinghouses, and Medicare prescription drug card sponsors.

This involves physical, administrative, technical safeguards, organizational requirements, policy, procedure and documentation requirements. The controls are used to meet these controls are required or addressable.

Physical security safeguards: all security controls needed to physically protect electronic protection health information (EPHI) and resources. These controls reduce physical access to the EPHI systems and their resources by isolating and limiting and locking areas in which the resources housing EPHI is located.
Administrative safeguards: administrative controls include documentation, procedures that reflect the security of systems containing EPHI.
Technical safeguards: technical security features that protect EPHI. This includes access control lists, least functionality on ports, protocols & services and other logical protection mechanisms over a network.
Organizational requirements: organizational requirements include policies, standards and guidelines that the organization must adhere to. This may include federal, state law and healthcare best practice.
Policy, procedure and documentation requirements: physical, administrative, technical controls are captured in documentation to establish a baseline, have consistency and act as a blueprint for future employees and/or managers.

NIST SP 800-39, Manage Information Security Risk

NIST 800-39 is a federal document that talks about risk management of information system and their security. It is cited as one of the sources for the ISC2 Certified Authorization Professional (CAP) certification. For study of the document go to Chapters 2 and 3 of 800-39. Chapter 2 talks about the fundamentals of risk management & chapter 3 breaks down the process of applying risk management across and organization.

The Fundamentals of Risk Management (Chapter 2, 800-39)
800-39 goes into the philosophy (or “the why”) and the how of managing information security at multiple levels (or multitier risk management approach). The three layers (or tiers) of risk management addressed in the 800-39 are:
Tier 1: Organization level
Tier 2: Mission/Business Process level
Tier 3: Information System level

Tier 1: Organization Level risk management
Tier one addresses security from the organizations perspective. The activities include the implementation of the first component of risk management, risk framing. Risk framing provides context of all the risk activities within an organization, which affects the risk activities of tier 1 & 2. The output of risk framing is Risk Management Strategy. In tier 1 the organization establishes and implements governance structure that are in compliance with laws, regulations and policies. Tier 1 activities include establishment of the Risk Executive Function, establishment of the risk management strategy and determination of the risk tolerance.

Tier 2: Mission/Business Process Level risk management

Tier 2 risk management activities include: 1) defining the mission/business processes to support the organization. 2) Prioritize the mission/business process with respect to the long term goals of the organization. 3) Define the type of information needed to successfully execute the mission/business processes, criticality/sensitivity of the information and the information flows both internal and external of the information.

Having a risk-aware process is an important part of tier 2. To be risk-aware senior leaders/executives need to know: 1) types of threat sources and threat events that could have an adverse affect the ability of the organizations 2) the potential adverse impacts on the organizational operations and assets, individuals, the Nation if confidentiality, integrity, availability is compromised 3) the organization’s resilience to such an attack that can be achieved with a given mission/business process

Tier 3: Information System risk management

From the information system perspective, tier 3 addresses the following tasks:
1) Categorization of the information system
2) Allocating the organizational security control
3) Selection, implementation, assessment, authorization, and ongoing

Chapter 3 focuses on the step to have a comprehensive risk management program. The tasks discussed include:
Risk Framing
Risk Assessing
Risk Response
Risk Monitoring

Risk Framing
Risk framing are the assumptions, constraints, risk tolerance and priorities that shape an organization’s managing risk. Risk framing is created based on organizational governance structure, how much money is available, regulations imposed, environment, culture and trust relationships.
In order to “frame” risk (or get an organizational context of the risk) the organization must determine: Risk assumptions, risk constraints, risk tolerance and priorities/trade-offs

Risk Assumptions
Risk assumption has to do determining how to risk will be assessed for an organization. Assumptions are based on identification of threats, vulnerabilities, the impact to the organization if attacks are successful and likelihood of attacks.

Risk Constraints
Risk constraints have to do with accepted limits of risk assessments, risk monitoring & risk response. Those limitation might be financial, cultural, the need to rely on legacy systems, or regulations imposed on the organization.

Risk Tolerance
Risk tolerance is how much risk the organization is willing to take.
Priorities/Tradeoffs
Risk is experienced at different levels, in different forms, and in different time frames. At Tier
1, organizations make trade-offs among and establish priorities for responding to such risks. Organizations tend to have multiple priorities that at times conflict, which generates potential risk. Approaches employed by organizations for managing portfolios of risks reflect organizational culture, risk tolerance, as well as risk-related assumptions and constraints. These approaches are typically embodied in the strategic plans, policies, and roadmaps of organizations which may indicate preferences for different forms of risk response. For example, organizations may be willing to accept short-term risk of slightly degraded operations to achieve long-term reduction in information security risk.
However, this trade-off could be unacceptable for one particularly critical mission/business function (e.g., real-time requirements in many industrial/process control systems). For that high-priority area, a different approach to improving security may be required including the application of compensating security controls.

Risk Assessment
Risk assessment is threat & vulnerability identification and risk determination. Organizaitonal risk framing is a prerequisite to risk assessments, because methods of risk assessment must be established by the contexts of the organizations risk.

Risk Response
Risk response identifies, evaluates, decides on, and implements appropriate courses of action to
accept, avoid, mitigate, share, or transfer risk to organizational operations and assets, individuals,
other organizations, and the Nation, resulting from the operation and use of information systems.
Risk identification is key to risk response. Risk types include:
Risk accept- is the appropriate risk response when the identified risk is within the organizational risk tolerance. Organizations can accept risk deemed to be low, moderate, or high depending on particular situations or conditions.

Risk avoidance– Organizations may conduct certain types of activities or employ certain types of information technologies that result in risk that is unacceptable. In such situations, risk avoidance involves taking specific actions to eliminate the activities or technologies that are the basis for the risk or to revise or reposition these activities or technologies in the organizational mission/business processes to avoid the potential for unacceptable risk.

Risk mitigation-adding management, technical, administrative safeguards to minimize identified risks to the system.
Risk share & transfer- Risk sharing or risk transfer is the appropriate risk response when organizations desire and have the means to shift risk liability and responsibility to other organizations. Risk transfer shifts the entire risk responsibility or liability from one organization to another organization (e.g., using insurance to transfer risk from particular organizations to insurance
companies).

Risk Monitoring – Risk changes with each modification of the system. It’s important to monitor the changes of the risk of a system. Changes to threats can also change risk.

It is 2011 and the economy is still limping along. Despite the slump in economic prosperity around the word, there is still a demand for jobs. Here are some tricks that have allowed me to not be affected at all by the recession.

I have put together a quick list of 5 things I have done to get jobs quickly.

1) Advertise yourself! – Post your resume on indeed.com, monster.com, simplyhired.com, linkedin.com. Create a blog and talk about your industry.

There are a few job search engines that allow you to search the web for decent jobs in ANY career field. And these sites are equal or better than monster.com:
http://www.indeed.com
http://www.simplyhired.com

2) Use keywords related to the field on your resume and put in online – Employers searching through resumes are focusing on keyword/phrases.

3) Talk to job recruiters – Employers often use job recruiters to find workers. So, these recruiters have constant access to many different opportunities.

4) Check the current trend in your industry – Be aware of what is going on in the industry you are in. Use indeed.com/jobtrends to search keywords

5) Be willing to travel & negotiate travel – being willing to give a little to an employer can make you more attractive to an employer.