The Essential Elements of a Comprehensive Cyber security Plan

Cyber Prep & Communication: Swift Defenses

Today you only need to google “Cyberspace security challenges” to learn about the daily threats of hackers. These threats could be identity theft, criminal hackers, cyber espionage, or even the threat of insiders, whether it’s spiteful, mischievous, or unintentional. The bottom line is that everyone is at risk. An organization must be prepared to protect vital information within cyberspace with a Cyber Security Plan. Components of a Cyber security plan have elements to prevent breaches from happening and how to respond to such incidents quickly and mitigate impacts. A cybersecurity plan should have these elements in order to be effective; Basics of Security, Communicate with the organization/stakeholders, Framework, Threat Intelligence, Regulatory Factors and liability, Risk assessment, and Incident response planning.

Part of the planning process is avoiding problems from the start. Achieving this goal, or improving your odds of never having a disastrous breach, is to ensure basic security systems are running, including being current with security policies that are fully enforced. This would be in the form of; firewalls, intrusion detection systems, security incident and event managers, automated security monitoring and alerts systems, spam filters, access controls, strong passwords, encryption of sensitive data, and security software for smart devices, i.e., phones, watches, etc.

Communicating with the organization/stakeholders helps everyone to be ready at a moment’s notice in case of an attack. Predetermined roles should be established, which eliminates the guesswork. This allows the incident to be assessed and addressed. Because when it comes to data loss, minutes count. Employees should have the training to recognize tactics and attempts of an attack when it occurs. Examples of attacks are; social engineering and installing malicious software for data intrusion.

Framework & Intel: Cyber Resilience

Framework is an important element within cybersecurity risk management. It provides direction across the board, including technologies and organizational processes. With Framework, you will have a plan for dealing with a cybersecurity incident and avoid any guesswork about what to do. The Framework SOP (Standard operating procedure) should cover all organizational processes. This includes elements outside of the organization, i.e., vendors and smart devices.

Threat intelligence and being informed can make you more secure and able to respond more efficiently to attacks. Ultimately an organization must be able to identify signs of attack techniques and indicators as reference points. Threat intel uses these indicators and insights into known and emerging threats to an organization. Having this knowledge can help with split-second decisions the moment a cyber incident occurs. Vulnerabilities like sharing passwords, unpatched software and operating systems, infrastructure configurations, and operations provide a context to the threat. Recognizing this will provide the threat intelligence needed to appropriately respond when an attack or incident occurs.

Regulatory factors and liability to a breach need to be addressed as well, depending on your organization. Do you risk fines or other penalties if data is exposed? Having a detailed audit log that shows what happened before, during, and after a breach will be helpful in the case of a data breach. This could help indicate if security negligence was to blame for the breach.

Risk Assessment & Readiness: Proactive Defense

Risk Assessment refers to having a model of threats based on the risk identified, the likelihood of it occurring, and the damage it could do to your organization. Actions taken should involve identified personnel and prioritize threats/attacks, and what steps are taken to remedy them are known by all within the organization. Security managers need to think like a hacker and determine what is of most value and focus resources to protect such valuable data.

Incident response planning includes the latest improvements, training, and preparation. This ensures all know how to act and what to do once a threat is detected. However, sometimes with all prevention efforts, a breach can happen. Cybersecurity threats are constantly evolving. That’s why an organization must be proactive with improvement, training, and preparation. Every process and plan should be tested regularly and kept up to date. Outdated response plans will be ineffective. If your response plan and Framework are in place, all personnel and risk management programs will be able to act when the day comes of a breach/attack.

References:

  1. Anderson, R. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
  2. National Institute of Standards and Technology (NIST). (2018). NIST Cybersecurity Framework. Retrieved from https://www.nist.gov/cyberframework
  3. Simic, M., & Vasic, N. (2019). Cybersecurity Incident Response: A Comprehensive Guide to Best Practices, Tools, and Techniques. Apress.
  4. Rouse, M. (2017). Threat intelligence. TechTarget. Retrieved from https://searchsecurity.techtarget.com/definition/threat-intelligence
  5. European Union Agency for Cybersecurity (ENISA). (2019). Guidelines for SMEs on the security of personal data processing. Retrieved from https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-terminology-guidelines/csirt-terminology-guidelines/csirt-terminology-guidelines-2018
  6. United States Computer Emergency Readiness Team (US-CERT). (2018). Incident Handling. Retrieved from https://us-cert.cisa.gov/bsi/articles/knowledge/cybersecurity-incident-handling-guide
  7. Computer Security Incident Response Team (CSIRT) Services Framework. (2015). FIRST. Retrieved from https://www.first.org/education/csirt_services_framework.pdf
  8. Kizza, J. M. (2015). Computer Network Security and Cyber Ethics. McFarland.
  9. Blyth, A. (2019). Information Security Incident Management: A Methodology to Manage and Resolve Security Incidents. Apress.
  10. Schwartau, W. (1991). Information warfare: Chaos on the electronic superhighway. CyberPress.

Safeguarding the Digital Realm: Exploring the Core Tenets of Cyber Security

Understanding Cyber Security

Cyber security specialists today enlist strategies that exhibit due care toward three major necessities in information assurance: confidentiality, integrity, and availability, also called the CIA triad. That focus doesn’t change; no matter what technology does, it stands as a foundation to protect regardless of all other factors. Physical, operational, and technical security controls can all counter the threats to each division of the CIA triad. All are equally important, and you need an understanding of what confidentiality, integrity, and availability mean in relation to information security.

To realize our goals as security professionals, we should take note of the overarching theme of “risk management” throughout the cybersecurity community and the accurate implication that there will always be a risk. It can never be completely removed; we can only manage it to reduce it to acceptable levels. There are many ways to do so, and each control that we learn about will be an example of a risk strategy, such as risk avoidance, risk deterrence, and risk mitigation.

Importance of Information Assurance

It’s more important than ever that organizations protect the information they hold, whether it be proprietary documents, financial records/accounts, or employee and customer private information. We’ve seen an enormous rise in the number of attacks on company security infrastructures that have successfully exploited poor security practices, and in other cases, the company’s poor practices resulted in a breach with no intervention by an external entity. An ongoing report by the Identity Theft Resource Center reveals a detailed explanation of every known and reported data breach occurring in the calendar year 2018. They described 668 known breaches exposing 22,408,258 records.1. This is an insane count and only a portion of the actual breaches that affect more than personal information across all industries.

Data breaches are one exploit that threat agents use to surpass controls protecting confidentiality. They can be compromised by social engineering in a weak physical security environment or through the use of technology to take advantage of poor network configurations. Confidentiality is what keeps unauthorized individuals from accessing information. Authentication is a vital aspect of maintaining confidentiality by verifying the identity of authorized individuals to then grant access to the information requested.

In A+ Guide to IT Technical Support, the authors explain how Windows computers do this (as well as most other systems you will use). By requiring sign-in with a secure password when first signing on and when the computer goes to sleep, they ensure the authorized user is on the system and given access to the files and information stored on that profile. A good practice is to lock your workstation when leaving it to enable this feature manually and make sure you have a secure password that isn’t easy to guess or be attacked via brute force.2.

Password authentication is one of the most basic forms of access control that provides confidentiality. While other security implementations, such as encryption, may prove more effective in a wider range of environments. New standards for encryption have been developed over the past several years and are currently as secure as it has ever been. Old encryption standards have either been cracked, or their keys are easily accessible to malicious people. The impact on a business and the thousands of customers it serves is potentially severe without proper protection of confidentiality, thus calling for diligent conservation of information assurance in the realm of confidentiality by senior leaders responsible for its protection.

“Integrity first,” the first core value of the United States Air Force, means that, above all, we do the right thing even when no one is looking. But how do we know if what we are seeing is the “right thing” and hasn’t been tampered with? In a cyber world, this is especially valuable, yet there are so many avenues of communication in technology that it can seem daunting to figure out what is accurate and who really said or created it. The implementation of hashing is one way people have used technology to ensure that data has not been changed.

Hashing takes the data and, through the hashing function, returns a fixed-length string of characters that is extremely rare to result in the same string for any other set of data. Encryption does not ensure integrity. People can change data without ever finding out what it is, such as cutting a competitor’s bid request value by half on an online auction without knowing what their bid was.3. What that tells security professionals is that it is important to have multiple layers of security that envelope every aspect. This layered approach is widely accepted in government and industry worldwide.

We need to be sure that the information we are protecting is not changed. It is just as significant as protecting it from unauthorized exposure. Technology has made the world of business, healthcare, and finance fly like the wind in terms of speed. This is great! Experts are contributing to this growth daily, and we are becoming better at everything. The only problem is the “bad guys” are getting better every day, just like the rest of us, sometimes much quicker. It may seem like the integrity of information is the least probable threat vector, but with the amount of malicious intent in the attackers of the 668 public attacks in 2018, including those unknown, or ongoing attacks, it has been determined to be a popular exploit.

After all, consider common email scams, phony IRS claims, and originating authors who could be debunked with proper measures to protect integrity and non-repudiation. Phishing, whaling, and other intra-corporation email ploys are easily recognized as such with proper personnel training in security awareness. However, in more sophisticated attempts, the use of hashing algorithms can alert of changed emails in transmission depending on the type of attack.

I laude today’s innovators and developers who continuously grow the capability of people through the use of technology and other tools. It’s exciting to see the explosive growth of the cyber industry, and in turn, cyber security is growing just as fast in parallel. We know it’s important to protect information. We’ve seen the consequences of poor security practices. However, when we place so many controls on our infrastructure, we can reduce the availability of our resources. Sometimes, it is not our control but everything that is out of our control that degrades availability. Natural disasters, sole dependence on external entities, and certain attacks have all proven their terror throughout history.

One common-sense practice is to routinely back up systems to reliable hardware to mitigate risk and/or cloud-based backups to transfer risk to the cloud provider. This way, information would be recoverable in case of emergency or loss. DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks both directly target the availability of one’s network or system resources. In one case occurring in 2016, Hollywood Presbyterian Medical Center had its database compromised, and the attackers encrypted the entirety of their information and demanded a ransom in Bitcoin for anonymity (approx. $17,000).

This severely slowed duty performance down. No access to customer records other than paper in unused files. They had to go back to old-school pen-and-paper bookkeeping. Some patients in intensive care situations had to be moved, and others were inconvenienced by the hospital’s inability to verify and supply medications or information over the phone or email. Ultimately, within a couple of weeks, they paid the ransom.4. Imagine the effects this lack of availability had on them to cause them to just pay the price. We should strive to prevent these situations as security professionals by looking at every square inch of our security posture. We must calculate risk and reduce it to an acceptable level.

There are innumerable attacks employed by individuals that threaten these core tenets of security, and a deep understanding of them and how to defend against these attacks will prove valuable in securing the information we use every day. As we can see, it is not only important to keep one aspect of security in mind, but all three work together and cover the empty spaces left by the others. Defense-in-depth is the strategy that holds to this standard by layering security controls and ensuring the inclusion of each of the triad’s members and all other considerations relative to risk management and security awareness. Threats come from inside and out, and we must be prepared and properly trained to handle incidents from any source.

References:

  1. Identity Theft Resource Center, and Cyber Scout. “The ITRC Data Breach Report.” Idtheftcenter.org, Identity Theft Resource Center, 30 June 2018, www.idtheftcenter.org/wp-content/uploads/2018/07/DataBreachReport_2018.pdf.
  2. Andrews, Jean, et al. CompTIA A+ Guide to IT Technical Support. Cengage Learning, 2017.
  3. Jung, E. J. “Hash Functions.” Www.cs.usfca.edu, University of San Francisco, Department of Computer Science, www.cs.usfca.edu/~ejung/courses/686/lectures/05hash.pdf.
  4. “Ransomware Case Studies: Hollywood Presbyterian and The Ottawa Hospital.” InfoSec Resources, InfoSec Institute, resources.infosecinstitute.com/category/healthcare-information-security/healthcare-attack-statistics-and-case-studies/ransomware-case-studies-hollywood-presbyterian-and-the-ottawa-hospital/#gref.

Emerging Cyberse curity Challenges in the Age of Connectivity

On my first day on the job in the information security department, one of the first goals was to set the top 5 security threats.

These five threats include:

  1. Phishing – 90% of cyberattacks begin with phishing. This includes the form of what seems like real-life legit emails that seduce users to reveal private and personal information. These forms are meant to seem harmless, although they contain links that install malicious software that can really harm your machine.
  2. DDoS – Distributed denial-of-service is an attack that occurs when several systems overrun the bandwidth or resources of the servers.
  3. Data Breach – A breach or infringement of our private information which is sold to different parties or used in other ways.
  4. Ransomware – Malicious software that encrypts our information and then requires the amount of the ramson to be paid for us to gain back our information. If the ransom is not paid up, the threat of the information could be released to the public.
  5. IoT Vulnerabilities – With everything connected to the internet, such as security cameras, smartwatches, and other devices owned by students and faculty, presents back doors for hackers. These are back doors because they usually lack security and or are not updated regularly.

Ransomware’s Costly Grip: Pervasive Threats

Out of the threats listed, the most prevalent include ransomware and malware; these are more costly than data breaches. Five months into 2019, around May, ransomware caused 11.5 billion in damages. This means that someone becomes a new victim every 14 seconds. Due to how ransomware works, it can be the most costly and frequent. Also, if the ransom is not paid in the amount of time listed, the amount of data that could be sold to other parties can be severally damaging to any organization. Now today, there is a new type of ransomware which is crypto-jacking. This ransomware encrypts software to attack a victim and unknowingly installs a program that secretly mines for cryptocurrency, which can severely damage and slow down an organization’s network.

These are the most common threats due to the perfection of their techniques. A lot of organizations have also had a tough time addressing these threats. A large amount of the time, it is more costly to have these vulnerabilities fixed by a professional, so administrators and higher-ups in these organizations decide to just keep paying the ransom every time. This is extremely negative since a large amount of information can still be taken even if the ransom is paid.

Emerging Cyber Risks

Malware is also the most common type of cyber-attacks. This includes spyware, ransomware, viruses, and worms. Making sure an organization’s network and infrastructure are safe from malware is a constant battle. Although the more threats that will be more critical in the next 12 months include IOT issues becoming worse due to the new 5G technology. 5G is a new upgrade to cellular network technology that proposes faster speeds and bandwidth. Over 265 million mobile device users are in the United States due to 5G expansion among major cities. The prediction from hill.com states that the expansion of 5G will continue to grow, and the vulnerabilities will also grow; these vulnerabilities will also be unknown to the average person. The new infrastructure will have to support 5G; if this does not happen, more and more devices will be at extreme risk.

Another major risk that could come up in the next year could be ready-to-use hacking toolkits. Toolkits are already available for the average Joe to use, so, therefore, more and more will become which could be easier and easier to use. With these toolkits, an attack could come within the organization, which is internal that could be very good a googling. This could be a threat within the school itself; this internal threat could be a student or someone in the faculty.

Internal problems could not only be intentional by someone within but instead internal by accident. Since 5G is coming in hot and all students have tablets and smartphones that run on IOS and Android, these devices must be updated regularly since they are connected to the campus network. Lastly, I believe all Linux servers should be abandoned and adopted by all Windows servers. Linux is good but does not support a campus; Linux is free and sets for beginners that hold areas for hackers to get in; Windows is much more secure and advanced.

References:

  1. https://thehill.com/opinion/cybersecurity/479316-2020-cybersecurity-predictions-evolving-vulnerabilities-on-the-horizon
  2. https://www.csoonline.com/article/3505263/malware-the-battle-that-doesn-t-end.html
  3. https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~types-of-cyber-attacks
  4. https://www.bankinfosecurity.com/interviews/interview-raimund-genes-ransomware-virus-total-issue-i-3328
  5. https://www.zdnet.com/article/five-emerging-cybersecurity-threats-you-should-take-very-seriously-in-2019/
  6. https://www.masergy.com/blog/the-top-five-cybersecurity-threats-to-watch-out-for-now
  7. https://www.cosn.org/sites/default/files/Top%205%20Cybersecurity%20Threats.pdf

Cyber security Risk Management: Historical Trends and Mitigation Strategies

Managing the Risk of Cyber-Attacks

Last year, the average cost of cybercrime globally reached $11.7 million per business (“Cyber Crime Costs $11.7 Million Per Business Annually,” 2017). This cost is expected to grow exponentially and reach an average of $150 million by 2020 (Ogborn, 2018). Because the frequency, severity, and number of exposure units have been observed to grow over the past century, this paper will first examine the historical background to see which underlying historical trends have helped to create the current cyber environment (Morgan, 2017; Ogborn, 2018).

Next, the paper will identify the direct and indirect losses and recommend a number of risk management techniques that a business can implement to prevent or reduce the losses. Consequently, it will enumerate a number of steps a company can take to recover from the cyber-attack. Last but not least of all, this paper will examine the attack on Target and the company’s path to recovery.

Historical Background

Although people tend to think of cybercrime as something that originated in the last two or three decades with the discovery of the Internet, cybercrime has been around for over 100 years. The first known occurrence of cybercrime came to be in the 19th century with the invention of the wireless telegram (Fell, 2017; McMullan, 2015). In 1903, during the first public demonstration of the technology, Nevil Maskelyne, an inventor and wireless technology enthusiast, hacked the telegram to send Morse code messages in disapproval of the invention.

The next wave of cybercrime came in the late 1950s with the “phone phreaks,” or phone hackers that would listen to tones emitted by phones to find out how the calls were routed (Fell, 2017). The phone phreaks would then imitate these tones to switch the calls from the phone handset and allow themselves to make free calls around the world.

The major wave of cybercrime came with the growing use of email in the late 1980s (Fell, 2017; “Where Does Cybercrime Come From?” 2017). Since that time, phishing scams and malware have been conveniently delivered to people’s inboxes. The development of web browsers in the 1990s increased people’s exposure to new, more hidden forms of cybercrime, such as viruses (“Where Does Cybercrime Come From?” 2017). The frequency of cybercrime increased dramatically in the early 2000s with the widespread use of social media. The increasing number of people putting their personal information into a profile database created a treasure trove for identity thieves, which then used the information to gain access to bank accounts and open new lines of credit.

Today, nearly everyone has a footprint on the web, including large companies. Because of this, cybercrime has become even more attractive than ever before. Not only have the prospects for hackers increased, but the losses to people and businesses continue to grow on a yearly basis. On average, the cost of a data breach by 2020 will be over $150 million (Ogborn, 2018). The overall global cost of cybercrime today is around $600 billion, or about 0.8 percent of the global GDP.

Companies that fall victim to cybercrime often pay high legal fees and suffer losses in both income and reputation. In 2013, Target lost $890 million in market value the day it announced its cyber breach, which resulted in the loss of nearly 40 million customers’ credit card information and other data (Palmquist, 2018). On a similar note, Yahoo lost a whopping $350 million off its sale price when it announced in 2016 that it had been a victim of a data breach that compromised three billion user accounts (Armerding, 2018).

Loss Exposures Associated with Cybercrime

As more people and businesses become interconnected via the Internet, the number of exposure units continues to grow. Not surprisingly, the frequency of losses is also increasing. Cybersecurity Ventures predicts that by 2019 a business will fall victim to ransomware every 14 seconds as opposed to every 40 seconds in 2017 (Morgan, 2017). According to Ponemon Institute, the severity of losses is also growing at an alarming pace.

In 2017, the average cost of cybercrime globally reached $11.7 million per business, which was a 23 percent increase from $9.5 million in 2016 (“Cyber Crime Costs $11.7 Million Per Business Annually,” 2017). Seeing these statistics, one may not surprisingly wonder where these costs come from. To answer this question, one may have to look at both direct and indirect losses associated with a data breach. Studies show that businesses suffer a variety of losses during and after a data breach. These losses include damage or loss of personal and financial data, stolen money, loss of productivity, theft of intellectual property, legal expenses, damage to reputation, and recovery expenses.

Stolen money. Cybercriminals can impose a direct and immediate financial cost on a business when they gain access to the financial accounts and transfer the funds to the accounts they control. Even banks, which are often thought to have the strongest cyber security protection, are not immune. In the years 2016 and 2017, in a time span of just 18 months, Russian hackers called “Money Takers” stole a total of $10 million from U.S. and Russian banks (Reevell, 2017). Hackers do not have to break into a company’s system to steal money. In 2016, businesses unknowingly wired over $360 million to cyber criminals that posed as corporate executives or suppliers in emails (Reuters, 2017).

Stolen intellectual property. Hackers may also steal intellectual property, such as trade secrets or future company plans, and attempt to sell this information to competitors (Deloitte, 2016). Because intellectual property helps innovation and growth, the loss of this information may not only increase costs but also lead to the failure of small and medium businesses (Deloitte, 2016; Lewis, 2018). According to the Center for Strategic and International Studies, the theft of intellectual property constitutes, at the minimum, a quarter of the cost of cybercrime (Lewis,2018).

Damage to reputation and loss of personal and financial data. In the first half of 2017, nearly 2 million data records were compromised (Graham, 2017). This constituted a 164 percent increase from the year prior. Because a large percentage of the sensitive records stolen are usually filled with confidential customer data, reputational damage and liability risk are very real concerns to a company and its brand (Eubanks, 2017; Puzas, 2017). Data breaches often lead to a loss of trust in the company and a lack of confidence in the company’s ability to keep customer data safe. As a result, customers are less likely to buy from companies that could mismanage their information and put them at risk of identity theft. As one can imagine, losing customers, especially those who were once brand loyal, negatively affects a business’s bottom line.

Legal costs. Following a cyber-attack, a company may be faced with class-action lawsuits from customers who have been affected. Target, Home Depot, and Sprouts are just a few of the many businesses that have had class-action lawsuits filed against them. In May 2017, Target paid a whopping $18.7 million settlement over the 2013 data breach that affected more than 40 million of its customer payment card accounts (Eubanks, 2017). Data breaches can also draw hefty fines from the Federal Communications Commission, Federal Trade Commission, Health and Human Services, the Payment Card Industry, Data Security Standards, and other regulatory agencies (Puzas, 2017).

Decreased profitability. According to Nick Eubanks of the Young Entrepreneur Council, “Market perception is directly linked to how company security is managed (Eubanks, 2017).” The reason for this is that an estimated 85% of business assets are in digital form. Taking this into consideration, it is no surprise that negative press regarding a cyber-attack can provoke the “sell now” groupthink. Investors want to feel that their money is safe with a company; they want to feel like they can make a profit. When the majority of the company’s assets are under attack, they want to be out and out quickly. According to a study by the critical security provider Gemalto, two-thirds of the 65 companies breached had their share price negatively affected (Graham, 2017).

Recovery expenses and lost productivity. Following a cyberattack, opportunities and income are foregone, and business activities are interrupted by the need to spend money and time on recovering hacked data and bolstering cyber security (Lewis, 2018). Profitable projects may have to be postponed or even canceled as money is diverted away to deal with security issues. According to Business Insider, it costs an estimated $1 million on average to resolve a cyber-attack (Puzas, 2017).

Dealing with the Loss Exposures

The most direct loss exposure to a company that uses the net to store its data and communicate with its stakeholders is the loss or theft of data. As mentioned earlier, this loss exposure is growing in frequency and cost every year. To reduce the frequency and severity of losses, a company can use a variety of risk control techniques such as loss prevention, duplication, and separation. Because no business is immune to cyber-attacks, it is also a good idea to use risk financing techniques such as active retention and cyber-insurance to deal with indirect losses such as legal costs and recovery expenses.

Loss prevention. The support and commitment of the Board of Directors and senior management are vital to the successful implementation of a risk management strategy (CPNI, n.d). These two groups should actively communicate the organization’s attitude and approach to risk management throughout the organization to make certain that employees, contractors, and suppliers are aware of the risk level the organization is willing to take on. Training employees in cyber security principles and limiting their access are two ways to reduce the risk of data loss or theft.

Employees should be trained to use two-factor authentication, regularly change passwords, and recognize suspicious emails (Cap Coverage, 2018). They should also only be given access to the data and information they need to do their job. It is also very important to install, use, and regularly update antivirus and antispyware software on all computers used by the company. To make sure that the appropriate security measures are maintained, the company must conduct regular network penetration tests and cyber-attack exercises (CPNI, n.d.). The deficiencies in protection need to be corrected immediately or as soon as possible.

Duplication and separation. In case data is stolen or lost, it is a good idea to keep copies of important business data and information (Cap Coverage, 2018). A company can also limit its losses by dividing the assets exposed to a loss and keeping them separated. To do this, a company would identify, group, and isolate important business data and control for the risk of each group (Cap Coverage, 2018; CPNI, n.d.). This way, if a loss occurs, only one group suffers a loss, and the company can still continue certain business operations.

Cyber-insurance. Because the losses associated with a cyber-attack are very high, cyber insurance can help deal with some of the indirect losses (HUB International Limited, 2018). Cyber insurance coverage varies and usually covers only a part of the loss. Areas more commonly covered by cyber-insurance include privacy attorneys, IT forensic investigation, compliance with state notification laws, credit monitoring for breached individuals, PR firm to manage the crisis, regulatory fines, and class-action lawsuits resulting from the breach. Currently, the top cyber insurers are AIG, Chubb, Hiscox, Liberty Mutual, and HSB (Cyber Policy, 2018).

Handling the Existing Risk and Returning to “Normal”

As mentioned earlier, it is nearly impossible to prevent all cyber-attacks. When a cyber-attack occurs, a business is likely to experience decreases in its operational abilities, downtime, reputation, and revenue (Alvarez Technology Group, 2018). To limit these losses and ensure operational continuity, a business needs to have a response and recovery plan in place in case an attack occurs. The response and recovery plan should serve as a guideline for organizing the incident response team, securing systems and ensuring business continuity, conducting an in-depth investigation, managing public relations, and following legal and regulatory requirements (Rossi, 2015).

Incident response team. To deal with cyber-attacks in a comprehensive and effective manner, a business must establish an incident response team (Rossi, 2015; Walker & Associates Insurance, 2018). The incident response team should consist of relevant internal stakeholder groups. Typically, this team includes HR and employee representatives, a technical team, a legal team, intellectual property experts, data protection experts, and public relations representatives (Rossi, 2015).

Securing systems and ensuring operational continuity. To prevent continued data exposure and loss, a breached business needs to take certain security measures (Rossi, 2015; Walker & Associates Insurance, 2018). Although doing this can be very disruptive and costly, a business may have to quarantine or suspend a compromised portion of the network. Other systems may also have to be monitored to make sure that any other breaches are detected promptly. After detecting the losses, the business should check whether they are covered under the insurance policies (Vitale, 2016). If they are covered, the insurance company needs to be notified in a timely manner.

Conducting an in-depth investigation. An important step to take after a breach has occurred is to carry out an in-depth investigation (Rossi, 2015). This investigation should determine the cause of the breach, the breach’s effects, and the remedial actions that need to be taken. Should an employee be involved in the breach, the investigation also needs to consider all relevant labor laws and involve HR personnel. To be able to demonstrate appropriate handling of the situation and to notify those affected by the breach, the investigation needs to be appropriately documented (Walker & Associates Insurance, 2018). Furthermore, the business should integrate the feedback from the investigation into its current response and recovery plan to prevent similar breaches.

Managing public relations and following legal and regulatory requirements. To avoid detrimental reputational damage and additional legal consequences, the business should follow the security breach notification laws in informing those affected by the breach (National Conference of State Legislatures, 2018). The accuracy and timing of notifications are especially important. Helpful complimentary services such as credit screening can also be offered to help save the customer relationship (Rossi, 2015).

Closing the Loop With a Real-Life Case

Not many cyberattack stories have happy endings. Costs associated with diminished consumer trust, damaged reputation, class action lawsuits, and stolen intellectual property can be detrimental and even deadly to a business. Target, one of the largest retailers in the U.S., goes to prove that recovery and even growth after an attack are possible if the appropriate measures are taken. The following three sections explain the cyber-attack, the measures taken, and the result.

Cyber-Attack on Target

In November 2013, hackers stole forty million credit and debit card records using stolen third-party vendor credentials (Hong, 2017). This hack was largely the result of negligence. Target delayed the investigation of suspicious activity and failed to implement even the most basic security measures, such as the separation of cardholder data from the rest of its computer network (Finkle, 2014; Hong, 2017). The theft negatively affected the retailer’s reputation with customers, decreased sales, and resulted in $202 million in legal fees and other post-breach costs (Hong, 2017).

How have things changed? Five years and a CEO later, Target has made large strides towards regaining consumer trust and recovering financially. To prevent future attacks, the company has limited vendor access and separated its cardholder data from the rest of its computer network (Target, 2018). It has also installed whitelisting applications on its point-of-sale systems to allow only known web traffic to access its systems (Target, 2018). To ensure the security of accounts, the company implemented password rotation policies and two-factor authentication (Target, 2018).

Not to mention, Target became the first major issuer to use chip and PIN credit cards in the United States (Harris, 2017). Unlike credit cards with magnetic stripes, credit cards with EMV chips are more difficult and expensive to duplicate, which makes them more secure. That is to say, Target’s credit cards became some of the safest in the nation. To better detect suspicious activity, the company also improved its auditing and logging of security-related events with supplementary rules, alerts, and a centralized log feed (Target, 2018). As a result, the company can now better monitor user activity, document regulatory compliance, and perform forensic analysis.

Did these changes help? Target’s sales have more than recovered. In fact, the company just reported its best quarterly sales in over a decade (Bhattarai, 2018; Safdar, 2018). Total revenue grew 6.9% to $17.78 billion, increasing the company’s annual earnings prospects. According to Target Chief Executive Brian Cornell, this growth is not only attributable to the booming economy but also to the increase in market share Target has gained in various categories ranging from electronics and homewares to toys and apparel (Safdar, 2018).

References:

  1. Cyber Crime Costs $11.7 Million Per Business Annually. (2017). Retrieved from https://www.securitymagazine.com/articles/88134-cyber-crime-costs-117-million-per-business-annually
  2. Ogborn, J. (2018). Cyber Attack Trends: 2018 Mid-Year Report. Retrieved from https://www.varonis.com/blog/cyber-attack-trends-2018-mid-year-report/
  3. Morgan, S. (2017). Cybersecurity Ventures. Retrieved from https://cybersecurityventures.com/
  4. Fell, J. (2017). A Brief History of Cyber Crime. Retrieved from https://www.safetydetectives.com/blog/history-of-cyber-crime/
  5. McMullan, T. (2015). Cybercrime: A Short History. Retrieved from https://www.itgovernance.co.uk/blog/cyber-crime-a-short-history
  6. “Where Does Cybercrime Come From?” (2017). Retrieved from https://www.kaspersky.com/resource-center/threats/where-does-cybercrime-come-from
  7. Palmquist, R. (2018). Target Corporation Data Breach: A Case Study of What Not to Do. Retrieved from https://dmi.com/target-corporation-data-breach/
  8. Armerding, T. (2018). The 17 biggest data breaches of the 21st century. Retrieved from https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
  9. Deloitte. (2016). Intellectual property theft: A growing threat. Retrieved from https://www2.deloitte.com/global/en/pages/risk/articles/intellectual-property-theft.html
  10. Lewis, J. (2018). The true cost of cybercrime. Retrieved from https://www.csis.org/programs/technology-policy-program/significant-studies-cybercrime

Leveraging Data Science and Machine Learning for Enhanced Cyber security

Rising Threats and Evolving Tactics

Today, the world we live in is advancing in each field, especially in terms of technological development. Any work can be done through smart devices. The biggest boon for our century is the internet. With that, we can know what is happening around us and in every part of the world. With the increase in the technological aspects and flexibility of doing things online, the risk of cyber-attacks is also growing exponentially.

Data science is one of the top emerging technologies that has proven to aid many organizations, and cyber security is not an exception for that. Data science includes many machine learning algorithms that are used for predicting cyber-attacks in advance. Existing Cyber security techniques could be helpful in preventing the attacks or threats as they occur, but with data science, these attacks could be predicted in advance and take necessary steps to avert them completely. This paper gives a general introduction to what Data science is and how that can be used in Cyber security, along with some basic machine learning algorithms.

Machine learning is one of the topmost emerging technologies that is currently booming the business of any type of organization. Generally, data science is the field of extracting and analyzing the data. This process involves extracting useful information from either structured or unstructured data that has been collected from various sources. As the data is collected from multiple sources, it would be generally unformatted data. For the analysis process, data should be in an organized manner. Then by using machine learning algorithms and tools, the information can be analyzed to make predictions about unexpected events.

Data Science helps in predicting the actions that might occur by analyzing past data. Most organizations are implementing data science in their business activities in order to predict possible activities. The task of data analysis is performed by the data scientists. They establish a working relationship with the stakeholders in order to know which information is to be analyzed so that they can find the algorithms that need to be used to run the data models that might help in business growth.

On the other hand, Cybersecurity is another big thing happening in the world. Security is needed everywhere and for everyone, especially when we are dealing with devices online. Cyber security deals with threat management issues related to any type of organization. It provides the procedures and methods that can be used to prevent cyber attackers. Also, they aid in recovering from the attacks. Generally, hackers and attackers with malicious intentions try to steal confidential data from devices through various attacks.

A cyber-attack involves stealing, modifying, or deleting sensitive data from a system or accessing another’s system without their knowledge. There are innumerable cases where many industries have lost millions of dollars because of cyber threats. Hackers can target either an individual or a group of people in order to gain access to the systems. These attacks come in different forms. Some of the attacks that are frequently used by the attackers are phishing, a man-in-the-middle attack, denial-of-service attacks, viruses, malware, etc., and Social engineering attacks, which are the most commonly used attacks on individuals and on employees of any company. In this method, the hacktivist’s main goal is to make the target believe that they are legitimate and trust them.

Relationship between Machine learning and Cyber Security:

Data analysts use machine learning tools in order to conduct a thorough analysis of the collected data to reveal trends and patterns. For example, based on the analysis, future occurring attacks can be predicted so that necessary preventive measures can be taken by the organization. Cyber security uses a wide range of tools and intrusion styles in order to monitor the activities on the devices and to stop dangerous activities. They come into action only when any unusual things happen. But data science can be used for both enhancing and simplifying cyber security tools. By using past and present data as input to machine learning algorithms in data science, the possibility of the occurrence of future attacks can be estimated.

Another biggest concern about a cyber-attack is losing valuable information. Cyber security uses encryption algorithms in order to prevent the loss of data from an organization’s database. But, by using data science, inaccessible protocols can be developed. For instance, by analyzing past data, spending a huge amount on the detection and response phases. But no organization is sure of the results because if they find new countermeasures for the attacks, then the attackers are also taking new forms to exploit the systems.

This is where data science comes in. Most companies these days have a team of data scientists, but they do not work in security. Data scientists working with the security team can inform what the data needs to be focused on. on As the organization starts to look to gain continuous visibility to risk and security performance, there are three critical questions that need to be answered. They are:

  1. What are the available data and the quality of the available data?
  2. What does that mean for the insight we can get in?
  3. What is the plan to follow and to improve data sources to answer the questions that matter most?

The Impact of Data Science on Cybersecurity:

Generally, data scientists use machine learning tools and algorithms to predict cyber-attacks and to stop them. So that the data scientists can identify the risks based on past attacks, machine learning algorithms can find the attacks that might take place by analyzing the past data. This is very useful to organizations that are prone to attacks. Machine learning tools can also be used to make repetitive security tasks occur automatically.

Machine Learning in Cyber Security:

Generally, any machine learning algorithm that is used in cyber security contains two phases which are the training phase and the protection phase.

  • Training Phase: In this phase, both positively labeled and negatively labeled features are given as input to a system which makes a predictive model out of that.
  • Protection Phase: In this phase, the predictive model identifies whether the incoming feature is benign or harmful.

Clustering Algorithm:

Clustering is a technique of separating the data points which are of the same kind. That means all the data points in a cluster contain similar features, and those features are different from the data points of another cluster.

The above figure represents the clustering algorithm in a two-dimensional space. The x-axis and y-axis represent two different features, and the input data is represented in the form of data points in that space. The algorithm involves several steps. They are:

Step 1: Firstly, the input data is represented in data points in two-dimensional space, then two random points are selected from all the data points.

Step 2: In the second step, the distance from each selected point to the rest of the points in that space is calculated.

Step 3: The points which are nearest to the selected points are formed into clusters. As there are two selected data points, there will be two clusters.

Step 4: After the clusters are formed then, the mean point of each cluster is determined. The mean is calculated as the sum of all the data points divided by the number of data points. As there are two clusters, two means are determined in our example.

Step 5: In this step distance from each mean point to all other points is measured, and the nearest points to the mean points are again formed as clusters.

Step 6: Steps 4 and 5 are repeated until we get the same mean points consecutively. Then the clusters formed are considered the final ones.

Initially, all the incoming executables are sent into the algorithm. Then based on the number of clusters required, the initial clusters are formed. Then as explained in Figure 1, after several iterations, final clusters are formed. In this way, the clustering algorithm is used to identify the malicious objects in a network.

Challenges:

By using a clustering algorithm in the field of cyber security, any unusual activities on the network can be identified immediately, and the chances of the occurrence of attacks can be predicted. But there are a few challenges that a data scientist is facing. Those include:

1. Number of Clusters:

Identifying the count of the clusters that need to be formed is a difficult task because without knowing the exact clusters, the analysis may not be appropriate to consider. Also, there is no perfect way to determine the number of clusters.

2. Distance Measuring:

The distance can be calculated by using Manhattan, Euclidean, or the maximum distance measure. Finding the correct method of measuring the distance based on the labels is difficult.

3. Choosing Initial Data Points:

Choosing the initial data points is very crucial as the rest of the functions depends on that.

Conclusion:

Cyber security and machine learning can help many organizations in identifying and predicting several cyber-attacks in advance. Companies are losing millions of dollars as a result of cyber-attacks each year. Machine Learning algorithms are used to predict the possibility of the occurrence of data breaches in advance based on past data. Clustering is one such algorithm that is used for identifying malicious objects in a network. The importance of data science in cyber security and functionality and one example of a clustering algorithm are explained in this paper.

References:

  1. Howe, S. (Jul 18, 2018). The Value of Data Science in Security. Retrieved from: https://www.csoonline.com/article/3500646/the-value-of-data-science-in-security.html
  2. James, M. (August 27, 2019). How To Improve Cybersecurity With Data Science. Retrieved from: https://www.smartdatacollective.com/how-to-improve-cybersecurity-with-data-science/
  3. Tianfield, H. (2017). Data Mining Based Cyber-Attack Detection. Retrieved from: https://www.researchgate.net/publication/321491605_Data_Mining_Based_Cyber-Attack_Detection
  4. Drinkwater, D. (December 12, 2017). 5 Top Machine Learning Use Cases for Security. Retrieved from: https://www.csoonline.com/article/3240925/5-top-machine-learning-use-cases-for-security.html
  5. Raghupathi, K. (2018). 10 Interesting Use Cases for the K-Means Algorithm. Retrieved from: https://dzone.com/articles/10-interesting-use-cases-for-the-k-means-algorithm
  6. Agarwal, P., Alam, M. A., & Biswas, R. (2011). Issues and Tools of Clustering Algorithms. Retrieved from: https://www.semanticscholar.org/paper/Issues%2CChallenges-and-Tools-of-Clustering-AgarwalAlam/7b49bd891f632ca6e86e5ccccdc3761ceb3fd277

Cybersecurity and Networking Discourse Community: Analytical Essay

Patil states: “The term discourse community identifies a group of people with common interests and goals in life, share a language that helps them discuss and attain these interests and goals” (Patil). This is what Patil said about discourse communities and this is what it means. Discourse communities are people with similar goals and these people tend to bond together in a particular way which helps them attain there goals while everyone works together as a whole. Professional, academic, and recreational communities include their own way of informing, whether that be through emails or by fliers containing essential material relating to that specific community. For instance, a professor may address a formal syllabus at the beginning of the semester that provides a broad overview when the class will meet every day and what will be taught on those days. This differs from how the president of a club might only reach out to all the members once or twice every week to inform them of upcoming special events and next meetings. He/she might prefer a short and simple email with some funny comments to quickly get the information out to all the members in the club. The Rhode Island Cybersecurity Commission (RICC) in Providence, the Introduction to Computer Hardware (100) course at Roger Williams University (RWU) in Bristol Rhode Island, and the Cybersecurity & Intel club also at RWU, are all credible discourse communities cybersecurity & networking majors could confront on their direction of seeking a career in this field.

The Rhode Island Cybersecurity Commission works to develop how the state needs to improve on emerging issues of cybersecurity and infrastructure resiliency providing to the cybersecurity process. The process examines and follows qualified practices by states all around the country and enforces all executive branch agencies use the qualified practices. The Commission is comprised of executive branch executives, associates of a private sector, representatives from Rhode Island’s Academic and Research Institutions, and other Public and Quasi-Public Agencies (Cybersecurity | RICC). So far the Commission has started working on an analysis of applicable state agencies including the Rhode Island State Police, Rhode Island National Guard, the Rhode Island Division of Information Technology, and the Rhode Island Fusion Center. These processes address how each and one of these agencies have an impact on cybersecurity. These processes could also deal with anything from improving Rhode Island’s National Guard by creating the new and proposed Joint Cyber Task Force (Cybersecurity | RICC). It is anticipated that all executive branch agencies in the state will become more regulated in their assets, while the capacity to apply assets which may be effective to represent their agency or association.

The agencies are inspired to refer to the RICC Initial Recommendations Manual which formally outlines what agencies need to complete to attain the goal of what the commission is trying to accomplish for Rhode Island. For example, in section three in the table of contents, the manual goes into great detail about recommendations for specific topics such as risk management, skills training, technology deployment, cyber defense, etc. For improving the organizational formation under risk management, the manual states:

The state should upgrade its tools and risk management processes to be consistent with best practices for state network operations. This should include adding human resources dedicated to cybersecurity within the Division of Information Technology itself, rolling out system‐wide training to all state employees on cyber‐hygiene—focusing on spear phishing in particular. (DePasquale)

Agencies who complete the recommendations will be granted formal recognition that an agency has successfully met specific requirements and recommended business best practices. In an email interview on October 26 with Peter Gaynor, the Executive Branch Director of the RICC, he discussed the emphasis of filling out these forums and staying knowledgeable of what the cybersecurity agencies are accomplishing. He acquired the position in January 2015 when the program was established (Gaynor). Gaynor works with the Rhode Island Emergency Agency to coordinate response and recovery efforts for evacuations from natural disasters, and regulates cyber threats to try to develop new cybersecurity standards (Gaynor). As for today Gaynor continues to support cybersecurity standards and he reflects on current best practices for cyber threats.

If an agency in Rhode Island wants to receive a recommendation, it must fill out the RICC Agency and Enterprise Application. This application requires information regarding the agencies information and enumerations including the name of the agency, IT centralized or not, the Executive Director and manager, and who their enhance partnerships are with. The commission then receives the applications to review if the documents are valid enough for approval.

When it comes to good writing, Gaynor defines it as: “writing that gets the most amount of information in the least amount of words to convey the writer’s message or intent,” because cybersecurity agencies have to make sure they fill out the applications and paperwork to their finest capability in order for the commission to allocate them the recommendation they deserved for all their hard work. The Rhode Island Cybersecurity Commission ranks as a compelling discourse community that pursues to accredit cybersecurity agencies throughout the state, along with collecting documents that show an agency emboldens the best practices for cyber threats.

The next discourse community a cybersecurity & networking major might face themselves with is a course offered at their university, such as the Introduction to Computer Hardware (100) course at Roger Williams University. This course introduces the fundamentals of personal Computer Hardware. It includes students building a personal computer through a simulation, install and configure networking components, and grasp the basics of networking and connectivity. The adjunct professor, Michael Micale, began teaching cybersecurity & networking courses at RWU since 2015. As an adjunct professor, Professor Micale has been working full time as a System Administrator in Fall River Massachusetts till to this day. He enjoys teaching his students on the key essentials of Computer Hardware, such as, how the changes in technology over the years has a significant impact on what parts and components computers need nowadays, and wants his students feedback on the subject.

In his course, Micale provides an online syllabus at the start of the first class every semester. It includes scheduled class dates and what lessons are due the next week when the next class meets. The class meets only one day a week and varies on a students schedule. At the top of the second page in the syllabus, students can see that for doing discussion forums every week, it can accumulate to extra points up to five percent on a student’s final grade. Along with his syllabus, Professor Micale uses email to contact students with urgent information such as when the midterm assignment is due and any not completed labs that a student needs to finish. In an interview on October 22, Micale said he finds that to be the “most efficient way” of contact with his students and will even send multiple emails during the week about changes to the assignments. One particular email he sent out to the class was as straightforward as: “Hello class, TestOut section numbers have been updated to match the new version of the software for the first three sections. I have placed a link to the first forum and survey in Lesson 3, see you all tonight.” His emails are simple and brief to get his point across promptly. Professor Micale’s contact with students is “pretty much formal but can be casual.” Relating to the matter, Micale states: “Class was great last week, just wanted to let everyone know if anybody has any trouble with the TestOut site you can email me questions any time, I want you all to succeed and learn to the best of your ability, Thanks Mike.” He provides suggestions and gives positive reinforcement to all his students because he cares for their education, and wants feedback on how he could change anything in the class to make it more enjoyable.

In addition to that representation of contact, Professor Micale also uses Bridges, a campus website provided to students, as a resource to reach out to the class. For example, in the middle of the semester towards late October, he assigned the midterm assignment, due the following week, it was assigned and in an email he sent to the entire class: “Hello class, I will be releasing the midterm shortly, I’m just finishing it up. It can be taken online with your own laptop on the TestOut site, under the resource tap in Bridges, Thanks Mike.” Bridges makes his students have the ability to easily access forums and surveys he wants them to do. The guidelines for the midterm are as follows:

The midterm must be taken as follows;

Unlike the quizzes, the midterm will have a time limit and you’ll only get one chance at it so please be prepared prior to taking it. I’ll email a quick guide to everyone before releasing the exam. Please stay tuned. (Micale)

These guidelines establish the specifications of good writing that Professor Micale tries to justify.

This discourse community defines good writing differently than what a professional discourse community would define it as. Micale defines good writing as: “balancing technical knowledge with the ability to communicate it at various levels of technical expertise. Also, realizing when to explain technical concepts in depth and when it could be appropriate or inappropriate and how to do so if appropriate.” Micale wants his students to absorb the sequential information needed from this course and have the ability to explain the material they learned to a CEO of a company or owner of business in a interview to have the opportunity to get a job in the field. He believes that if students were not interested in taking this course why would they want a career in Cybersecurity & Networking. This discourse community concentrates on the significance of cybersecurity & networking and achieves the objective of learning more about the Cybersecurity & Networking System.

Both the Rhode Island Cybersecurity Commission and the Introduction to Computer Hardware course at RWU value the importance of cybersecurity & networking. They have their own way of connection, but both have different ways to contact members of the community and scope out awareness of the Cybersecurity & Networking System. The RICC uses more formal communication, including all the paperwork an agency must fill out to attain a recommendation for approval. RICC officials use the RICC Initial Recommendations Manual to look through guidelines and verify everything the agency successfully accomplished. The RICC officials use a more qualified communication system. For example, agencies will generally send their agency and enterprise application in the mail where it can be handled by the commission. Another way someone could send their agency and enterprise application is driving to the commission in Providence to get it processed. For the Introduction to Computer Hardware course, most of the contact is through email. Professor Micale makes his emails more informal than formal, but still has that professional aspect through his grammar and serious comments to thoroughly respect his role as a professor. All the material can be found on Bridges and the TestOut site, otherwise he emails any assignments not on Bridges to the entire class. Although these two discourse communities differ in communication forms, they both use what is essential for their profession and what is easiest to help them succeed in spreading knowledge of Cybersecurity & Networking within Rhode Island.

The third discourse community is the Cybersecurity & Intel club at Roger Williams University. The Cybersecurity & Intel club is a club on campus specifically designed and created for all cybersecurity & networking majors, but can allow non cyber students to join. They meet typically during the last week of each month on Saturdays at either 1:00 or 7:00pm which varies, in room 105 in the Global Heritage Hall (GHH) building. Communication is primarily done through email. The club President, Austin Turecek, will typically send out a bulk email to all the members advising everyone of what topics he and the other board members are going to address at the next meeting. The style of writing is not traditionally formal but mostly informal, and may have some sarcasm in it. One particular email he sent on October 18, Turecek stated:

Hey friends and family, Tonight at 7pm in the College of Arts and Sciences (CAS) building room 157 there’s going to be a screening of a classic hacker movie, Sneakers. Popcorn and soda will be there. Friendly people will be there. I hope a puppy will be there, but I have zero reason to expect that. I also hope you’ll be there. P.S. cyber fact of the day – only 10-12% of cyber crimes are reported. (Turecek)

His constant use of the word “there” and then the one word “postscript (P.S)” indicates that he really wants his members there as well as giving a fact to provide some meaningful cyber knowledge to all the members. This email demonstrates a less professional feeling and displays that connection does not have to be superb.

In an interview on October 21, Turecek expressed that the requirements for writing in the club are not stern. Contact to all the members is usually short and simple to get the information out as promptly as possible. Alongside emailing all the club members, Turecek and the Vice President Samuel Munhall and other board members use a campus provided website called Hawklink to put out information about the meetings. This website also gives an overview of the club’s goals such as providing support for student learning by creating a community for those interested in cybersecurity and information security, and helping members who are serious about cybersecurity get ready for future careers in the Cybersecurity & Networking field (Cybersecurity & Intel club). Along with email and the Hawklink website, Turecek will show what individual projects he has been working on non-related to the club, and will even have all the members try to complete his projects in a certain amount of time. One project he displayed was how easily someone could hack the student forum tab on the schools online website Bridges. He discussed how there were only three steps needed and Bridges could be hacked in an instant. This specific communication demonstrates how helpful and passionate the head members of the club are, wanting there members to succeed further on in the field in the future.

Good writing is defined differently in this discourse community than what a professional or academic discourse community would define it as. Turecek stated that good writing consists of: “making the meetings fun and informal, while having the learning factor involved as well” in which he demonstrates in his shared project designs and the sample email he sent to all the members (Turecek). As the President for the past two years, Turecek cares about the Cybersecurity & Intel club here at RWU and explained what this recreational community is trying to do when communicating with its members, and what report they try to address to the campus community.

These three discourse communities have their own distinct way of connection that works to their own interest. In regards of the one who displays the least amount of professionality, the Cybersecurity & Intel club is the perfect candidate. The club President sends out quick, and bulk, emails that lack the same formality found in an email a cybersecurity agency would deliver to the RICC for a recommendation. An email from Professor Micale to his class in the Introduction to Computer Hardware course also differs from what an email entails from an organization or club. Although the contact is occasionally both formal and informal, there is great admiration for his role as a professor, whereas the Cybersecurity & Intel club could not stray away from its members. On the contrary, these three communities do share the idea of getting their point across by having their own communication styles collect enough information so that members of the community can comprehend it. The academic courses main goal is to prepare criminal justice majors for careers in the field such as those in RICC, whereas the club at RWU is more for satisfaction but can also help members who are serious about cybersecurity get ready for future careers in the Cybersecurity & Networking field. The club can also allow members to interact with others who share a common interest in cybersecurity & networking.

Someone looking into a serious career in the Cybersecurity & Networking System must be able to learn and accustom to different communities. One must use formal language within a professional discourse community to contact with other employees in a company or organization, where the academic and recreational can be seen as more informal without worrying about following those particular principles of writing. These exclusive components of the style of writing are what manufactures the RICC, the Introduction to Computer Hardware course at RWU, and the Cybersecurity & Intel club at RWU as all credible discourse communities.

Works Cited

  1. Patil, Komal. “A Simple Explanation of Discourse Community With Examples.” N.p., 2018. Web. 21 Oct. 2019. https://www.google.com/amp/s/socialmettle.com/explanation-of-discourse-community-with-examples.ampwith-examples.amp
  2. “Cybersecurity | RICC.” RICC. N.p., 2015. Web. 21 Oct. 2019. http://www.governor.ri.gov/documents/press/RICybersecurityCommissionOctober2015Report.pdf
  3. DePasquale, Scott E. RICC Initial Recommendations Manual. N.p.: RICC Cybersecurity Program, 2015. Print.
  4. Gaynor, Peter. Email Interview. 26 Oct. 2019.
  5. Micale, Michael. (Fall 2019). Introduction to Computer Hardware. The Apereo Foundation Bridges website Roger Williams University. Syllabus. Web 21 Oct. 2019.
  6. Micale, Michael. Person Interview. 22 Oct. 2019.
  7. Turecek, Austin. Person Interview. 21 Oct. 2019.
  8. Cybersecurity & Intel club. Roger Williams University. Hawklink. Web. 21 Oct. 2019. https://hawklink.rwu.edu/organization/cybersecurity-intel

Cyber Security Thesis Statement Example

Executive Summary:

Cyber security has its unique role in securing information in every sector. Protecting information from hackers has become more challenging. The first thing that strikes in mind with the word hacker is cyber threats which is a major concern for every data handling organization. Various policies and regulation acts were being implemented by organizations and governments to prevent cybercrimes. The world is facing and required techniques and technologies to prevent them.

Over the years, the term Cyber Security has gained much importance and become a common part of each one’s life who is associated with a computer or a smartphone device. When people submit their data online, it becomes vulnerable to cyber-attacks or cyber-crimes. Moreover, cyber-attacks can happen over an external-facing DNS server or an internal firewall, which in turn affects the data within the enterprise that inherently causes significant damage to the business of the associated organization. Cyber Security offers security, from unauthorized access or exploitation, through online services to the massive data, associated appliances, and network that is used for communication. The Cyber Security Life Cycle is classified into various phases.

The main element of Cyber Security is the use of authentication mechanisms. For example, a username identifies an account that a user wants to access, while a password is a mechanism that proves the user is who he claims to be. Each year, Check Point Research (CPR) reviews the previous year’s cyber incidents to gather key insights about the global cyber threat landscape.

Introduction:

Introduction to Cyber Security

CYBER SECURITY refers to a set of techniques used to protect the integrity of networks, programs, and data from attack, damage, or unauthorized access. Cyber security is the protection of Internet-connected systems, including hardware, software, and data from cyber-attacks. It is made up of two words one is cyber and the other is security.

Cyber is related to the technology which contains systems, networks,s and programs or data.

Security is related to the protection which includes systems security, network security and application, and information security.

Cybersecurity is a process that’s designed to protect networks and devices from external threats. Businesses typically employ Cyber Security professionals to protect their confidential information, maintain employee productivity, and enhance customer confidence in products and services. Cyber Security involves protecting key information and devices from cyber threats. It is a critical part of companies that collect and maintain huge databases of customer information, social platforms where personal information is submitted, and government organizations where secret, political, and defense information are involved. It describes how personal and key government data is protected against vulnerable attacks that possess threats to important information, may it be on the cloud, or across various applications, networks, and devices.

Background Information:

For nearly two decades after the creation of the world’s first digital computer in 1943, carrying out cyberattacks was tricky. Yet, computer systems have suffered vulnerabilities for much longer. So, Cybercriminals have played a role for a long time as a threat.

Background of Cyber Security

Cybersecurity came into existence as a research project on ARPANET in the year 1972. Bob Thomas, a researcher, invented the first computer virus and named it “Creeper”. The Creeper moved across the network leaving a trail. Wherever it went, it printed the message “I’M THE CREEPER: CATCH ME IF YOU CAN”.

Ray Tomlinson, the inventor of email created the first antivirus called “Reaper”. Reaper would chase and delete the creeper along its trail. In the late 1990s, when the world entered online, computer viruses turned into serious threats from mere academic pranks.

Statement of the Problem Purpose:

Privacy and security of the data will always be top security measures that any organization takes care of. We are presently living in a world where all the information is maintained in a digital or a cyber form. Cybercriminals continue to target social media sites to steal personal data. Not only social networking but also during bank transactions there must take all the required security measures.

The world’s largest email validation company, Verifications.io fell victim to a major data breach due to an unprotected MongoDB database. Data from over 800 emails were exposed, containing sensitive information that included Much personally identifiable information (PII).

Top Countries with Cybercrime Percentage

A lot of money is invested in protecting all this information in an online platform. With the number of people accessing information online increasing each day, threats to the information are also increasing, with the cost of online crimes estimated in billions. Following is an image showing the top 20 countries with appropriate cybercrime percentage levels.

Significance of the Study:

Significance of Cyber Security In every sector cybersecurity has its own Significance to secure companies’ data. Below are the reasons why cyber security is so Significant in what’s become a predominantly digital world:

  • Cyber-attacks can be extremely expensive for businesses to endure.
  • In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage.
  • Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using more sophisticated ways to initiate cyber-attacks.
  • Regulations such as GDPR are forcing organizations into taking better care of the personal data they hold.

Because of the above reasons, cyber security has become an important part of the business and the focus now is on developing appropriate response plans that minimize the damage in the event of a cyber-attack. But an organization or an individual can develop a proper response plan only when he has a good grip on cyber security fundamentals.

Scope of the Study:

Cyber Security is one of the rapidly growing infringements hitting the current reality. Associations and contraptions managing the establishment can be upset on a wide scale. As cyber criminals are ending up being more refined. With the global business environment shifting gears to online and cloud data storage and maintenance, the demand for cybersecurity is at its peak. This has amplified the need for cybersecurity experts, who are adept at and savvy with the latest developments in Artificial Intelligence and Data Science. The scope of cybersecurity has widened significantly in terms of skill sets and jobs.

Limitations of the Study:

Cyber security can be a costly affair as highly trained professionals are required. The latest security patches must be updated regularly with the latest security definitions, which is difficult to keep up with. To keep the system secure, a firewall must be configured appropriately, but it is a difficult task. As several security measures must be implemented appropriately, if done incorrectly it can even block legitimate users of the system.

Providing remote access is an essential element in the business, yet it can become a loophole for the business as the attacker may gain unauthorized access through this network.AI expansion is a challenge for cybersecurity, as robots are being developed in a manner to protect cyber-attacks from happening. Interconnectedness with the advent of IoT is a challenge for cybersecurity, as if the security of one device is compromised, it can easily self-replicate to all the connected devices.

Results and Discussion:

Traditional cyber security vendors often claim that attacks will happen and that there is no way to avoid them. They claim the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damages as soon as possible. With the right technologies in place, most attacks, even the most advanced ones can be prevented without disrupting the normal business flow. Top malicious file types worldwide in 2020. Top malicious file types worldwide 2020 | Statista30480036830000

Conclusion:

Cyber security is a vast topic that is becoming more important because the world is becoming highly interconnected, with networks being used to carry out critical transactions. Cybercrime continues to diverge down different paths with each New Year that passes and so does the security of the information. To summarize, information is a critical part of any organization, and investing in the right service provider keeps businesses in safe hands in the ever-expanding IoT (Internet of Things) world. A scalable and customized cyber security-driven business model includes disaster-recovery capabilities and secures data and the underlying infrastructure of the organization, thus building a safe barrier for the information even before it is attacked and saving the organization from a loss of billions of dollars that could result from the security threat. As there is no perfect solution for cyber-crimes but we should try our level best to minimize them to have a safe and secure future in cyberspace.

Recommendations:

The most basic cybersecurity plan should include the following security practices, at a minimum. The components of this plan are borrowed from the National Institute of Standards and Technology’s framework for improving critical infrastructure cybersecurity.

  • Standardized Policies and Procedures
  • Proper Identification, Authentication, And Access
  • Security Patch Management
  • Security Risk Management

LHDs should proactively establish standardized policies and procedures regarding requirements for managing the safety, effectiveness, and security of IT systems, including rules for password protection and data management. The LHD should audit the policies at least once a year to ensure compliance.

LHDs to identify system users and confirm that information is from a trusted source. LHDs should update software packages to fix preexisting bugs or vulnerabilities. The LHD’s computing policy should require that patches be installed as they become available; software companies often alert users or IT managers when a new patch is available.

LHD leaders should understand the IT staff’s process for patch management and communicate to all staff the importance of patch management. These exercises help to identify policies and issues that hinder or support cyber-attack mitigation response. LHD leaders should speak to IT staff about what process is in place to conduct security risk management.

References:

  1. ‘Cybersecurity [Book] – O’Reilly.’
  2. https:www.oreilly.comlibraryviewcybersecurity9781633697881.
  3. ‘Introduction to Cyber Security – Simplilearn.com.’ 01 Apr. 2021, https:www.simplilearn.comintroduction-to-cyber-security-article.
  4. ‘A Brief History of Cybersecurity | Sentinel One.’ 10 Feb. 2019, https:www.sentinelone.combloghistory-of-cyber-security.
  5. ‘Statement of the Problem.docx – Statement of the Problem ….’ https:www.coursehero.comfile93140259Statement-of-the-Problemdocx.
  6. ‘The Significance of Cybersecurity | Cybersecurity Automation.’
  7. https:www.cybersecurity-automation.comcybersecurity.
  8. ‘The limitations of Cybersecurity study. – Majestic Grades.’ 06 Jun. 2021, https:www.majesticgrades.comthe-limitations-of-cybersecurity-study.
  9. ‘Cyber Security Assessment Tools and Methodologies for the ….’ 27 Jan. 2012, https:www.nrc.govdocsML1206ML12060A141.pdf.
  10. ‘Cybersecurity: Analysis of Issues and Threats.’ 21 Oct. 2021, https:ukdiss.comexamplescybersecurity-issues-threats.php.

Cyber Security Thesis Statement Example

Executive Summary:

Cyber security has its unique role in securing information in every sector. Protecting information from hackers has become more challenging. The first thing that strikes in mind with the word hacker is cyber threats which is a major concern for every data handling organization. Various policies and regulation acts were being implemented by organizations and governments to prevent cybercrimes. The world is facing and required techniques and technologies to prevent them.

Over the years, the term Cyber Security has gained much importance and become a common part of each one’s life who is associated with a computer or a smartphone device. When people submit their data online, it becomes vulnerable to cyber-attacks or cyber-crimes. Moreover, cyber-attacks can happen over an external-facing DNS server or an internal firewall, which in turn affects the data within the enterprise that inherently causes significant damage to the business of the associated organization. Cyber Security offers security, from unauthorized access or exploitation, through online services to the massive data, associated appliances, and network that is used for communication. The Cyber Security Life Cycle is classified into various phases.

The main element of Cyber Security is the use of authentication mechanisms. For example, a username identifies an account that a user wants to access, while a password is a mechanism that proves the user is who he claims to be. Each year, Check Point Research (CPR) reviews the previous year’s cyber incidents to gather key insights about the global cyber threat landscape.

Introduction:

Introduction to Cyber Security

CYBER SECURITY refers to a set of techniques used to protect the integrity of networks, programs, and data from attack, damage, or unauthorized access. Cyber security is the protection of Internet-connected systems, including hardware, software, and data from cyber-attacks. It is made up of two words one is cyber and the other is security.

Cyber is related to the technology which contains systems, networks,s and programs or data.

Security is related to the protection which includes systems security, network security and application, and information security.

Cybersecurity is a process that’s designed to protect networks and devices from external threats. Businesses typically employ Cyber Security professionals to protect their confidential information, maintain employee productivity, and enhance customer confidence in products and services. Cyber Security involves protecting key information and devices from cyber threats. It is a critical part of companies that collect and maintain huge databases of customer information, social platforms where personal information is submitted, and government organizations where secret, political, and defense information are involved. It describes how personal and key government data is protected against vulnerable attacks that possess threats to important information, may it be on the cloud, or across various applications, networks, and devices.

Background Information:

For nearly two decades after the creation of the world’s first digital computer in 1943, carrying out cyberattacks was tricky. Yet, computer systems have suffered vulnerabilities for much longer. So, Cybercriminals have played a role for a long time as a threat.

Background of Cyber Security

Cybersecurity came into existence as a research project on ARPANET in the year 1972. Bob Thomas, a researcher, invented the first computer virus and named it “Creeper”. The Creeper moved across the network leaving a trail. Wherever it went, it printed the message “I’M THE CREEPER: CATCH ME IF YOU CAN”.

Ray Tomlinson, the inventor of email created the first antivirus called “Reaper”. Reaper would chase and delete the creeper along its trail. In the late 1990s, when the world entered online, computer viruses turned into serious threats from mere academic pranks.

Statement of the Problem Purpose:

Privacy and security of the data will always be top security measures that any organization takes care of. We are presently living in a world where all the information is maintained in a digital or a cyber form. Cybercriminals continue to target social media sites to steal personal data. Not only social networking but also during bank transactions there must take all the required security measures.

The world’s largest email validation company, Verifications.io fell victim to a major data breach due to an unprotected MongoDB database. Data from over 800 emails were exposed, containing sensitive information that included Much personally identifiable information (PII).

Top Countries with Cybercrime Percentage

A lot of money is invested in protecting all this information in an online platform. With the number of people accessing information online increasing each day, threats to the information are also increasing, with the cost of online crimes estimated in billions. Following is an image showing the top 20 countries with appropriate cybercrime percentage levels.

Significance of the Study:

Significance of Cyber Security In every sector cybersecurity has its own Significance to secure companies’ data. Below are the reasons why cyber security is so Significant in what’s become a predominantly digital world:

  • Cyber-attacks can be extremely expensive for businesses to endure.
  • In addition to financial damage suffered by the business, a data breach can also inflict untold reputational damage.
  • Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using more sophisticated ways to initiate cyber-attacks.
  • Regulations such as GDPR are forcing organizations into taking better care of the personal data they hold.

Because of the above reasons, cyber security has become an important part of the business and the focus now is on developing appropriate response plans that minimize the damage in the event of a cyber-attack. But an organization or an individual can develop a proper response plan only when he has a good grip on cyber security fundamentals.

Scope of the Study:

Cyber Security is one of the rapidly growing infringements hitting the current reality. Associations and contraptions managing the establishment can be upset on a wide scale. As cyber criminals are ending up being more refined. With the global business environment shifting gears to online and cloud data storage and maintenance, the demand for cybersecurity is at its peak. This has amplified the need for cybersecurity experts, who are adept at and savvy with the latest developments in Artificial Intelligence and Data Science. The scope of cybersecurity has widened significantly in terms of skill sets and jobs.

Limitations of the Study:

Cyber security can be a costly affair as highly trained professionals are required. The latest security patches must be updated regularly with the latest security definitions, which is difficult to keep up with. To keep the system secure, a firewall must be configured appropriately, but it is a difficult task. As several security measures must be implemented appropriately, if done incorrectly it can even block legitimate users of the system.

Providing remote access is an essential element in the business, yet it can become a loophole for the business as the attacker may gain unauthorized access through this network.AI expansion is a challenge for cybersecurity, as robots are being developed in a manner to protect cyber-attacks from happening. Interconnectedness with the advent of IoT is a challenge for cybersecurity, as if the security of one device is compromised, it can easily self-replicate to all the connected devices.

Results and Discussion:

Traditional cyber security vendors often claim that attacks will happen and that there is no way to avoid them. They claim the only thing left to do is to invest in technologies that detect the attack once it has already breached the network and mitigate the damages as soon as possible. With the right technologies in place, most attacks, even the most advanced ones can be prevented without disrupting the normal business flow. Top malicious file types worldwide in 2020. Top malicious file types worldwide 2020 | Statista30480036830000

Conclusion:

Cyber security is a vast topic that is becoming more important because the world is becoming highly interconnected, with networks being used to carry out critical transactions. Cybercrime continues to diverge down different paths with each New Year that passes and so does the security of the information. To summarize, information is a critical part of any organization, and investing in the right service provider keeps businesses in safe hands in the ever-expanding IoT (Internet of Things) world. A scalable and customized cyber security-driven business model includes disaster-recovery capabilities and secures data and the underlying infrastructure of the organization, thus building a safe barrier for the information even before it is attacked and saving the organization from a loss of billions of dollars that could result from the security threat. As there is no perfect solution for cyber-crimes but we should try our level best to minimize them to have a safe and secure future in cyberspace.

Recommendations:

The most basic cybersecurity plan should include the following security practices, at a minimum. The components of this plan are borrowed from the National Institute of Standards and Technology’s framework for improving critical infrastructure cybersecurity.

  • Standardized Policies and Procedures
  • Proper Identification, Authentication, And Access
  • Security Patch Management
  • Security Risk Management

LHDs should proactively establish standardized policies and procedures regarding requirements for managing the safety, effectiveness, and security of IT systems, including rules for password protection and data management. The LHD should audit the policies at least once a year to ensure compliance.

LHDs to identify system users and confirm that information is from a trusted source. LHDs should update software packages to fix preexisting bugs or vulnerabilities. The LHD’s computing policy should require that patches be installed as they become available; software companies often alert users or IT managers when a new patch is available.

LHD leaders should understand the IT staff’s process for patch management and communicate to all staff the importance of patch management. These exercises help to identify policies and issues that hinder or support cyber-attack mitigation response. LHD leaders should speak to IT staff about what process is in place to conduct security risk management.

References:

  1. ‘Cybersecurity [Book] – O’Reilly.’
  2. https:www.oreilly.comlibraryviewcybersecurity9781633697881.
  3. ‘Introduction to Cyber Security – Simplilearn.com.’ 01 Apr. 2021, https:www.simplilearn.comintroduction-to-cyber-security-article.
  4. ‘A Brief History of Cybersecurity | Sentinel One.’ 10 Feb. 2019, https:www.sentinelone.combloghistory-of-cyber-security.
  5. ‘Statement of the Problem.docx – Statement of the Problem ….’ https:www.coursehero.comfile93140259Statement-of-the-Problemdocx.
  6. ‘The Significance of Cybersecurity | Cybersecurity Automation.’
  7. https:www.cybersecurity-automation.comcybersecurity.
  8. ‘The limitations of Cybersecurity study. – Majestic Grades.’ 06 Jun. 2021, https:www.majesticgrades.comthe-limitations-of-cybersecurity-study.
  9. ‘Cyber Security Assessment Tools and Methodologies for the ….’ 27 Jan. 2012, https:www.nrc.govdocsML1206ML12060A141.pdf.
  10. ‘Cybersecurity: Analysis of Issues and Threats.’ 21 Oct. 2021, https:ukdiss.comexamplescybersecurity-issues-threats.php.

Introduction to Homeland Security and Defense: Analysis of Risk Management and Cyber Security

The United States homeland security environment is complex and filled with competing requirements, interests, and incentives that must be balanced and managed effectively to ensure the achievement of key national objectives. The key objective of applying risk management is to build security, safety, and resiliency into all aspects of Homeland Security planning. How does the Department of Homeland Security decide exactly what needs protecting and to what level the protection shall be? It all starts with the risk assessment formula and properly applying risk management principals.

Risk management plays a role in Homeland Security due to the wide array of threats and hazards out there. There is an ongoing debate about where we should direct our attention to (high probability/low consequence or low probability/high consequence) and where limited resources should be directed. This is something that DHS deals on a regular basis. First, Risk management is “the process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken. (DHS) The key principles for effective risk management includes Unity of Effort, transparency, adaptability, practicality, and customization. The safety, security, and resilience of the Nation are threatened by an array of hazards, including acts of terrorism, malicious activity in cyberspace, pandemics, manmade accidents, transnational crime, and natural disasters. Leaders in DHS and their partners in the homeland security enterprise must practice foresight and work to understand known and uncertain risks, as best they can, in order to make sound management decisions. Addressing these risks is a shared responsibility among all resources at all levels; Federal, state, local, tribal, territorial governments, private sectors, and every day citizens. Once certain risks are under consideration, “they should be properly documented, communicated to all stake holders, and then implemented into all supporting activities (such as strategic planning, budget development, resource acquisition and allocation, education and training, and creating partnerships, to name a few)” (APUS) The practice of risk management is useful in a way that we can see what kind of approaches is more effective and implement it when we need it. Risk management applications and planning includes strategic planning, Capabilities-based planning, resource decisions, operational planning, exercise planning, real-world events, and research and development. According to the Homeland Security Risk Management Process is comprised of the following: “Define the Context, Identify Potential Risk, Assess and Analyze Risk, Develop Alternatives, Decide and Implement, and Evaluate and Monitor.” (Homeland Security, p. 15) We also need to be aware that risk not only are from external sources, but we can have risk internally as well. Examples would be personnel reliability or systems reliability. Like I stated previously, the best way we can improve risk management is from collecting data that has brought us success which is vital when it comes to implementing a secure plan. This is utilized by the risk assessment formula which is R (Risk) = T (Threat) x V (Vulnerability) x C (Consequences). Which brings us back to high probability/low consequence risks or low probability/high consequence risks. This process plays a very important role because this is where we can determine where we can focus our resources on, threat anticipation, cost of damages, fatalities, how to avoid threats, and also budgeting.

Cybersecurity plays a huge role in our everyday life. Federal agencies and our nation’s critical infrastructures- such as energy, transportation systems, communications networks, and financial services- are dependent on computerized (cyber) information systems and electronic data to process, maintain, and report essential information, and to operate and control physical processes. Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. “CISA (Cybersecurity and Infrastructure Security Agency) coordinates security and resilience efforts using trusted partnerships across private and public sectors, and delivers technical assistance and assessments to federal stakeholders as well as to infrastructure owners and operate nationwide.” (DHS) Not only does CISA facilitates Critical Infrastructure vulnerability assessments, but they also provide training, and fostering sector partnership and international engagements. The Department of Homeland Security has laid out their seven guiding principles for accomplishing their cyber-security goals; risk prioritization, cost-effectiveness, innovation and agility, collaboration, global approach, balanced equities and nation values. Cyber-attacks are one of the new issues that our nation faces and I believe to be the most vulnerable. Every day, our enemies try to find a way to find a way to hack our nation’s defense through the internet and create chaos to the nation and our defense. Since this threat is basically still a new thing not only to this country but to the whole World, risk management/assessment plays a huge part to taking necessary steps in helping find ways to improve cyber-security. It is important that we continue to continually assess all the different threats to our nation.

Risk Management and Cyber Security both plays a huge role and goes hand in hand in accomplishing the mission for the nation. The nation’s Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery. “The policy of the United States to enhance the security and resilience of the nation’s critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” (Obama, 2013) It is almost impossible to eliminate a threat that you can’t see or know their approach to attack but with the risk management steps in place, formula, and procedures that the DHS has in place, we will be able to evaluate and take precautions to avoid certain situations.

References:

  1. Homeland Security (2010) DHS Risk Lexicon Retrieved from https://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf
  2. APUS (n .d.) Lesson 5: Risk Assessment and Management in Homeland Security Retrieved from https://apus.realizeithome.com/
  3. DHS (n.d.) Critical Infrastructure Security Retrieved from https://www.dhs.gov/topic/critical-infrastructure-security
  4. Homeland Security (2011) Risk Management Fundamentals Retrieved from https://www.dhs.gov/sites/default/files/publications/rma-risk-management-fundamentals.pdf
  5. Obama, B.(2013b). Presidential Policy Directive—Critical Infrastructure Security and Resilience. Retrieved from https://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-

Cyber Security Cost Effectiveness

Cybersecurity for any organization is one of its crucial aspects which needs to be addressed. The approach of the organizations towards their security mechanism does not help the organization to ensure the safety and also the methodology incorporated by the organization for securing the data and system is questionable as the efficiency of the system less and the cost of operations are at the higher ends (Knowles et al., 2017). The organizations need to understand the importance of an effective cybersecurity plan can not only enhance their security mechanism but also contribute in enhancing their company’s revenue by costing the cost margins that have been dedicated for security mechanisms.

The Aspects

The organizations should ensure the three-step mechanism which can significantly enhance their security mechanism and also ensure cost reductions which will make the overall system more effective. The initial step that the origination needs to ensure is the identification of the threat. The focus should be set on the identification of the top risk and the loss of risk scenarios, which should also incorporate the triage function that has the capability for the determination of the risks that are at the highest priority. The risk registers of the modern-day organizations are merely the dumping ground of the factors that the organization is concerned about which is not useful for the organization in any aspect as these aspects often add up to the risk table and make mitigation of risk more complex (Clinton & Barrack 2019). Having many issues listed in the risk matrix of the organization will initiate the triggering of noise that will distract the attention from the main and the crucial aspects.

The second step that the organizations need to emphasize on incorporates the measurement of the real terms that, for example, the loss exposure that the risk represents. The step is the crucial factor as it corresponds to the overall strategy of the organizations with respect to mitigation and management of the risk factors (Davis, 2019). The organizations should have a strategic approach. The organization should also ensure an effective cost-benefit analysis has been done by the organization that can determine the overall cost-effectiveness of the methodology incorporated for the security and safety mechanism.

The final step that needs to be taken into consideration includes the organizations dealing with cybersecurity should identify the crucial issues which can be dealt with by the organizations at first. The emphasis must be projected on the team which is responsible for the management and mitigation of the risk, and the team needs to behave a critical approach towards the nature of the risk and the issues that the risk addresses (Such et al., 2016). Based on risk basis or ground rules have been set, there shall be the implementation of the risk leader to manage and mitigate the issues.

Conclusion

Decision making in the organization, especially when the decision impact the safety and security of the organization should also be scrutinized which should ensure proper and effective decision have been taken with respect to the management and mitigation of the risk, hurried decision making often gives rise to the factor that has abnormalities. These steps if considered by the organization ensures the cost effectiveness and an effective solution for cybersecurity of the organization.

References

  1. Clinton L. & Barrack S. 2019. Managing Cyber Risk: A Handbook for UK Boards of Directors, in Aig.co.uk, viewed 17 December 2019.
  2. Davis J. 2019. The Challenges and Need for a Cost-Effective Risk Management Program, in HealthITSecurity, viewed 17 December 2019.
  3. Knowles W., Such J.M., Gouglidis A., Misra G. and Rashid A., 2017. All That Litters Is Not Gold: On the Effectiveness of Cyber Security Qualifications. IEEE Computer, 50(12), pp.60-71.
  4. Such J.M., Gouglidis A., Knowles W., Misra G. and Rashid A., 2016. Information Assurance Techniques: Perceived Cost Effectiveness. Computers & Security, 60, pp.117-133.