1. 1
MIS 673 Cyber Security Governance
Assignment 1
Upward Bound Airlines Caselet
Profile
• International airline, founded in 1980, serving 31 cities; 16 in
the US, two in
Canada, two in Mexico and 11 in Europe.
• International headquarters in Chicago, Illinois, USA; with a
small office at each
airport and five regional offices
• Has approximately 9,000 employees and a few hundred long-
term contractors
Company Profile – Upward Bound Airlines
2
• Financed, for the most part, by investment banks, it has grown
from a small, �hometown� airline into a profitable

2. international
carrier. The �secret sauce� for Upward Bound is efficiency of
operations.
• All airplanes are the same basic model and version, and this
airline
has spare parts for airplanes at every airport out of which it
operates. These two key factors have led to the lowest time per
repair in the industry.
• Additionally, ground operations, including maintenance,
baggage
handling, fueling, etc., are extremely efficient, leading to,
amongst
other things, the best on-time record in the industry.
• At the same time, though, Upward Bound has been squeezed
by
the high cost of aviation fuel and, unfortunately, the standard
model of airplane that this company uses is not particularly fuel
efficient.
Background Information – What We Do
3
What we do
Org. Structure
Departments
Industry
Marketing

3. Financials
• The jet fleet is aging—the average age of an Upward Bound
airplane is 12 years—and the vice president (VP) of ground and
flight operations is pushing the idea of buying a new jet fleet.
• Doing so will drain the company of its cash reserves, but the
high cost of aviation fuel combined with the age of the jet fleet
make starting to replace jets soon inevitable. Upward Bound is
bracing for the anticipated cash crunch by putting austere cost-
saving measures in place:
• Reducing the workforce—up to 20 percent of employees will
be
terminated by the end of the year
• Outsourcing most IT operations by moving to cloud computing
services
Background Information – What We Do
4
What we do
Org. Structure
Departments
Industry
Marketing
Financials

4. • Publicly owned company
• Last year the gross revenue was US $296 million and profit
was US $19 million
• Debt amounts to US $110 million
Background Information – Financials
5
What we do
Org. Structure
Departments
Industry
Marketing
Financials
Background Information – Org. Structure
6
What we do
Org. Structure

5. Departments
Industry
Marketing
Financials
CEO
Business Operations
Ground & Flight Operations
CIO
CFO
COO
CISO
External Relations
Administration
VP, Marketing
VP, Accounting
VP, Finance
VP, Infrastructure
VP, Application Development
Security Analyst

6. Public Relations Manager
VP, Human Resources
VP, Legal
Compliance Officer
The board of directors:
• Consists of highly qualified professionals made up of CEOs
and chief operations officers (COOs) of prominent
corporations within the transportation industry
• Has one member who was the former US Secretary of
Transportation
• Is very active and meets at least every month
• Sometimes has additional meetings to cover urgent issues
(budget issues, in particular) that cannot wait until the next
board meeting
Background Information – Org. Structure
7
What we do
Org. Structure
Departments
Industry

7. Marketing
Financials
The CEO:
• Is Sara Robbins, for the past seven years
• Is, above all else, a true visionary
• Has initiated many of the operational improvements
• Is a reasonable person who will take calculated
risks to fatten the bottom line
Background Information – Org. Structure
8
What we do
Org. Structure
Departments
Industry
Marketing
Financials
• The company consists of departments which are assigned

8. one or more major functions. For example, some of the
departments are:
• Business operations
• Ground and flight operations
• External relations (public relations [PR]/customer
relations)
• Administration (legal, human resources [HR], regulatory
compliance)
• IT reports to the chief information officer (CIO) and has a
staff of 120 employees who, for the most part, are technical.
Most of this staff will be gone by the end of the year due to
the move to cloud services.
Background Information – Departments
9
What we do
Org. Structure
Departments
Industry
Marketing
Financials
• Competition for passengers and freight shipping within the
airline industry is tough.

9. • Upward Bound Airlines competes well by passing on the
savings from its efficient operations to customers, thereby
offering attractive prices on most tickets.
• The airline�s marketing efforts are average; it could be more
competitive if it increased its marketing efforts.
• With the coming cash crunch, though, the company cannot
afford to invest more money in marketing at this time.
Background Information – Industry
10
What we do
Org. Structure
Departments
Industry
Marketing
Financials
• Upward Bound Airlines relies heavily on marketing to boost
its sales.
• Its marketing budget is one of the biggest line items.
• Its marketing staff consists of many marketing-savvy
individuals.

10. • The main message that the marketing organization tries to
get across is the airline�s efficiency and reliability and the
advantages these hallmarks of the airline offer to busy
passengers.
Background Information – Marketing
11
What we do
Org. Structure
Departments
Industry
Marketing
Financials
• The cash crunch that Upward Bound Airlines will almost
certainly experience in the
near future will cause repercussions in the company�s
information security practice.
• The CEO has told you to expect to lose at least one of your
team members by the
end of the year, but this is only a minor problem compared to
the advent of cloud
services.
• You have been informed that much of the IT infrastructure

11. will be scrapped in
favor of cloud services. For example, all mail servers are going
to be taken out of
service, their hard drives will be erased and they will all be sold
on eBay® by the
end of the year.
The Problems
12
© 2013 ISACA. All rights reserved.
• Google will provide all mail services instead.
• The same is true of business applications— software as a
service (SaaS) provider
Zoho will provide all business applications.
• All corporate web servers will be hosted by Amazon.
The Problems
13
© 2013 ISACA. All rights reserved.
Exhibits – Network Architecture
14
© 2013 ISACA. All rights reserved.

12. You have to re-configure the information security approach that
you and your staff
developed less than one year ago to make it appropriate for the
massive changes in
the IT infrastructure that are about to occur.
The existing security architecture contains the following
elements:
•Policy and security standards that cover all major types of
computing and network
technologies
•Screening routers, stateful firewalls and a virus wall at each
exterior gateway
•Spam filter and antivirus software on each mail server
•Network-based intrusion detection in each of Upward Bound�s
six networks and
sensors distributed within each network
•Endpoint security (antivirus plus antispyware plus personal
firewall) on each
Windows ® workstation
The Problems
15
© 2013 ISACA. All rights reserved.
• Application firewalls in front of each web server farm
• VPN connectivity from the outside to each of the six Upward
Bound networks via

13. a VPN server
• A central log aggregation server in each network
• Encryption of all connections to and from each business
critical server
• Tripwire® (a file and directory integrity checking tool) on
each business critical
server
• A hot site at which critical business operations can be up and
running within three
hours
The Problems
16
© 2013 ISACA. All rights reserved.
• The decisions concerning revised information security
approach will be made by
you and your team members, one of whom is the security
architect.
• The change control board led by the CIO must approve any
proposed changes
before they go into effect.
The Problems
17
© 2013 ISACA. All rights reserved.

14. • Are a seasoned veteran
• Have been in some kind of
information security
management position for nearly
20 years, with the majority of
the time in a CISO position
• Were grandfathered as a
Certified Information Security
Manager® (CISM®) in 2002 and
hold a bachelor�s degree in IT
and a master�s degree in
business administration (MBA)
Your Role
18
© 2013 ISACA. All rights reserved.
• You are the chief information security
officer (CISO) of the airline and are
based at the Chicago headquarters. You
report to the chief executive officer
(CEO) and attend the weekly senior
management meeting. You have been
with the company for slightly more
than 10 years.
• The Information Security Department
has four full-time information security
staff members, all of whom report
directly to you and are based at the

15. Chicago headquarters.
• Two groups that have offered a baseline of definitions (for
cloud computing) are
the National Institute of Standards and Technology (NIST) and
the Cloud Security
Alliance.
• They both define cloud computing as a model for enabling
convenient, on-demand
network access to a shared pool of configurable computing
resources (e.g.,
networks, servers, storage, applications and services) that can
be rapidly
provisioned and released with minimal management effort or
service provider
interaction.
• Another way to describe services offered in the cloud is to
liken them to that of a
utility. Just as enterprises pay for the electricity, gas and water
they use, they now
have the option of paying for IT services on a consumption
basis.
Notes
19
© 2013 ISACA. All rights reserved.
Three major types of cloud services currently exist:

16. • Software as a service (SaaS)
• Capability to use the provider’s applications running on cloud
infrastructure. The applications
are accessible from various client devices through a thin client
interface such as a web browser
(e.g., web-based email).
•Infrastructure as a service (IaaS)
• Capability to provision processing, storage, networks and
other fundamental computing
resources, offering the customer the ability to deploy and run
arbitrary software, which can
include operating systems and applications. IaaS puts these IT
operations into the hands of a
third party.
• Platform as a service (PaaS)
•Capability to deploy onto the cloud infrastructure customer-
created or acquired applications
created using programming languages and tools supported by
the provider.
Notes
20
© 2013 ISACA. All rights reserved.
• In the Upward Bound Airlines scenario, in moving its IT
operations to the cloud, this
company is, in effect, outsourcing these operations (including
web-hosting
services) using one or more IaaS providers.

17. • From a security risk management perspective, this means that
many of the
mainstay network security controls that Upward Bound�s
information security
practice has used for years are no longer likely to be relevant.
• No longer will relevant controls need to be phased out over
time; new, cloud-based
controls need to be phased into a revised security architecture.
Notes
21
© 2013 ISACA. All rights reserved.
• For instance, as Upward Bound moves to the cloud, externally
originated attacks
against hosts within Upward Bound�s networks are not likely
to comprise as great a
level of risk as before.
• Externally originated attacks against Upward Bound
applications, databases and
web servers in the cloud will, in contrast, comprise major risk.
Mitigating this risk
will be more difficult because Upward Bound cannot directly
control what happens
in the cloud.
• If Upward Bound management is wise, security controls
should be included in its
statement of work (SOW) or service level agreement (SLA) with

18. the cloud provider.
• Note that Upward Bound has a very strong operations
orientation. Any risks and
related control measures that can potentially disrupt operations
are, thus, an
especially important consideration.
Notes
22
© 2013 ISACA. All rights reserved.
© 2015 Laureate Education, Inc. Page 1 of 1
Providing Feedback
When providing feedback in an online course, where others
cannot see your body
language, it is important that your feedback is critical and
supportive.
The following six recommendations are intended to guide your
feedback to others. Prior
to providing your colleagues with feedback, please review the
following:
1. Start your feedback with an affirmative or positive comment
and include
something you genuinely appreciated about your colleague’s

19. Assignment.
Example: “Toni, it seems you spent a great deal of time on this
Assignment. I
really appreciate your attention to detail!”
2. Ask clarifying questions rather than jumping to conclusions.
Example: “I notice that you wrote ‘I think Lincoln was the
worst American
President ever,’ and I was wondering if you could clarify your
thinking.”
3. Use your “I” statements and focus your feedback on your
thoughts rather
than interspersing your feedback with words such as “you” and
“your,”
which might seem like a personal attack.
Example: “In reading your Assignment, I find that I do not
agree with this stance
on abortion. Let me explain my thoughts.”
4. If you fear that your response might be misunderstood, revise
it before
submitting it.

20. 5. Conclude your feedback on a positive note so the last
comment your
colleague reads from you is supportive.
Example: “Though it seems we are in disagreement on a few
points, I think your
Assignment was done exceptionally well with a great deal of
detail.”
6. Before submitting your feedback, read what you wrote out
loud and make
sure it is both critical and supportive.
A great deal of people feels apprehensive and miserable every
now and then, but when does it take over their whole lives?
Losing a loved one, doing poorly in school or work, being
bullied and other hardships might lead a person to feel sad,
lonely, scared, nervous and/or anxious. Some people experience
this on an everyday basis, sometimes even or no reason at all.
Those people might have an anxiety disorder, depression, or
both. It is highly likely for someone with an anxiety disorder to
also be suffering from depression, or the other way around.
What is depression?
“Depression (major depressive disorder) is a common and
serious medical illness that negatively affects how you feel, the
way you think and how you act.”
The best, effective, treatment for this is antidepressant
medication.
Dysthymic Disorder (Persistent depressive disorder) causes you
to have a low mood for as long as a year, sometimes even
longer. What this means is that you will feel sad a lot of the

21. time. The symptoms you would experience would be sadness,
feeling tired very often, changes in eating habits, and changes
in sleeping habits. About 2% of the American population has
this type of depression. The best treatment would be therapy as
opposed to medication, although combining the two might result
in a faster improvement.
Seasonal Affective Disorder (SAD) takes place during the
winter weather, this is due to the lessening of the sunlight
during those months. The symptoms include lack of energy,
eating more than you would usually, sleeping more and gaining
weight. People are diagnosed after they have had these
symptoms present during the winter for more than 2 years. This
type of disorder can be treated with artificial light treatment.
During light therapy, you sit or work near a device called a light
therapy box. The box gives off bright light that mimics natural
outdoor light.
Bipolar Disorder used to be known as “manic depression”,
because the person experiences depression, normal mood and
mania, which is basically the opposite of depression. Symptoms
for Bipolar Disorder include feeling great, having a lot of
energy, having racing thoughts, little need for sleep, taking fast,
having difficulty focusing on tasks. An effective bipolar
depression treatment plan may combine different approaches,
including medication, talk therapy or counseling, education,
self-care strategies, support from family, friends, advocacy
groups, and others with bipolar disorder.
Major depressive disorder (MDD) is a disorder of an individual
that is undergoing repetitive patterns such as sadness, feeling of
self-worthlessness, thoughts or expression of suicide and self-
destruction. (www.teendepression.org). Depression can be
spread through families if there is a history of depression.
Detecting depression is not always easy to detect because in
teens depression and normal teenage moodiness is hard to
differentiate. Teens that suffers from depression can lead to
failure in school, alcohol or and other drug use and even
suicide. There are 15 to 20% of American teens that are

22. involved in depression.
Teen moms heard this a lot from others, the older generation
and other teens, "You made your bed, now lie in it." Which
means that you decided to have sexual intercourse with a guy
and you now have to live with it. But what about their feeling in
all of this because many teen fathers or the ones that father the
children, since they could not be the mothers’ age and are older
than them, don’t want to do anything for the child or children at
all so it is hard for the moms, then the sadness set in.
Mood disorders put teens at risk for unplanned pregnancy,
increase the chances of postpartum depression, and make
parenthood harder. Teen moms face plenty of challenges, from
dealing with the shame and stigma of an unplanned pregnancy
to finishing school and finding employment. Many must also
deal with the challenges of mental illness. Researchers have
found that twice as many teen moms are at risk of developing
postpartum depression (PPD) as their older counterpart, and
nearly three times as many teens with mental illness get
pregnant as adolescents without a disorder.
According to a survey of 6,400 Canadian women published in
the journal Pediatrics in May 2012, the highest incidence of
postpartum depression occurred among girls age 15 to 19 – at a
rate twice as high as PPD in moms older than 25.
Although research on the incidence and causes of PPD in teens
is scant, a study published in the August 2014 issue of Maternal
and Child Health Journal found a correlation in teen moms
between increased stress from parenting and the risk of
postpartum depression.
That connection makes sense to Gloria Malone, who gave birth
to her daughter four days shy of her 16th birthday. "I was so
busy taking care of my baby, packing her diaper bag and my
backpack in the morning so she could go to daycare and I could
go to school," says Malone, now 24 and a teen mom advocate in
New York City. "There was no time for myself, and no one
stopped to ask me, ‘how are you feeling?' Mental health was not
on my radar."

23. Atypical depression is one category of depression. What’s
happening in a person’s life strongly affects atypical depression
and its symptoms. These might be major life events, such as
graduating, moving, or a breakup or they could be small
positive or negative events. Atypical depression is actually very
common among teens: Some three million adolescents have at
least one major depressive episode annually.
What is Atypical Depression?
Atypical depression is one of several types of depression. It is a
subtype of major depressive disorder. It is different from other
types of depression, such as melancholic depression, because it
is impacted by circumstances in the person’s environment.
Symptoms of atypical depression include increased appetite or
weight gain, sleepiness or excessive sleep, fatigue, extreme
sensitivity to rejection, problems concentrating, and recurring
thoughts of suicide. Those with atypical depression typically no
longer enjoy activities that they once found pleasurable and feel
a sense of leaden paralysis. Adolescence is typically the time
when people with atypical depression first experience
symptoms.
There are many different types of depression that can affect
teens in ways we just do not know of. People think that their
teen is just moody when it can be something entirely different.
Depression is something that needs to be caught in the
beginning so it can be treated so the teen can live a better life.
Work Citied
Admin, A. (n.d.). Retrieved November 1, 2018, from
http://www.teendepression.org/

24. Alaska Northern Lights, Inc. (n.d.). About Seasonal Affective
Disorder (SAD). Retrieved November 1, 2018, from
http://www.alaskanorthernlights.com/sad.php?gclid=CjwKCAjw
sfreBRB9EiwAikSUHbOoyX06UEHjPB9RglQnJ7TOVjSoCXiIf
Vn3tr-OVkpkHnLeu9q3eBoCvQsQAvD_BwE
Monroe, J. (2017, August 31). Atypical Depression | A-Z Teen
Health Glossary. Retrieved November 1, 2018, from
https://www.newportacademy.com/resources/glossary/atypical-
depression/
Persistent depressive disorder (dysthymia). (2017, August 08).
Retrieved November 1, 2018, from
https://www.mayoclinic.org/diseases-conditions/persistent-
depressive-disorder/symptoms-causes/syc-20350929
The Mental Health of Teen Moms Matters. (n.d.). Retrieved
November 1, 2018, from https://www.seleni.org/advice-
support/2018/3/14/the-mental-health-of-teen-moms-matters
1
MIS 673 Cyber Security Governance
Assignment 1
Total Points: 15
Instructions
1. Kindly read the assigned case “Upward Bound Airlines
Caselet” and answer the
questions listed under ‘Assignment Questions’.
2. Your responses should take into consideration the

25. requirements and needs of
Upward Bound Airlines as provided in the caselet.
3. At the minimum, submissions should reflect your
understanding of Brotby text.
You are free to use any other relevant references beyond the
prescribed text.
Assignment Questions
Question 1. Make a case whether or not to retain information
security function in the
light of IT infrastructure being scrapped in favor of cloud
services. (3 points)
Question 2. Is there any need to re-configure information
security approach to meet the
demands of new environment? Why? (4 points)
Question 3. What should be the focus of information security
function? (4 points)
Question 4. How would you set up information security for
Upward Bound Airlines to
address the challenges of new developments? (4 points)
Specifications for the assignment
1. Maximum length of the paper = 700 words
2. The general text of the paper, excluding headings and title,
should be
written with following format specifications
a. Font: Times New Roman
b. Font Size: 12, regular

26. c. Line spacing: double spaced
d. Alignment: left
e. Margins (inches): Left: 1.25; Right: 1.25; Top: 1; Bottom: 1
3. Do not forget to write your name as a header on each page.
4. Please enter page number as footer for each page.
5. Submit the assignment as pdf document.
6. Do not attach Certificate of Authorship. Do remember that
you are
required to submit original work only. Plagiarism is a serious
offence and
would be dealt with as per University rules.
Note: If you fail to meet the above specifications, your
assignment submission
would not be graded, and you would be awarded a zero.