Discussion Board Posts
- You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?
As the Chief Information Security Officer of a publicly traded company, making sure that the availability of our systems is basic foundation to preserving trust, operational functions, and advantage. I would implement a multi-strategy approach that includes redundancy, proactive monitoring, and rapid incident response. To Start I would have a redundant pair of data centers, with distributed cloud capacities strategically positioned to provide geographic separation between the two, would minimize the number of possible single points of failure. High-availability configurations such as failover clusters (which will take over when one node fails) and load-balancing equipment (to redistribute traffic from a congested interface) carry out this task automatically. The second layer of defense involves installing systems to make it difficult for attacking networks, as well as setting up network-y (OS fingerprinting) to name but a few protective measures, in order to resist external attacks that want to cut off services. Third, a disaster recovery plan vigorously tested and regular automatic backups can ensure that crucial data rapidly comes back after an incident. Moreover, continuous monitoring of performance and real time alarm systems should keenly catch any signs of malfunctioning before small incidents grow into major problems. In addition, scheduled security audits, training for staff, and exercises simulating the effect of attacks are all means to tighten our system further. Together, these preventive steps build up a durable environment that keeps resources available, off loads risk, and maintains confidence of stakeholders including investors too while meeting the regulatory standards expected of companies trading their shares on public markets. Not only will these measures protect against interruptions, but they will also help secure long-term stability and excellence of business operations.
- How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p217) and networking of the material world?
With these things, state power is declining, and the material world is becoming increasingly intelligified and networked, so regulation will have to keep up or be based on the same decentralized and fast moving basis as technology itself. With the advent of smart devices, algorithms and digital platforms facilitating human interactions and social relationships, traditional top down governance is becoming inadequate. Humanity must hold markets and businesses accountable not only for their economic impact (for example, in terms of job losses, but also in terms of how they ethically use the data they accumulate and the social impact of their technologies. In a similar vein, people and organizations require more extensive guidelines and digital literacy to interact and engage responsibly in an increasingly hyper connected world. In a data driven world increasingly subject to intelligent systems, regulation should be more multi system, proactive, and tech savvy, engaging stakeholders on both sides of the digital divide to cut fair use, privacy and democratic oversight at the path.
- From this week’s Jonas Reading: How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?
In light of the “short arm” of predictive knowledge that Jonas writes about, we should handle the crafting of cyber policy and infrastructure with an acute sense of precaution and moral obligation. Since we cannot fully anticipate the long term effects of new technologies, especially in rapidly advancing areas like cybersecurity, our policies should be nimble, flexible, and focused on a commitment to minimizing risks of harm. It means valuing resilience, transparency, and inclusivity in the decision making method, while also considering the larger social and environmental challenges that may not be apparent at the moment.