What happens when we place the authentication system in our demilitarized zone (DMZ)that is, in the layer closest to the Internet? What do we have to do to protect the authentication system? Does this placement facilitate authentication in some way? How about if we move the authentication system to a tier behind the DMZ, thus, a more trusted zone? What are the implications of doing so for authentication performance? For security?
Answer the question with a short paragraph, with a minimum of 300 words. APA formatting but do not include a title page, abstract or table of contents. Body and references only in your post.
A minimum of two references are required. One reference for the book is acceptable but multiple references are allowed. There should be multiple citations within the body of the post. Note that an in-text citation includes authors name, and year of publication.

University of the Cumberlands
School of Computer & Information Sciences

ISOL-536 – Security Architecture & Design

Chapter 3: Security Architecture of Systems

Chapter 3: Security Architecture of Systems
3.1 Why Is Enterprise Architecture Important?
3.2 The Security in Architecture
3.3 Diagramming For Security Analysis
3.4 Seeing and Applying Patterns
3.5 System Architecture Diagrams and Protocol Interchange Flows (Data Flow Diagrams)
3.5.1 Security Touches All Domains
3.5.2 Component Views
3.6 Whats Important?
3.6.1 What Is Architecturally Interesting?
3.7 Understanding the Architecture of a System
3.7.1 Size Really Does Matter
3.8 Applying Principles and Patterns to Specific Designs
3.8.1 Principles, But Not Solely Principles

3.1 Why Is Enterprise Architecture Important?
A survey of 7,000 years of history of human kind would conclude that the only known
strategy for accommodating extreme complexity and high rates of change is architecture.
If you cant describe something, you cant create it, whether it is an airplane, a hundred
story building, a computer, an automobile . . . or an enterprise. Once you get a
complex product created and you want to change it, the basis for change is its descriptive
representations.
Any process, manual or digital, that contributes to the overall goals of
the enterprise, of the entire system taken as a whole, is then, necessarily,
a part of the enterprise architecture. Thus, a manually executed process
will, by definition, include the people who execute that process:
People, process, and technology.

3.2 The Security in Architecture
An assessor (usually a security architect) must then be proficient in
architecture in order to understand and manipulate system architectures.
In addition, the security architect also brings substantial specialized
knowledge to the practice of security assessment. Hence, we start with
solutions or systems architectures and their representations and then
apply security to them.

3.2 The Security in Architecture Cont.
Mario Godinez et al. (2010) categorize architectures into several
different layers, as follows:
Conceptual Level This level is closest to business definitions, business processes,
and enterprise standards.
Logical Level This level of the Reference Architecture translates conceptual
design into logical design.
Physical Level This level of the Reference Architecture translates the logical
design into physical structures and often products.

3.3 Diagramming For Security Analysis

Figure 3.1 A simplistic Web architecture diagram.
The diagram does show something of the system: There is some sort of interaction between a users computer
and a server. The server interacts with another set of servers in some manner. So there are obviously at least three
different components involved. The brick wall is a standard representation of a firewall. Apparently, theres some
kind of security control between the user and the middle server. Because the arrows are double headed, we dont
know which component calls the others. It is just as likely that the servers on the far right call the middle server
as the other way around.

3.3 Diagramming For Security Analysis Cont.
Figure 3.2 Marketing architecture for a business intelligence product.
From Figure 3.2, we know that, somehow, a warehouse (whatever that is) communicates with data sources.

Even though we understand, by studying
Figure 3.2, that theres some sort of
application platforman operating
environment that might call various modules
that are being considered as applications
We do not know what that execution entails,
whether application in this diagram should
be considered as atomic, with attack surfaces
exposed, or whether this is simply a functional
nomenclature to express functionality about
which customers will have
some interest.

3.3 Diagramming For Security Analysis Cont.
Figure 3.3 Sample external web architecture.

Figure 3.3 Explain how to securely allow HTTP traffic to be processed by internal resources that were not originally designed to be exposed to the constant attack levels of the Internet. The diagram was not intended for architecture analysis. However, unlike Figure 3.1, several trust-level boundaries are clearly delineated. Internet traffic must pass a firewall before HTTP/S traffic is terminated at a web server. The web server is separated by a second firewall from the application server. Finally, there is a third firewall between the entire DMZ network and the internal networks (the cloud in the lower right-hand corner of the diagram).

3.3 Diagramming For Security Analysis Cont.
The security architect has a requirement for abstraction that is different from most of the other architects working on a system. As we shall see further along, we reduce to a unit that presents the relevant attack surfaces. The reduction is dependent on other factors in an assessment, which were enumerated earlier:
Active threat agents that attack similar systems
Infrastructure security capabilities
Expected deployment model
Distribution of executables or other deployable units
The computer programming languages that have been used
Relevant operating system(s) and runtime
or execution environment(s)

3.3 Diagramming For Security Analysis Cont.
Figure 3.4, from a defensible perimeter
standpoint, and from the standpoint of
a typical security architect, we have a
three-tier application:
Web server
Application server
Database
For this architecture, the Web server tier
includes disk storage. Static content to be
served by the system resides in this forward most
layer. Next, further back in the system,
where it is not directly exposed to HTTP-based
Attacks. there is an application server that runs
dynamic code. We dont know from this diagram
what protocol is used between the Web server and
The application server.

Figure 3.3 Sample external web architecture. (Courtesy of the SANS Institute.)

3.3 Diagramming For Security Analysis Cont.
Figure 3.5 Two-component endpoint
application and driver.

Figure 3.5 represents a completely different type of architecture compared to a web application. In this case, there are only two components (Ive purposely simplified the architecture): a user interface (UI) and a kernel driver. The entire application resides on some sort of independent computing device (often called an endpoint). Although a standard desktop computer is shown, this type of architecture shows up on laptops, mobile devices,
and all sorts of different endpoint types that can be
generalized to most operating systems. The separation of
the UI from a higher privileged system function is a classic
architecture pattern that crops up again and again.

3.4 Seeing and Applying Patterns
A pattern is a common and repeating idiom of solution design and architecture. A pattern is defined as a solution to a problem in the context of an application.
There are architectural patterns that may be abstracted from specific architectures:
Standard e-commerce Web tiers
Creating a portal to backend application services
Database as the point of integration between disparate functions
Message bus as the point of integration between disparate functions
Integration through proprietary protocol
Web services for third-party integration
Service-oriented architecture (SOA)
Federated authentication [usually Security Assertion Markup Language (SAML)]
Web authentication validation using a session token
Employing a kernel driver to capture or alter system traffic
Modelviewcontroller (MVC)
Separation of presentation from business logic
JavaBeans for reusable components
Automated process orchestration
And more

3.4 Seeing and Applying Patterns Cont.
In order to recognize patternswhether architectural or securityone has to have a representation of the architecture. There are many forms of architectural representation. Certainly, an architecture can be described in a specification document through descriptive paragraphs. Even with a well-drawn set of diagrams, the components and flows will typically need to be documented in prose as well as diagramed. That is, details will be described in words, as well. It is possible, with sufficient diagrams and a written explanation, that a security assessment can be performed with little or no interaction.

3.5 System Architecture Diagrams and Protocol
Interchange Flows (Data Flow Diagrams)

Figure 3.6 Conceptual enterprise architecture.
In Figure 3.6, we get some sense that there are technological infrastructures that are key to the business flows and processes. For instance, Integrations implies some
sort of messaging bus technology. Details like a message bus and other infrastructures might be shown in the conceptual architecture only if the technologies were standards
within the organization. Details like a message bus might also be depicted if these details will in some manner enhance the understanding of what the architecture is trying to accomplish at a business level. Mostly, technologies will be represented
at a very gross level; details are unimportant within the conceptual architecture. There are some important details, however, that the security architect can glean from a conceptual architecture.

3.5 System Architecture Diagrams and Protocol
Interchange Flows (Data Flow Diagrams)
Cont.
Figure 3.7 Component enterprise architecture.

Figure 3.7 represents the same enterprise architecture
that was depicted in Figure 3.6. Figure 3.6 represents a conceptual view, whereas Figure 3.7 represents the
component view.

3.5.1 Security Touches All Domains
Like any practice, the enterprise architect can only understand so many factors and so many technologies. Usually, anyone operating at the enterprise level will be an expert in many domains. The reason they depend upon security architects is because the enterprise architects are typically not security experts. Security is a matrix function across every other domain. Some security controls are reasonably separate and distinct, and thus, can be placed in their own component space, whereas other controls must be embedded within the functionality of each component. It is our task as security architects to help our sister and brother architects understand the nature of security as a matrix domain.

3.5.2 Component Views
Presentations have been split from external integrations as the integrations are sited in a special area: Extranet. That is typical at an enterprise, where organizations are cross-connected with special, leased lines and other
point-to-point solutions, such as virtual private networks (VPN). Access is
granted based upon business contracts and relationships. Allowing data
exchange after contracts are confirmed is a different relationship than
encouraging interested parties to be customers through a presentation of
customer services and online shopping (eCommerce). Because these two
modes of interaction are fundamentally different, they are often segmented
into different zones: web site zone (for the public and customers) and Extranet
(for business partners).

3.6 Whats Important?
Architecturally interesting is dependent upon a number of factors. Unfortunately, there is no simple answer to this problem. When assessing,
if youre left with a lot of questions, or the diagram only answers one or two,
its probably too soft. On the other hand, if your eyes glaze over from all
the detail, you probably need to come up one or two levels of granularity, at
least to get started.

3.6.1 What Is Architecturally Interesting?
The architecture diagram needs to represent the appropriate logical components. But, unfortunately, what constitutes logical components is dependent upon three factors:
Deployment model
Infrastructure (and execution environment)
Attack method

19

3.7 Understanding the Architecture of a System
The question that needs answering in order to factor the architecture properly for attack surfaces is at what level of specificity can components be treated as atomic? In other words, how deep should the analysis decompose an architecture? What constitutes meaningless detail that confuses the picture?

20

3.7.1 Size Really Does Matter

Figure 3.8 Anti-virus endpoint architecture.
The AV runs in a separate process space; it receives commands from the UI, which also runs in a separate process. Despite what you may believe, quite often, AV engines do not run at high privilege. This is purposive. But, AV engines typically communicate or receive communications from higher privilege components, such as system drivers and the like. The UI will be running at the privilege level of the user (unless the security architect has made a big mistake!).
The foregoing details why most anti-virus and malware programs employ digital signatures rendered over executable binary files. The digital signature can be validated by each process before communications commence. Each process will verify that, indeed, the process attempting to communicate is the intended process. Although not entirely foolproof, binary signature validation can provide a significant barrier to an attack to a more trusted process from a less than trusted source.

21

3.8 Applying Principles and Patterns to Specific
Designs
Figure 3.9 Mobile security application endpoint architecture.
The art of architecture involves the skill of recognizing and then applying abstract patterns while, at the same time, understanding any local details that will be ignored through the application of patterns. Any unique local circumstances are also important and will have to be attended to properly.
It is not that locally specific details should be completely ignored. Rather, in the interest of achieving an architectural view, these implementation details are overlooked until a broader view can be established. That broader view is the architecture. As the architecture proceeds to specific design, the implementation details, things like specific operating system services that are or are not available, once again come to the fore and must receive attention.

22

3.8.1 Principles, But Not Solely Principles
The Open Web Application Security Project (OWASP) provides a distillation of several of the most well known sets of principles:
Apply defense in depth (complete mediation).
Use a positive security model (fail-safe defaults, minimize attack surface).
Fail securely.
Run with least privilege.
Avoid security by obscurity (open design).
Keep security simple (verifiable, economy of mechanism).
Detect intrusions (compromise recording).
Dont trust infrastructure.
Dont trust services.
Establish secure defaults.

23

Chapter 3: Summary
By abstracting general architectural patterns from specific architectures, we can apply known effective security solutions in order to build the security posture. There will be times, however, when we must be creative in response to architecture situations that are as yet unknown or that are exceptional. Still, a body of typical patterns and solutions helps to cut down the complexity when determining an appropriate set of requirements for a system under analysis.

Chapter 3: Summary
END

University of the Cumberlands
School of Computer & Information Sciences

ISOL-536 – Security Architecture & Design

Chapter 4 – Information Security Risk

Chapter 4 – Information Security Risk
4.1 Rating with Incomplete Information
4.2 Gut Feeling and Mental Arithmetic
4.3 Real-World Calculation
4.4 Personal Security Posture
4.5 Just Because It Might Be Bad, Is It?
4.6 The Components of Risk
4.6.1 Threat
4.6.2 Exposure
4.6.3 Vulnerability
4.6.4 Impact
4.7 Business Impact
4.7.1 Data Sensitivity Scales
4.8 Risk Audiences
4.8.1 The Risk Owner
4.8.2 Desired Security Posture
4.9 Summary

4.1 Rating with Incomplete Information
It would be extraordinarily helpful if the standard insurance risk equation could be calculated for
information security risks.

Probability * Annualized Loss = Risk

However, this equation requires data that simply are not available in sufficient quantities for a statistical analysis comparable to actuarial data that are used by insurance companies to calculate risk. In order to calculate probability, one must have enough statistical data on mathematically comparable events. Unfortunately, generally speaking, few security incidents in the computer realm are particularly mathematically similar. Given multivariate, multidimensional events generated by adaptive human agents, perhaps it wouldnt be too far a stretch to claim that no two events are precisely the same?

Given the absence of actuarial data, what can a poor security architect do?

4.2 Gut Feeling and Mental Arithmetic
Experienced security architects do these back of the napkin calculations fairly
rapidly. Theyve seen dozens, perhaps hundreds, of systems. Having rated risk for
hundreds or perhaps many more attack vectors, they get very comfortable
delivering risk pronouncements consistently. With experience
comes a gut feeling, perhaps an intuitive grasp, of the organizations risk posture.
Intimacy with the infrastructure and security capabilities allows the assessor to
understand the relative risk of any particular vulnerability or attack vector. This is
especially true if the vulnerability and attack vector are well understood by the
assessor. But what if one hasnt seen hundreds of systems? What does one do
when just starting out?

4.3 Real-World Calculation
For the purposes of architecture assessment for security, risk may be thought of as:

Credible Attack Vector * Impact = Risk Rating

Where:
Credible Attack Vector (CAV) = 0 < CAV > 1
Impact = An ordinal that lies within a predetermined range such
that 0 < Impact >
Predetermined limit (Example: 0 < Impact > 500)

4.4 Personal Security Posture
Personal risk predilection will have to be factored out of any risk calculations performed for an organizations systems. The analyst is not trying to make the system under analysis safe enough for him or herself. She is trying to provide sufficient security to enable the mission of the organization. Know thyself is an important maxim with which to begin.

4.5 Just Because It Might Be Bad, Is It?
Given certain types of attacks, there is absolute certainty in the world of computer security: Unprotected Internet addressable systems will be attacked. The uncertainty lies in the frequency of successful attacks versus noise, uncertainty in whether the attacks will be sophisticated or not, how sophisticated, and which threat agents may get to the unprotected system first. Further, defenders wont necessarily know the objectives of the attackers. Uncertainty lies not within a probability of the event, but rather in the details of the event, the specificity of the event.

4.5 Just Because It Might Be Bad, Is It? – Cont.
We are interested in preventing credible attack vectors from success, whatever the goals of the attackers may be. We are constraining our definition of risk to:
Human threat agents
Attacks aimed at computer systems
Attack methods meant to abuse or misuse a system

4.6 The Components of Risk
There is a collection of conditions that each must be true in order for there to be any significant computer security risk. If any one of the conditions is not true, that is, the condition doesnt exist or has been interrupted, then that single missing condition can negate the ability of an attack to succeed.

To illustrate how network defenders can act on their knowledge of their adversaries
tactics, the paper lays out the multiple steps an attacker must proceed through to plan
and execute an attack. These steps are the kill chain. While the attacker must complete
all of these steps to execute a successful attack, the defender only has to stop the attacker
from completing any one of these steps to thwart the attack.

4.6.1 Threat
The term threat is scattered about in the literature and in parlance among practitioners. In some methodologies, threat is used to mean some type of attack methodology, such as spoofing or brute force password cracking. Under certain circumstances, it may make sense to conflate all of the components of threat into an attack methodology. This approach presumes two things:
All attack methodologies can be considered equal.
There are sufficient resources to guard against every attack methodology.

4.6.1 Threat Cont.
In order to understand how relevant any particular threat agent is to a particular attack surface, impact or loss to the organization, and the level of protection required to dissuade that particular type of attacker.
Threat agent
Threat goals
Threat capabilities
Threat work factor
Threat risk tolerance

4.6.2 Exposure
In organizations that dont employ any separation of duties between roles, administrative staff may have the run of backend servers, databases, and even applications. In situations like this, the system administrators can cause catastrophic damage.
Even in mature and well-run shops, administrative staff will have significant power to do damage. The excepted protections against misuse of this power are:
Strict separation of duties
Independent monitoring of the administrative activities to identify abuse of administrative access
Restriction of outbound capabilities at the time when and on the network where administrative
duties are being carried out
Restriction of inbound vectors of attack to administrative staff when they are carrying out
their duties

4.6.2 Exposure Cont.
In the world of highly targeted phishing attacks, where a persons social relations, their interests, even their patterns of usage, can be studied in detail, a highly targeted spear-phishing attack can be delivered that is very difficult to recognize. Consequently, these highly targeted spear-phishing techniques are much more difficult to resist. The highly targeted attacks are still relatively rare compared to a shotgun approach. If you, the reader, maintain a more or less public Web persona with an email address attached to that persona, you will no doubt see your share of untargeted attacks every day that is, email spam or phishing attacks.

4.6.2 Exposure Cont.
Exposure is the ability of an attacker to make contact with the vulnerability. It is the availability of vulnerabilities for exploitation. The attacker must be able to make use of whatever media the vulnerability expresses itself through. As a general rule, vulnerabilities have a presentation. The system presents the vulnerability through an input to the system, some avenue through which the system takes in data. Classic inputs are:
The user interface
A command-line interface (CLI)
Any network protocol
A file read (including configuration files)
Inter-process communication
A system driver

4.6.3 Vulnerability
Treatments to protect against the vulnerability tend to apply to many variations of that vulnerability. Hence, the security architect performing assessments must know the classes of vulnerability that can occur for that kind of system. Understanding each variation of that class of vulnerability isnt necessary. Instead, what is required is the understanding of how those vulnerabilities occur and how they may be protected.

4.6.4 Impact
Given the importance of customers trusting an organization, should the compromised server get used to attack customers, or to display inappropriate messages, such a situation might result in a more significant loss. What if that server has become a base of operations for attackers to get at more sensitive systems? In any of the foregoing scenarios, a single compromised server among thousands that are untouched may be seen as a much greater loss.

4.7 Business Impact
The technical impact from a heap overflow might be the execution of code of the attackers choosing in the context of an application at whatever operating system privileges that application is running. These technical details are certainly important when building defenses against these attacks. Further, the technical impact helps coders understand where the bug is in the code, and technical details help to understand how to fix the issue. But the technical impact isnt typically important to organizational risk decision makers. For them, the impact must be spelled out in terms of the organizations objectives. We might term this business impact, as opposed to technical impact.

4.7.1 Data Sensitivity Scales
A mature security architecture practice will understand the data sensitivity rating scale of the organization and how to apply it to different data types. By classifying the sensitivity of data, the assessor has information about the required security posture needed to protect the data to the level that is required. Further to the point of this section, loss or impact can be expressed in business terms by noting which data are targets and by understanding the potential effects on the system and the organization when particular data are disclosed or tampered with. Data sensitivity, then, becomes a shorthand tool for expressing the business impact of a risk.

4.8 Risk Audiences
There are different audiences, different stakeholders, who need to understand risk through unique, individualized perspectives. Its a good practice to craft risk messages that can be understood from the perspectives of each stakeholder group. As has been noted, decision makers, namely, organization leaders, typically prefer that risk be stated in business terms, what Ive termed business impact. Business impact is the effect that the successful exercise of a credible attack vector will have on the organizations operations and goals.

4.8.1 The Risk Owner
Raising risk means bringing the untreated or residual risk to a decision maker for a risk decision. These decisions typically take one of three mutually exclusive forms:
Assumption of the risk: proceed without treatment, that is, the organization agrees to bear the burden of the consequences, should an impact occur.
Craft an exception to treating the risk immediately, that is, fix the risk later, on an agreed-upon schedule.
Treat the risk immediately.

4.8.2 Desired Security Posture
There is no easy prescription or recipe to determine the desired risk posture. One can turn to the organizations security policy and standards as a starting point. In organizations whose cyber-security function is relatively mature, there may exist standard that point the way to the controls that must be implemented.

Chapter 4: Summary
In this chapter, we have narrowed the scope of the term risk to precisely fit the purpose of security assessment and threat modeling. We have proposed one methodology as an example of how risk can be understood and rated fairly easily. Whatever methodology is used, it will have to be repeatable by the analysts wholl provide security assessments, build threat models, and provide requirements for a systems security posture.

Chapter 4: Summary
END

[Professor Name]
[Professor Email]@ucumberlands.edu

image4.emf

image5.emf

image6.emf

image7.png

image8.emf

image9.emf

image10.emf

image11.emf

image12.emf

image13.png

image1.emf

image2.emf

SHOW MORE…

SOC 450 WEEK 6 WRITTEN ASSIGNMENT

SOC 450: Week 6 Assignment:
The Impact of Climate Change on Food Security

Week 6 Assignment Due Date:
Monday, November 14th.

ADA Students: Due Date Thursday, November 17th.

Overview

The United Nations (UN) has hired you as a consultant, your task is to assess the impact that global warming is expected to have on population growth and the ability of societies in the developing world to ensure the adequate security of their food supplies.

Case Assessment Summary (see below) (
Do not include this information in your written paper).

This is not a Case Study
Class; this is a formal research (evidenced-based) assignment.

As the worlds population nears ten (10) billion by 2050, the effects of global warming are stripping some natural resources from the environment. As they diminish in number, developing countries will face mounting obstacles to improving the livelihoods of their citizens and stabilizing their access to enough food. The reason these governments are struggling even now is that our climate influences their economic health and the consequent diminishing living standards of their peoples. Climate changes are responsible for the current loss of biodiversity as well as the physical access to some critical farming regions. As such, these changes in global weather patterns diminish agricultural output and the distribution of food to local and international markets. These difficulties will become even more significant for these countries as the Earths climate changes for the worse. Temperatures are already increasing incrementally, and polar ice caps are melting, so the salient question is: what does this suggest for developing societies?
The issue before the developing world is not its lack of food, but how to gain access to food. Simply put, changes in our climate are affecting the global food chain, and hence, the living standards of entire populations. Added to this is the fact that food is not getting to where it is needed in time to prevent hunger or starvation. In many developing countries, shortages are due to governments control over distribution networks rather than an insufficient supply of food itself. In effect, these governments are weaponizing food by favoring certain ethnic or religious groups over others. When added to dramatic climate changes that we are experiencing even now, the future for billions of poor people looks increasingly dim.

INSTRUCTIONS (TOPIC STATEMENTS)

You are to write a
minimum of a 5-page persuasive paper for the United Nations council

that addresses the following questions about the relationship between atmospheric weather patterns and food security in the developing world: DO NOT INCLUDE THE ACTUAL QUESTION IN YOUR PAPER: SIMPLY INCLUDE A SHORT TOPIC LABEL (see #7 under Guidelines)

1. Climate change and global warming are often used interchangeably, but they are not the same phenomenon
. What are the differences between the two concepts and what leads to the confusion between them?

2. In 1900, the average global temperature was about 13.7 Celsius (56.7 Fahrenheit) (Osborn, 2021), but as of 2020, the temperature has risen another 1.2C to 14.9C (58.9F). According to the Earth and climate science community, if the Earths surface temperature rises another 2C (3.6F), we will suffer catastrophic weather patterns that, among other things, will raise sea levels, cause widespread droughts and wildfires, result in plant, insect, and animal extinctions, and reduce agricultural productivity throughout the world (Mastroianni, 2015 and Lindsey & Dahlman, 2020
). How much credibility do you place in these projections? Why?

3.
There is no question that the Earths food sources are threatened by changes in its weather patterns, but what specific challenges does climate change pose to the food security of people in the developing world?

4. There is currently a debate among some multinational lending agencies like the International Monetary Fund, UNICEF, and AID over the financial support for food security has been misused by recipient government officials. On the other hand, U.S. authorities insist that misuse of its assistance is not occurring because it has strict monitoring oversight in place.
What is your position on this matter? Is there evidence that financial assistance to developing governments is being widely misused by government officials?

Guidelines and Selection of Developing Country for this assignment:

1. This course requires the use of
Strayer Writing Standards (SWS). For assistance and information, please refer to the SWS link in the left-hand menu of your course and check with your professor for any additional instructions.

2. Your paper must be divided into required pages of content (one page to address each of the four questions above) and include at least a one-half page introduction and a one-half page conclusion

making a minimum total offivefull pages of text.

3.
Begin your paper
with a complete
Introduction
that includes your role as a hired United Nations consultant, the purpose of this assignment and why this research is important. You may add more content, however, at a minimum please include these factors in your introduction. A written Abstract is not required for this paper.

4.

Select at least one (1)
Developing Country for Questions 3 and 4. You will find the list of developing countries in the
World Bank List of Developing Countries in the Course Info section of BlackBoard.
I prefer that you select two (2) developing countries in case one countrys climate change and food security information is more difficult to locate.

5. You must use at
leastseven(7) credible academic sources (no older than 7 (seven) years).

6.
(
Do Not Use Wikipedia, dictionaries, blogs, and encyclopedias) for this assignment.

7.
You must use properly cited intext citations (in the actual content of your paper) in addition to including a REFERENCE page. Intext citations must be aligned with the Reference page.

8.
DO NOT include the actual topic questions in your paper. Use a short title instead, for example instead of adding all the Question #2 content to your paper, simply add the words
Earth Climate Impacts as a label or heading.

9. You must use only double-spacing and not place extra spacing between paragraphs or section headings.

10. Please use the GRAMMARLY writing program as you research and draft your papers.

PROFESSORS ADDITIONAL INSTRUCTIONS (REQUIRED): 1
) Include a Title page with the following information (Title of Assignment, Students Full Name, Strayer University, Date of Submission,
Professors name: Dr. G. Royal-Smith).

2) The body of your paper (written content) must contain
properly cited intext citations using SWS guidelines.

3) This assignment must contain a page of properly cited references sources titled as the
Reference page.

4) This paper must be submitted to the
SafeAssign Plagiarism Program via BlackBoard.

Papers that are not submitted, cannot be opened for grading, or cannot be read in SafeAssign due to incompatibility with the SA program may receive a zero score.
It is the students responsibility to submit a GRADE READY paper and to make sure that the paper is BlackBoard compatible.

5)
Week 6

Assignment

Papers must be submitted on time

.
Once the assignment area closes, it will remain closed.
Late Papers may be penalized according to Strayer University and SOC 450 Late Assignment policies.

6
) Assignments must be the original work of students utilizing credible and properly cited sources. Students will be notified of significant similarity scores, or other irregularities contained in the submitted assignment. Assignment papers that are deemed to be plagiarized will be further evaluated by Dr. Royal-Smith and the Office of Student Affairs (Academic Integrity).
If plagiarism is substantiated, the Office of Student Affairs will provide recommendations including (but not limited to) a failing grade for the assignment or other actions.

7)
NOTE!!!
If you are Re-Taking this course and have submitted the Week 6 paper to the SafeAssign area, DO NOT resubmit this same paper!

Contact me for further instructions.

Previously submitted assignment papers are subject to a
zero score due to Safe Assign similarity detections.

8) Please take this assignment seriously, follow ALL instructions, guidelines, and additional instructions
. The assignment will require planned time management for research and drafting.

9) I will provide more detailed information and writing aids over the next few weeks.
It is important to begin work on this assignment immediately as this assignment is quite time consuming. If you have questions or need assistance, please do not hesitate to contact me.

The specific course learning outcome associated with this assignment is as follows:
Evaluate the impacts that climate changes are having on the growth of global populations and the security of their food sources.

References

Liz Osborn. 2021. History of Changes in the Earth’s Temperature. https://www.currentresults.com/Environment-Facts/changes-in-earth-temperature.php
Brian Mastroianni. 2015. Why 2 degrees are so important. https://www.cbsnews.com/news/paris-un-climate-talks-why-2-degrees-are-so-important
Rebecca Lindsey and LuAnn Dahlman. 2020. Climate change global temperature. https://www.climate.gov/news-features/understanding-climate/climate-change-global-temperature