SNHU Importance of Good Communication in Workplaces Discussion Paper

PART 1:

Choose one of the following audience and communication combinations to focus on in your initial post:

• Audience: Shareholders; Communication: Company annual report
• Audience: Users; Communication: Quick start guide
• Audience: Coworkers; Communication: Progress report
• Audience: Manager; Communication: Presentation
• Audience: Current client; Communication: Brochure

Research the audience and communication so you understand who the audience is and what the communication requires.

In an initial post:

• Discuss the possible purpose that you would have for creating the communication for the audience.
• Determine what would be the best channel for distributing the communication to the audience and explain why you chose that channel.

In a response to two peers:

• Identify a possible purpose you would have for creating the communication for the audience that was not identified in the initial post.
• Discuss whether you agree or disagree with your peer’s choice of channel for the audience.

PART 2 :

Prompt

Case Study: In 2019, one of the largest data breaches in history occurred when First American Financial Corporation, a real estate title insurance company, exposed over 885 million records on its public website. Included in these records was information such as Social Security numbers, bank account information, images of driver’s licenses, mortgage statements, tax documents, and wire transfer records dating all the way back to 2003. The company was not aware of the problem until it was notified by security expert Brian Krebs, an outside source.

A real estate developer outside of FAF first noticed this concern when they found that anyone who knew the URL for a valid document could then access any other document simply by changing a number in the URL. The company’s website, firstam.com, was leaking hundreds of millions of private documents not intended to be viewed by just any user. This means that any individual who had previously been emailed a link from FAF could possibly gain access to a plethora of sensitive and private documents. No authentication was required in order to access these documents, nor were they protected in any other way. This left a lot of personal and private information exposed for those with malicious intent to use in nefarious ways, for example, identity theft.

When FAF was notified of the breach, it shut down its website and immediately conducted an internal review. The initial findings noted that there was a “design defect in an application that made possible unauthorized access to customer data” (Newman, 2019). The identified defect could be referred to as a business logic flaw, which is “a category of vulnerabilities specific to an application and business domain . . . [It] allows an attacker to misuse the application by circumventing the business rules of the application” (Conikee, 2019). Only a user with an appropriate link would be able to access these documents. However, a user would not be asked to verify their identity. Therefore, access was easy and unauthenticated.

References

Conikee, C. (2019, July 26). 3 takeaways from the First American Financial breach. DarkReading. https://www.darkreading.com/breaches/3-takeaways-f…

Newman, L. H. (2019, May 24). Hack brief: 885 million sensitive financial records exposed online. Wired. https://www.wired.com/story/first-american-data-ex…

Supporting Materials

These articles will provide you with greater insight into the scenario provided and help you prepare for your response to the case study questions:

• Hack Brief: 885 Million Sensitive Financial Records Exposed Online
• 3 Takeaways from the First American Financial Breach
• Understanding the First American Financial Data Leak: How Did It Happen and What Does It Mean?

Guidelines for Submission

Security professionals should take the time to reflect on past incidents in order to prevent similar problems from occurring. Respond to the case study questions below related to the Module Two case study. Your submission should be 1 to 2 pages, double-spaced, and submitted as a Word document (.docx). Resources must be appropriately cited using APA style. You are allowed, although not required, to use resources outside of those provided within Module One, Module Two, and the Supporting Materials section.

Your responses should be in complete paragraphs and should contain the following:

• Answer all of the case study questions thoroughly and completely. Write out the questions in your submission.
• Make direct connections between the issues identified in the case study and the concepts covered in the provided resources in Modules One and Two, as well as the Supporting Materials.
• Support your answers with appropriate examples and facts drawn from the case study.
• Use correct grammar, sentence structure, and spelling, and demonstrate an understanding of audience and purpose.

Case Study Questions

• How did this breach occur? Briefly summarize the incident.
• Which pillars of the CIA triad were explicitly violated, given the scenario?
• What kinds of security controls could First American Financial Corporation have put in place to defend against this kind of data breach? Why?

PART 3:

Imagine you are the manager of a software development team working on new applications for your company, Optimum Way Development, Inc. Your director has called for all development teams to submit product briefs detailing their current projects. The director plans to share the most promising product briefs with clients at an upcoming meeting. You have software design documents (https://learn.snhu.edu/content/enforced/570166-IT-…) for two projects your team is currently working on.

Prompt

Since communications must be targeted to a specific audience, before you can create a product brief for a client, you must know more about the client. Your knowledge of the client will inform the decisions you make in the client brief—from the type of language you use to how you present data and graphics. To begin this milestone activity:

1. Choose one of the software design documents to focus on for both 2-1 Milestone Activity: Audience Persona and Project One: Non-technical Audiences.
2. Consider all of the different groups of people (audiences) who are likely to use that application.
3. Choose one audience to focus on for your persona.
4. Choose a stock picture and name for the persona that will serve as the representation of your chosen audience.
5. Identify demographics and psychographics associated with this audience.

Resources are not required, but any resources used must be appropriately cited using APA style. The following resources may help support your work on the project:

• Resource: Defining Audiences and Creating Personas
• Shapiro Library Resource: APA Style: Basics

Guidelines for Submission

To complete this activity, you must submit an audience persona.

Your audience persona must:

• Be at least 500 words
• Be single spaced
• Be submitted as either a Word document or PDF
• Completely address all of the requirements in the Prompt section

The audience persona can otherwise be formatted/organized in any manner.