Elements of a Well Written Paper

By Bonny Kehm, PhD, RN
Faculty Program Director, BS in Nursing Program

What are the elements of a well written paper?

Begin by taking a look at the assignment and the rubric. Consider your assignment criteria, the sources of information available to you via Excelsior College Library, and constraints such as length, document design, and assignment deadlines.

Open each paper with an introduction that clearly outlines your assignment and the topics discussed within the paper. Include a thesis statement. A thesis statement is usually presented in one sentence that appears at the end of the introduction.

Draft the body of the paper to support the thesis statement. Include evidence-based literature when applicable. Use credible sources to inform and support your thesis, and remember to acknowledge authors with in-text citations and reference pages.

End the paper with a strong conclusion that summarizes the key points made within the paper in a fresh way. Avoid introducing new ideas in the conclusion.

Did you know that Excelsior College provides its students with access to free academic resources? Learn more through our support resources page.

Open Educational Resources (OER) save college students money

Open Educational Resources (OER) are a trend in distance learning with a cost savings benefit for students. Kimberly Barss, Interim Lead Instructional Designer at Excelsior College’s Center for Online Education, Learning & Academic Services explains.

Excelsior Life: Can you help define Open Educational Resources (OER)?

Barss: Open Educational Resources are materials available for free on the web, often created by leaders in their respective educational fields, for the purpose of saving students money and advancing the knowledge of a given subject area.  Many OER projects are funded by large grant-making organizations such as the Hewlett Foundation, the Gates Foundation, or large universities.  Open Educational Resources (OER) come in many shapes and sizes and include things such as videos, podcasts, virtual laboratories, simulations, textbooks, and more. 

Excelsior Life: How does OER work at Excelsior College?

Barss: OER is integrated at the course level.  A subject matter expert, when developing the course, carefully selects all learning materials to promote learner engagement and achievement of the module, course, and program level objectives.  Instead of selecting a publisher textbook that costs the student $250 and will need to be replaced within the course when a new edition is published, he or she can integrate OER.

For example, History 101 and 102 both adopted an OER textbook that is highly regarded in the field called The American Yawp.  This textbook is free and available online from anywhere in the world with an internet connect, including on a student’s smart phone or tablet.  This digital textbook is also available to students on the first day of class, reducing anxiety about paying and waiting for a book to ship before the first assignment is due.  There are many benefits. 

Excelsior Life: Can you explain the difference between MOOC and OER?

Barss: A MOOC, or a Massive Open Online Course, is a course offered by an institution for no charge, with no cap on the number of registrants.  Some MOOCs are credit-bearing, and others are for information only.  MOOCs use OER materials to support the learning objectives, in place of paid-for materials.

At Excelsior, we do not offer MOOCs, but instead offer courses that fit within our degree programs and satisfy our requirements for earning credit or can result in a certification, such as with the Center for Professional Development’s OER-supported programs.

Excelsior Life: Excelsior College provides OER to serve students education at low cost. For example, research shows 74 courses at Excelsior College have a component of OER. The School of Business and Technology offers 28 courses and have saved $217 per student. What are some of the other benefits of OER for students?

Barss: Not all students are able to or will purchase the required textbooks for their courses.  Some who are unable to afford their books may drop out of their courses for fear that they may fail the course without the textbook.  Some students who may have registered late will experience anxiety or even drop their classes if they are unable to find the textbook or it doesn’t arrive in time.  Eliminating these barriers to student success benefit everyone in the end.  It is our mission to serve students who are traditionally underrepresented in higher education, and adopting OER is directly in line with this mission by reducing costs and improving the student experience.
 

 

Intrusion Detection Systems (IDS): Finally for the Vehicles

Vehicles have notoriously been vulnerable to attack from various sources. These have varied from the equipment, endpoints, and communication being insecure to open ports. Regardless of the source, these have historically and continue to provide ample attack surfaces for those with malicious intent.

Engineers in the automotive industry have attacked this issue from the defensive end. The information security engineers have reviewed the data flow, endpoints, and other equipment to write and apply the specifications to the vehicles and vendors. Where needed, these specifications are updated as technology advances. The issue with this position has been systemic with certain auto manufacturers. Info sec has been treated as an afterthought, brought in late during the project. This has also been labeled as trampling on a project’s success. This has allowed lax security in the vehicle and as it communicates with third party vendors. When there is not a sufficient amount of time to adequately specify the security requirements, have all parties approve them, and implement this into the design, there are vulnerabilities in the design and implementation. This has been seen over and over with the vehicle attacks on the brakes, the connected vehicle app being insecure, the fob not being secure as it communicates with the vehicle, and many other vulnerabilities that had been researched over the last four years. These methods have not been robust to the level needed for the vehicle attacks (Cho & Shin, 2016).

The prior methods for info security focused on the equipment in the car and methods of communication being secure via encryption, TLS 1.2, SAML, and other methods. Researchers at the University of Michigan (Cho & Shin, 2016) have shifted the focus from this. The researchers proposed an intrusion detection system (IDS) focused on seeking anomalies. These, in theory, could be anywhere in the vehicle’s communication channels. The researcher’s with this application have focused on the clock or chip-based IDS (CIDS). In short, this is designed to stop the interference with the CAN Bus (Gray, 2016). This works by sniffing the CAN Bus profile. The individual devices communicate with the Bus. As these pieces of equipment do this, they provide a fingerprint of their clock derived from the oscillators, crystals, etc. This is constructed using the Recursive Least Squares (RLS) algorithm (Cho & Shin, 2016) and takes only seconds to accomplish this (Greenberg, 2016). Over time, the tool monitors these to acquire their specific fingerprint.

With these documented, the tool looks for anything unusual or an anomaly with the equipment seeking to communicate with the CAN Bus in the form of an incongruity between the approved and authenticated equipment/source in the database and the fingerprint of the equipment attempting to communicate with and to the vehicle. An issue that would be red-flagged would be in the form of an attack from a third party spoofing messages, commands, or directions. These may be directed at the brakes or transmission of the vehicle (Greenberg, 2016). Any message without the acceptable signature would be flagged as not coming from the chip and equipment. This checking is accomplished with the Cumulative Sum (CUSUM) method (Cho & Shin, 2016). Their research indicates this new method of securing the vehicle shows a false positive rate of 0.0055%. This was accomplished with an experiment with the Honda Accord, Toyota Camry, and Dodge Ram, simulating attacks that would normally be from a third party.

In Part 2, I will take a closer look at the ‘tool’.

References

Cho, K.-T., & Shin, K.G. (2016). Fingerprinting electronic control units for vehicle intrusion detection. Retrieved from https://kabru.eecs.umich.edu/wordpress/wp-content/uploads/sec16-final165_final.pdf

Gray, P. (Producer). (2016, July 21). #419—Brian Krebs on future of bank cybercrime. Risky.biz [Audio Podcast]. Retrieved from http://risky.biz/RB419

Greenberg, A. (2016, July 14). Clever tool shields your car from hacks by watching its internal clocks. Retrieved form https://www.wired.com/2016/07/clever-tool-shields-car-hacks-watching-internal-clocks/


About Charles Parker, II

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Mr. Parker has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.

What to Do? Breach Response

Most recently, a hack on the infidelity website known as Ashley Madison made the identities of thousands of formally confidential members public. Despite the disadvantages of these hacks, they can teach us some important things about cybersecurity.Years ago, a business could plan to secure its enterprise. The IT department would harden the system and in most cases there would be a reasonable assurance the enterprise was relatively safe. Things have changed as technology has improved. This improvement has come at a price. The
speed of advancement has not been the easiest environment in which to apply security. This lack of applied security has promoted several issues. This has been noted in many breaches. This has clearly only grown in importance as the breaches the breaches are more common and the businesses provide more data to steal.

In the case of a breach, the first act is that the alleged breach must be verified to have occurred. If one did occur, the business needs to analyze what was affected. Not all breaches are reportable. If there happens to be data involved of a consumer confidential nature, there would need to be a notification. The trigger point would be the data having social security numbers, driver’s license numbers, financial account numbers, passwords, and other personally identifying information.

The business also may be required to notify the affected parties with in a specific amount of time. This period varies on the state and federal level, depending on the subject matter and jurisdiction.  Many states instead of putting a number of this period, simply state this have to be done within a “reasonable” time period. This generally is accepted as 45 days. If there is HIPAA information involved, there may be a timeline in place for the notification.

Once the timeline is in place and divided on, the notice itself has to be written. This is also dependent on the jurisdiction. Certain states have requirements that have to be met. For instance, Rhode Island has for its notification law six items to be met. There may be a template or form letter to be used.

These events are not going to slow down in occurrence or magnitude. As the attackers have operationalized this as a business, it has proven itself to be a revenue producer, and popular as an attack tool.


About Charles Parker, II

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Mr. Parker has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.

What does your email username say about you?

Remember when it was fun and necessary to be creative with a user name? It may have even been a competition.  Let us remind you of some creations that we may have seen in the last two decades: AnGelgurl4Life, Aquagirl007, cutemomma0f3, or how about 2fast4u81?

While these are fun, catchy, and may even speak to us, they can come across as unprofessional to others. Think about how hiring managers would react to your email address when your resume pops into their in boxes.  What do you think their first reaction would be? Here are some good thoughts for creating a professional user name that will help you to create a good first impression:

  • Create an email that includes your first and last name with a number. You can also use a combination of these, for example an initial and number would also work.
    SNL
    image retrieved from http://quickbase.intuit.com/blog/10-most-cringe-worthy-career-mistakes
  • Another benefit to using your name is that the receiver will automatically know who you are and would not have to search the message for your information.
  • Think of Jane Doe. What would be a good email for her? JaneDoe12@….com, DoeJ@….com, or DoeJane1@….com would all suffice. We’re sure you could come up with many other combinations as well.

So we challenge you to take a look at your email. What would make it more professional? Does it include your name? Does it have the potential to make someone think differently of you?  Don’t miss out on an opportunity due to an email user name that is just plain silly.

Your Student Success Coaches,

Savannah & Hannah

Savannah White, Student Success Coach
Savannah White, Student Success Coach

Understanding Hepatitis: Diagnosis, Symptoms, and Treatment

What is Hepatitis?

The word hepatitis breaks down to hepa, which refers to the liver, and itis, which means inflammation. Therefore, hepatitis means there is inflammation of the cells within the liver.

Several types of acute (short-term) and chronic (long-term) hepatitis exist. These are primarily caused by viruses, but can also be caused by bacterial infection, and immunological disorder, or liver damage resulting from consumption of alcohol, drugs, or poison.

Magill’s Medical Guide summarizes the five most common types of hepatitis as follows:

  1. Hepatitis A (HAV) is caused by consumption of contaminated food or water.
  2. Hepatitis B (HBV) is a sexually transmitted disease.
  3. Hepatitis C (HCV) is spread via direct contact with the blood of someone who is infected with HCV.
  4. Hepatitis D (HDV) is seen only in someone who is also infected with hepatitis B.
  5. Hepatitis E (HEV) is caused by eating or drinking contaminated food or water.

Other forms of hepatitis include:

  • Hepatitis G (GBV-C), spread by the blood of someone infected with GBV-C.
  • Hepatitis X, diagnosed when the inflammation cannot be identified as any other form of hepatitis.

How is hepatitis diagnosed?

An individual who suspects they may have hepatitis should see a health care provider as soon as possible, not only to seek diagnosis and treatment, but to reduce the spread of this disease. The health care provider will take their health history, ask about their symptoms, and conduct blood and other diagnostic tests, such as a liver biopsy, ultrasound, and CT scans.

What are the symptoms of hepatitis?

Symptoms of hepatitis include fatigue, flu-like symptoms, abdominal pain, loss of appetite, unexplained weight loss, and yellowing of eyes and skin. Dark urine and pale stools may also be present. If left untreated, the liver will eventually stop functioning normally and liver failure can occur. This can result in bleeding disorders, fluid buildup in the abdomen which can cause breathing difficulty, liver cancer, kidney failure, and a decrease in mental abilities. If left unchecked, it can also lead to death.

How is hepatitis treated?

Treatment varies with the type of hepatitis. For instance, hepatitis A, acute hepatitis B, and hepatitis E do not require treatment beyond bed rest and hydration. Avoiding alcohol is also important for those with hepatitis, since alcohol is toxic to the liver. Other forms of hepatitis are treated with different medications that target specific types of viruses. Some individuals with hepatitis C may need a liver transplant.

If you think you may have hepatitis, or have questions about this disease, contact your primary health care provider. You can also seek out support groups for those affected by specific forms of hepatitis.

References

Alder, R. P., & Irons-Georges, T. (2016). Hepatitis. Magill’s Medical Guide (Online Edition).

Attracting More Men to the Nursing Profession

male nurse at work stationDid you know that men have always been nurses? The first school for male nurses was established in India around 250 BCE, and documentation exists of men serving as nurses as far back as 1600 BCE and the 2nd Century CE.

However, many nursing organizations in the late 1800s and early 1900s restricted men from entering nursing. In their 2008 article about men in nursing, Brown, Nolan and Crawford note that even Florence Nightingale believed that “men’s ‘hard and horny’ hands were not fitted ‘to touch, bathe and dress wounded limbs, however gentle their hearts may be.’” Over time, Nightingale’s view led to the exclusion of males from nursing.

Today, men are more widely accepted as nurses. But the number of men in nursing continues to lag behind other previously single-gendered professions in achieving demographics that reflect the gender statistics of the general population; while only 10% of nurses are men, men currently make up 49% of the American population. Although the number of male nurses will increase over time, only about 20% of current nursing students are male.

There are several reasons for this, but measures can be taken to increase the number of men pursuing careers in nursing. For example, publishing children’s books depicting men in nursing, introducing men who are nurses at school career days, linking male nursing mentors to male nursing students, using gender-neutral language in nursing scholarship applications, and featuring more images of male nurses in recruitment collateral.

The mission of the American Assembly for Men in Nursing (AAMN) is to shape the practice, research, and leadership for men in nursing and advance men’s health. The purpose of AAMN is to provide a framework for nurses as a group to discuss and influence factors that affect men as nurses. AAMN is a national organization with local chapters such as the New York Capital Region (NYCR) chapter.

Membership in AAMN is open to any nurse, male or female, to better facilitate discussion and meet the most important objective of AAMN, which is to strengthen and humanize health care. To learn more, visit AAMN.org or contact Excelsior College faculty program director Mark Wahl, MS, RN, at mwahl@excelsior.edu.

 

References

Brown, B, Nolan, P., & Crawford, P. (2000). Men in nursing: Ambivalence in care, gender and masculinity. International History of Nursing Journal, 5(3), 4 – 13.

Kenny, P. (2008). Men in nursing: a history of caring and contribution to the profession (part 1). Pennsylvania Nurse, 63(2), 3 – 5.

Robert Wood Johnson Foundation. (2016). The changing face of nursing: Creating a workforce for an increasingly diverse nation. Charting Nursing’s Future: Reports That Can Inform Policy and Practice, 27, 1 – 8. http://www.rwjf.org/content/dam/farm/reports/issue_briefs/2016/rwjf425988

United States Census Bureau. (2014). American community survey. https://www.census.gov/programs-surveys/acs/

United States Census Bureau. (2014). Quickfacts. https://www.census.gov/quickfacts/table/PST045215/00

 

The Community College Cybersecurity Summit (3CS) Recap

The Community College Cybersecurity Summit (or 3CS) was held in Pittsburg in July. This conference, while targeted at community colleges offered several sessions that would appeal to university faculty, cybersecurity practitioners, and government. What differentiates this conference from most other cybersecurity conferences is the wealth of hands-on, innovative, and collaborative sessions. This is the place to be if you are an educator looking to introduce cybersecurity concepts into a course, build an entire curriculum around security, or revitalize material. Not an academic? That’s fine, too. By offering the sessions in such a collaborative way professionals may hone skills and learn new approaches and identify how business, academia, and government can support each other and cybersecurity for our country.

Prominent at this conference were several National Science Foundation (NSF) funded projects to help insert secure coding and other cybersecurity fundamentals into new and existing courses and information on how to improve our country’s cybersecurity academic offerings through the National Security Agency/Department of Homeland Security (NSA/DHS) Centers of Academic Excellence (CAE) programs. These programs showcased some of what was available through generous grants intended to disseminate information and empower educators to improve curriculum. The collaborative environment ensured that any attendee who needed assistance or wished to further the ideas presented would have a venue and contacts to accomplish that goal. The overall feeling was of a shared mission, understanding of the similar issues so many faced, and of empowerment.

The National Cyber Summit Recap

The National Cyber Summit (NCS) June 7-9, 2016 in Huntsville, Alabama was one of the best cybersecurity conferences I have attended. The conference included many sessions ranging from paper presentations, new technology overviews, and hands-on workshop sessions. The keynote speakers were knowledgeable, funny, and engaging, and included Lt. Gen. Edward Cardon, Commander US Army Cyber Command and Second Army, the Honorable Mike Rogers, former US House of Representatives from Michigan, and the closing keynote speaker was John Matherley, Founder and CEO of Shodan. Thought provoking ideas offered by the presented included questioning how the 2nd Amendment may or may not apply to cybersecurity and the actions of the US in retaliation against cybersecurity threats and exploits.

The sessions ranged from innovative new product ideas offered in proof-of-concept type sessions that were as vendor neutral as a company can get while still sharing new innovation to topic-specific ways to secure systems, networks, and industries. The applications ranged from kiosk solutions to small networks to world-wide-WANS and cloud services and all sizes in between. Several calls to action included the need for innovative solutions to cybersecurity problems, additional education, training, and certification to empower and equip cybersecurity professionals and those new to the field to meet, mitigate, and hopefully eliminate the threats. The problem with this conference was determining which of the concurrent sessions to attend during each period. The dates for next year have already been shared (June 6-8, 2017) and I plan to go next year!

R.I.S.E Webinar: Web Security

When we think of the impact of the Internet on our daily lives, we can’t help but be astonished at the breadth and depth of the effect it has on all aspects of our world. For the vast majority of us, the Web is our means of accessing Internet resources. The Web employs an innovative and unique method of incorporating text, graphics, audio, video, and links to other sites to allow us to transcend geographical and other barriers as we use it to communicate, search, share, and buy. During the webinar, attendees will learn about basic concepts of security while using the Internet. This webinar is the eighth in a series of eight webinars discussing the fundamentals of cybersecurity (Cybersecurity 101).

Presenter: Dr. Kevin Newmeyer, NCI Fellow

Currently the Chief of Staff for the DoD High Performance Computing Modernization Project, Dr. Newmeyer has successfully held a variety of positions in the military, academia, international civil service, and the private sector. His research focuses on international policy issues in cybersecurity.

Along with his Ph.D. in Public Policy from Walden University, Dr. Newmeyer’s educational career is highlighted by his selection as an Olmsted Scholar which enabled him to earn his MA in International Relations from the Instituto Universitario Ortega y Gasset in Madrid, Spain. He holds additional degrees from Escuela Diplomática of Spain (Diplomado de Estudios Internacionales), George Mason University (MBA), and the US Naval Academy (BS)

About R.I.S.E. Webinar Series

Through its partner relationship with the DC Deputy Mayor for Planning and Economic Development and St. Elizabeth’s East, Excelsior College and its National Cybersecurity Institute propose a series of free webinars to be offered at R.I.S.E. to the general public and government employees. The programs will be offered monthly and include live streaming Q and A with industry experts and NCI fellows.

What Is Your Business Cybersecurity Score?

What Moody’s and Standard & Poor’s are to credit ratings of companies, companies such as  FICO and Bitsight are becoming to cyber risk ratings for companies. Businesses have relied on credit ratings to determine investment risk levels and now companies are relying on rating companies to have a standard bench mark of cyber risk.  This growth industry of raters includes a number of providers and their customers use their services in a variety of ways.

Uses of Cybersecurity Scores

Insurance companies often use cybersecurity scores to help assign risk level for cyber insurance. Potential impact: Cost for cyber insurance will likely be higher for small businesses with gaps in their cybersecurity than for companies that have strong measures in place.

Businesses use scores to rate their third party providers during selection process. Potential impact: Suppliers may lose bids not on cost or service commitments, but rather on weak cybersecurity.

Businesses use scores to monitor their third party providers’ security risk level and potential impact to them. Potential impact: Large businesses may demand stronger cybersecurity measures from its suppliers and terminate agreements with low scored providers.

Businesses use scores to monitor their competitors’ cybersecurity level. Potential impact: Businesses may find ways to leverage a competitive advantage of their strong cybersecurity v their competitors’ weaker measures.

Companies use their own score to communicate their risk level to the board of directors. Potential impact: This may provide support for cybersecurity management to get the support they need due to increased board awareness.

The Data

Data comprising the cybersecurity score is gathered from a variety of publicly accessible information sources, including:

  • Hackers’ forums and data available on the Dark Web
  • Use of multi-factor authentication by a company
  • Known vulnerabilities to a company’s network
  • Open ports to a company’s network
  • Patching practices

The risk raters also analyzing data that may flow into or out of a network to determine volume of malware, spam, or viruses that may be associated with a company’s network. The raters couple the data collected and analyzed with their proprietary predictive modeling. In some services, the data is monitoring continuously and a rating may quickly change to reflect any fluctuations. For example, if stolen data suddenly appears for sale on the Dark Web, the rating of the impacted company may be quickly decreased.

What You Can Do

If your business uses third party providers, you should think about investigating the services of scoring companies. If you are a supplier to a large company, you should consider talking to your client about how they are using cybersecurity scores for their vendors such as you. Cybersecurity is no longer a private matter within your own company. Future business deals and contracts may be won or lost on cyber security effectiveness, not just price or service levels.