CYSE 300

Introduction to Cybersecurity

This course allows students to examine a broad range of computer security issues and provides the student with technical knowledge not normally addressed in traditional training. It explores the protection of proprietary information and security planning with an emphasis on networked computer vulnerabilities. It also focuses on detection (e.g. viruses, hackers, types of computer crime, computer forensic examination, etc.), as well as disaster recovery and technology law. Emphasis is placed on the security of systems and computer crime prevention. Also addressed is the maturing criminal population with increased computer literacy, whose tendency is to move from violent actions to more profitable computer crime. Finally, issues of privacy and freedom of information are examined.

Course Goal

At the end of this course, you will have a firm foundation in the cybersecurity field. Both the technical aspects of cybersecurity, as well as security management issues will be an integral part of this course as it applies to criminal justice, political science, information systems, and accounting/business systems. Ongoing changes to the field of cybersecurity will be introduced and reviewed during the term through Discussion Forums and writing assignments.

Course Objectives

  • Identify and prioritize information assets.
  • Identify and prioritize threats to information assets.
  • Define an information security strategy and architecture.
  • Plan for and respond to intruders in an information system.
  • Describe legal and public relations implications of security and privacy issues.
  • Present a disaster recovery plan for the recovery of information assets after an incident.

Course Material

LAB ENVIRONMENT

Each student is expected to complete online cybersecurity labs from InfoSec Learning.  An InfoSec Learning lab access code will be e-mailed to each student during Week 4 of the course. You will receive this access code from either the course instructor or the ODU Bookstore.

COURSE TEXTBOOK

The following e-textbook can be accessed from the “BryteWave Course Materials” section of the course Canvas site at the start of the term:

Fundamentals of Information Systems Security 3rd Edition
by David Kim and Michael G. Solomon
ISBN-10: 9781284116458
ISBN-13: 1284116458

The cybersecurity laboratories include the following:

  • Performing reconnaissance and probing using common tools;
  • Performing a vulnerability assessment;
  • Enabling Windows Active Directory and user access controls;
  • Using group policy objects and Microsoft Baseline Security Analyzer for change control;
  • Performing packet capture and traffic analysis;
  • Implementing a business continuity plan;
  • Using encryption to enhance confidentiality and integrity;
  • Performing a website and database attack by exploiting identified vulnerabilities;
  • Eliminating threats with a layered security approach; and
  • Implementing an information systems security policy.

Short Research Papers

Short Research Paper 1: Perform research on a significant cybersecurity breach within the past ten (10) years.  Use the ODU library and/or appropriate Internet resources to perform content discovery.  After you have completed reading through the research materials, write a 1-3 page paper discussing the specific cybersecurity breach. The paper needs to address the following:

  • What were the cybersecurity vulnerabilities?
  • What threat(s) exploited the vulnerabilities?
  • What were the repercussions of the incident?
  • What cybersecurity measures could have been taken to mitigate the consequences or prevent the incident?

Equifax 2017 Cybersecurity Breach

By Adam Haas

9/5/2023

CYSE 300 15767

A Cybersecurity breach of significant proportions affecting American consumers was announced by Equifax in September of 2017. Personal identifying information, personal financial information, and credit card numbers were compromised and affected over 146 million U.S. consumers. (Daswani & Moudy Elbayadi, 2021). This breach also led to a major loss in public confidence and 50 class action lawsuits were filed within the first 10 days (Pike, 2017). These kinds of breaches contribute to the public’s lack of trust in companies’ capacity to protect and secure their livelihoods. 

This hack, perpetrated by members of the Chinese People’s Liberation Army, exploited a software vulnerability CVE-2017-5638 that gave them extensive, continued access to highly sensitive consumer information.  Over the course of several months, four individuals were able to continuously request access to and collect personal information affecting and potentially jeopardizing American’s financial, professional, and political positions (Daswani & Moudy Elbayadi, 2021).

The key vulnerability that allowed attackers initial access to Equifax servers was through a third party server managed by Apache Struts which was out of date and needed to be patched. This vulnerability had the most critical rating of 10 in the Common Vulnerability Scoring System “because it let anyone anywhere else in the world issue any command to the server that they wanted” (Daswani & Moudy Elbayadi, 2021).  There were several other breakdowns within Equifax’s system that allowed hackers’ continued and extensive penetration to go unnoticed with increasing access to consumer information for this extended period of time. If these additional vulnerabilities had been acted upon by Equifax, it could have mitigated or prevented the breach of sensitive private information. These additional vulnerabilities consisted of the use of the McAfee vulnerability scanner despite being end-of-life, not patching the software immediately after the weakness was identified, using an email system to identify vulnerabilities versus a robust ticketing and tracking process, renewing security certificates in a timely manner, using the principle of least privilege, and using important countermeasures (Daswani & Moudy Elbayadi, 2021). The company’s lack of action in these outlined areas contributed to the damage and scope of the breach and process breakdowns that made the intrusion so damaging to Equifax’s security of private information. 

The multifaceted breakdown of Equifax’s security system led to this cybersecurity breach being one of the worst of our time. Consumers have greater confidence in companies’ operations, processes, and procedures when information systems and a consumer’s right to privacy are made a top priority via cybersecurity.

Works Cited

Daswani, N., & Moudy Elbayadi. (2021). Big breaches : cybersecurity lessons for everyone. Apress.

Pike, G. (2017, November). Equifax: Yet Another Data Breach. Information Today, 17. EBSCOhost.

Equifax-2017-Cybersecurity-BreachDownload

Short Research Paper 2: You have been asked to design a security policy for a corporate information system consisting of on-premises web, application, and database servers.  The database servers store very sensitive data that must be protected. Discuss five important issues that should be addressed in the security policy.

Perform research on information system security policies.  Use the ODU library and/or appropriate Internet resources to perform content discovery.  After you have completed reading through the research materials, write a 1-3 page paper describing the five important security policy issues.

5 Key Areas of a Corporate Security Policy

By Adam Haas

CYSE 300 15767

September 15th, 2023

 

Building a solid security policy to protect a company’s network and information should be considered a primary goal in protecting systems and IT assets.  Five major aspects to include in this policy are data encryption, firewall usage, a disaster recovery plan, logging, and using network intrusion detection software to ensure that systems stay functioning and are protected from unwanted access. This paper outlines why each of these topics are important additions to this critical policy.

One of the most important ways to secure a company’s sensitive information and intellectual property is through data encryption. Using encryption inhibits unsanctioned access of private information and exposure. Keeping information secure while it is in storage and while it is being transferred is paramount to a security policy. The key to having effective encryption of data relies on every bit of ciphertext, all parts of the key, and the entirety of the plaintext being completely intertwined. This is achieved when no statistical correlation between ciphertext and plaintext can be found (Vacca, 2009/2014). Keeping all data encrypted on a network is one of the key first steps in developing a solid security policy.

Having a firewall protect the internal networked system is crucial in preventing unwanted access and attacks to a company’s critical infrastructure. A firewall protects a system by segmenting the network into different areas. Separating the framework to keep distance between parts that need access to the internet from parts that are better suited operating on the internal network keeps a barrier shielding the inward sytem from the outward facing parts (O’leary & Springerlink (Online Service, 2019). Using firewalls is key to a security policy because it protects and separates areas of a company’s critical infrastructure by keeping core systems apart from more vulnerable systems.

Disaster Recovery is critical to maintaining stability when unforeseen and unexpected circumstances take a company’s critical IT infrastructure out of function, these risks include anything from natural disasters to malicious attacks. A component of a good security policy is having a solid disaster recovery plan dictating a strategy to handle the unexpected. The physical and digital environment is constantly changing, requiring businesses to continuously reassess their risks and vulnerabilities and implement creative plans that continuously adapt to these changes. Having a well planned strategy offers assurance of what to do when unanticipated scenarios occur which in turn helps to prevent catastrophic failures and shutdown. Organizations rely heavily on the IT department to understand, fix, and continue the function of systems when the disasters and disruption bring critical infrastructure out of function (Vacca, 2009/2014). A solid disaster recovery plan is critical to a security policy because it gives confidence and direction if unexpected situations occur. 

Logging should be considered when developing IT infrastructure because it helps show the network’s usage, providing information like who is using it and how the system is being utilized. Understanding IT traffic through logs is critical to understanding what is happening and what has already happened on a system. A solid, robust logging system helps to identify incoming attacks and debug network issues. Logs can help identify how attackers break into the system, the scope of systems affected, and how to fix the vulnerability. Logging can be a deciding factor in identifying where and how weaknesses are being exploited (Lockhart, 2004). Utilizing this tool in a security policy helps a company protect its system through documentation and transparency.

Another valuable tool to include in protecting IT systems is using network intrusion detection software. This software helps monitor traffic on networks for detection of suspicious behavior. Utilization of this software can help identify attacks before they are able to reach their intended target and cause harm to a system’s security. Some detection software monitors for byte patterns that have been previously identified with known attacks and other software analyzes packets that fall out of the normal network data patterns. Having a plan to use this type of software is helpful for companies to stay in front of attacks before they can be fully carried out (Lockhart, 2004). Network intrusion detection software is vital because it enables real time alerts and notifications when unusual traffic is taking place promoting the likelihood that attacks will be identified and dealt with before they have been fully executed.

Keeping a company’s digital systems functioning and protected is becoming increasingly more important and challenging because of the development of new technologies and software. Encryption, firewalls, disaster recovery, logging, and intrusion detection are some of the principal ways to ensure digital safeguards and should be included in a company’s IT toolbox. Having a strong well-conditioned security policy can make or break a company between success and failure.

Works Cited

Lockhart, A. (2004). Network security hacks. O’reilly.

O’leary, M., & Springerlink (Online Service. (2019). Cyber Operations : Building, Defending, and Attacking Modern Computer Networks. Apress.

Vacca, J. (2014). Cyber security and IT infrastructure protection (First). Steven Elliot. (Original work published 2009)

5-Key-Areas-of-a-Corporate-Security-PolicyDownload

Discussion Posts

Module 1: What is the defining difference between computer security and information security?  Why can we argue that information security is really an application of social science?

Initial Post

The defining difference between computer security and information security is the goal of what is being protected. Computer security is an attempt to protect the infrastructure of the computing needs of a person or a group. This would include protecting the hardware and software from unwanted access, control, and changes. While information security is an attempt to protect the intelligence held by a person or a group of people. This would encompass any data or details that are intended to be kept private for a number of reasons. Information is represented many times through language, symbols, and images  which are some of the ways that people communicate and share intelligence with one another. Wanting to prevent unwanted access of information due to what people may do with it in there interactions in society is why I would argue that the security of information is an application in social science.

Response

The technological aspect is where you made an excellent point in separating the differences in these two types of security. Computers security relies heavily on the technologies used to protect it. Information can be stolen or accessed with technology but it doesn’t have to be. A person verbally sharing information that should be kept secure might not rely on technology at all. 

Module 2: In your opinion, what are the biggest IoT security risks and challenges?  Cite resources and references that back up your assertions.

Initial Post

We have many challenges to work through as new IoT devices become more ubiquitous and commonly used. As new technologies arise to make it easier to solve problems and assist in completing tasks some challenges and risks will continue to be a problem that needs to be addressed. New devices that are being used and adopted are growing quickly, perhaps even faster than cybersecurity personnel can test and vet these new systems. It will be challenging to track and fix any problems that arise from this wide array of technology. Many new IoT devices don’t include security features or software to protect the consumer’s information. With all of these new devices and uses comes security vulnerabilities that will need to be found and patched. This will be a major challenge in training and hiring a workforce big enough to deal with security concerns with new devices and software. Finally many users don’t take the time to set up their new devices properly or maintain them which could leave private information open for hackers to exploit. Even if software is maintained by the manufacturer there still could be difficulties ensuring the user will patch and update software faster than attackers can infiltrate and steal sensitive information.

https://www.avast.com/c-iot-security-risks

Response

Lack of wide spread standardization is a major issue facing the future of IoT and the protection of information that is gathered by devices. Without a set of rules and guidelines that are considered best practice new companies and developers could produce and release technologies that have major flaws and problems. Required testing and regularly updated software will be needed to ensure there aren’t vulnerabilities that could be exploited unethically.

Module 3: What is the difference between a threat and an attack?  How do exploits relate to vulnerabilities?  Is there an ethically acceptable reason to study and use the various attack methods described in this module?

Initial Post

According to the notes “a threat is any action that can damage or compromise an asset.” Threats can be actions that are malicious or accidental. While, attacks are a type of threat that has malicious intent.

Exploiting something is attempting to benefit from that something’s flaw. Vulnerability can be used synonymously with weakness.  Exploiting a vulnerability is someone trying take advantage of a weakness or a deficiency.

An ethical reason to study various attack methods would be to find and identify where potential risks and weakness are within a system to identify where mitigation and increased security should be applied. People that attempt to complete these kinds of ethical cyberattacks through pentetration testing are called white hat hackers.

Response

Your first paragraph makes a really good point. A threat is where there is potential for a specific harm to come to a system. While an attack is a situation where there is actually an attempt to take advantage of vulnerabilities in a system. Attackers are acting on a system to break into it in ways that are unintended by it’s creators. A threat is just the possibility that harm or unintended intrusion could be attempted on a system.

Module 4: The decision to escalate incidents to law enforcement is an area fraught with conflict. In your opinion, what are the pros and cons of law enforcement involvement?  What resources and references can you cite to back up your assertions?

Initial Post

The pros and cons of law enforcement getting involved in cybersecurity are constantly changing and developing as we transition into new types of digital communities and interactions because of new technological advancements. A major pro to police involvement in cybercrime is their legally bound duty to serve and protect the rights of citizens and companies. Law enforcement was created and is backed and supported by the laws made to ensure equal rights and access to the pursuit of happiness by the entities that make up the governed body. This reason makes it a great resource to help investigate and hold accountable entities that try things like theft, unsanctioned access to data and systems, and manipulation of information and digital resources. However, a con to relying on law enforcement to respond to digital malfeasance may be giving up privacy and civil liberties to ensure protection, support, and justice. A company or a person may want to keep their information private but an investigation into cybercrime may need to uncover private data in order to pursue and catch cybercriminals.

Balkin, J., Grimmelmann, J., Katz, E., Nimrod Kozlovski, Wagman, S., & Zarsky, T. (2007). Cybercrime. NYU Press.

Response

Your point about requesting law enforcement’s help in investigating cybercrimes resulting in possible bad press is a great example of why companies may not want to call the police in some situations. Companies wishing to prove their ability to protect their systems and data could be exposed as vulnerable by information uncovered in a cybercrime investigation. This sort of exposure could cause customers and patrons of the exposed company to want to switch to other providers that haven’t had similar exposures of vulnerabilities.  A lack of public trust could drive down a company’s ability to be successful.

Module 5: What are the benefits and risks of the use of SSO?  Specify measures that can be taken to better secure an SSO system.

Initial Post

Single-sign on is where a system uses one set of ID and authentication to allow users to login to multiple systems on the same network. Using this system has benefits and risks associated with this type of access control. The SSO process is efficient because users don’t need to repeatedly login as they switch between applications. This system also makes it easier for users to pick more challenging passwords since they will only need to remember one versus multiple. A potential risk is compromised login credentials would allow access to to multiple systems across the network. Another challenge associated with SSO could be a failure at the access point which could block the usage of multiple if not all system applications. Some safe guards that could be put in place to strengthen a single-sign on system could be using two-factor verification to make it more difficult for logon credentials to be compromised and using back-up redundancy for servers that manage logon system access to prevent loss of network access if technical difficulties arise on one system access server.  

Response

The point you made about having a strong password policy to protect system access from vulnerabilities would be a positive control to help support and protect the use of single-sign on system access. Passwords should be required to use at least 8 characters that utilize and require special characters, case-sensitivity, and the use of numbers to make them more difficult to crack. Also, having a requirement on periodic password changes will also help prevent continued access from undiscovered authentication compromise.  

Module 6: Imagine you are a manager responsible for implementing a significant cybersecurity-related technology change within an organization. What are the potential reactions to this change?  Indicate one way in which you would minimize the impact of adverse reactions within the change management process. Provide support for your recommendation.

Initial Post

Chapter 6  highlights the human element as one of IT security staff’s greatest challenges. Staff generally want to do what’s best for their organization. However, staff will often try to bypass security if they feel like it compromises their productivity. When implementing a major cybersecurity-related change within an organization, a change control committee should be utilized to direct training and communication for all affected staff through a security awareness program. This could be used to educate staff on the importance of the change and why it is key to cooperate and follow the new processes. Using examples of noncompliance and possible outcomes can help communicate the necessity of participation to ensure security and success. Since employees usually want their organizations to be successful, well-planned and communicated security awareness training as part of the change management processes is key.

Response

The points raised about employee’s reactions to change including frustration, lack of understanding, and productivity are terrific examples of why the human element is one of the greatest challenges IT personnel face. Many people don’t understand how easily non-compliance can be taken advantage of putting their company and work at risk. Training to encourage understanding and support can go a long way in making security changes successful. 

Module 7: System monitoring and the use of network traffic log files are extremely important for gauging baseline performance and observing events.  Why does identifying abnormal behavior first require having a baseline?  What can a log file show that lends insight into abnormal behavior?

Initial Post

Chapter 7 of our textbook describes baselines as being able to discern what is normal versus abnormal. It is difficult to determine what unexpected abnormal behavior is without defining what a normal expected behavior or a “baseline” should look like. Once an organization defines what is normal and expected it can set its baseline accordingly. Businesses can use anomaly based IDS software (intrusion detection system) to help identify when abnormal activity is detected on a network. It is able to do this through comparing activity on the network against profiles of normal activity. The IDS will then flag anything that doesn’t match those normal profiles for further review. The IDS will flag and alert on logs noting deviations from normal activity, attacks, floods, and deviations from protocols.

Response

Your inclusion of the four main types of logs to inspect are a terrific example of types of information a cybersecurity team should want to track and compare against determined baselines. Event logs will help show when strange activity is detected on the systems operating system or software. Access logs will show who and what are accessing resources. Security logs will help determine when security events occur like too many logon attempts take place. Audit logs help determine events and activities sought specifically for an audit. All of these logs help to track incidents, attempted attacks, and user accountability.

Module 8: What is the best value that should be assessed when evaluating the worth of an information asset to the organization – replacement cost or lost income while repairing or replacing?  What is the likelihood value of a vulnerability that no longer requires consideration? Cite resources and references that can support your assertions.

Initial Post

A Business Impact Analysis (BIA) should be conducted to asses the costs of its information assets and to help determine the best course of action in the case of an incident or a complete disaster where the asset becomes damaged or destroyed. Some other components to determine and include in the BIA is the Single Loss Expectancy (SLE), Asset Value (AV), Exposure Factor (EF), Annualized Rate of Occurrence (ARO), and the Annual Loss Expectancy (ALE). Multiplying the AV by the EF will give the SLE, the amount that would be considered a loss if the asset needed to be replaced. The SLE weighed against the ARO will help determine the likely frequency and cost of replacing an asset annually. This will help determine if it makes more sense to repair or replace an asset if there are excessive loses through the ALE. Another tool to help determine costs of loses would be to use the Maximum Tolerable Downtime (MTD) and the Recovery Point Objective (RPO). The MTD should be weighed against the RTO to ensure the most cost efficient solution is recommended. If it is determined by the BIA that a vulnerability is more costly to counter than secure it is not needed for consideration. Countermeasures that have higher costs than the protected asset is a waste of resources. 

Kim, D., & Solomon, M. (2018). Fundamentals of Information Systems Security. Jones & Bartlett Learning.

Response

This explanation answers the question to determine what the best course of action should be.  The businesses lost of function has to be weighed into the equation of repair or replace costs. There are many factors that could affect the final cost of changing or repairing an asset. All affected factors should be quantified as much as possible to ensure that the business is accounting for all possible loses regarding the change that is made. One of the outcomes of quantifying all costs involved could result in a recommendation of “no change” if the benefit is outweighed by the costs of the change.

Module 9: PKI is used extensively in the U.S. federal government. However, it has not caught on in the business and commercial sectors.  Why is this the case?  In your opinion, what is the future of PKI?  Do alternate methods such as those proposed by the FIDO Alliance (URL: https://fidoalliance.orgLinks to an external site.) offer a viable alternative to PKI?

Initial Post

Public Key Infrastructure (PKI) hasn’t caught on with many business and commercial sectors because the lack of practicality of utilizing all key management components to utilize a full spectrum of security has prevented widespread use and adoption. Consumers haven’t had positive experiences with the user experience and online companies have associated adoption with higher costs and overly complex solution development. However, the FIDO Alliance’s mission has focused on development that is open, scalable, and interoperable in securing passwords for authentication. This alliance is focused on worldwide success and sensible, accepted, widespread standard adoption. FIDO has had over 600 businesses sign on for participation and users have more widely accepted the user experience. This has helped prove the point that alternative methods to PKI password and key authentication will likely be adopted by businesses and users alike.

“FIDO Alliance – Open Authentication Standards More Secure than Passwords.” FIDO Alliance, fidoalliance.org/.

Kim, David, and Michael Solomon. Fundamentals of Information Systems Security. 3rd ed., Burlington, Ma, Jones & Bartlett Learning, 2018, pp. 323–313.

Response

Your point on the complexity and high costs of using PKI summarizes what the issues are and why it is preventing widespread adoption. Most companies will not want to hire high-level technical staff to build and maintain this kind of authentication system. It would be difficult to continue to pay and maintain the staff needed for building and support.  The issues related to new and developing technologies that could threaten the use of PKI algorithms should be analyzed more closely to ensure that resources aren’t spent on potentially obsolete security protection. 

Module 10: Internet Protocol Version 6 (IPv6) was designed to address the limitations of Version 4 (IPv4).  What cybersecurity-related enhancements have been incorporated into IPv6?  The adoption of IPv6 has been pretty slow across both the public and private sectors.  What reasons can you attribute to this?  Cite resources and references that support your assertions.

Initial Post

IPv6 the latest version of the internet protocol was created to address the limitations from the last adopted version IPv4 by handling packets more efficiently, enhancing its functionality, improving security, and increasing the quantity of valid address numbers. Complexity, costs, and time are all reasons that businesses have been slow to adopt IPv6. Enterprise resistance from transition to new IPv6 addresses is leading the slow adoption of this change. Many companies don’t want to be the test subjects trying out this new protocol in fear that unknown and untested challenges on their networks could be avoided by planning around the problems found during more widespread adoption. Another factor that has lead to slow adoption is lack of push from customers. Once more companies have switched over to use IPv6 as their dominant address type, companies will begin charging for use of old IPv4 addresses fueling faster and more widespread change.

Shaw, K., & Fruhlinger, J. (2018, September 27). What is IPv6, and why aren’t we there yet? Network World. https://www.networkworld.com/article/3254575/what-is-ipv6-and-why-aren-t-we-there-yet.html

Response

The point raised about the built-in security of IPv6 is a point that should help increase more widespread adoption of the new address changes. Companies are trying to wait out some of the transition to see what challenges come out for others who have already transitioned. Once the version has been more widely utilized and tested there should be faster adoption due to the many benefits IPv6 offers. The built-in security ensured through the adaptation of encryption and authentication will add another layer of protection for companies that will help incentivize widespread utilization.

Module 11: Describe some actions or techniques that can be used to mitigate or stop the impacts of malicious applications.  Are some of these methods more effective than others?  Provide an example of a cyber attack that resulted from the execution of malicious code.  There are plenty of examples that can be queried from the Internet.

Initial Post

There are many different techniques and actions that can be taken on to mitigate and stop malicious applications from attacking a computer or a network. One of the best approaches to prevent malicious attacks is a defense-in-depth approach which has multiple levels of defense where an attacker or malicious application would need to break through each layer to cause the most harm. Intrusion Detection Software can be a great choice to prevent attacks through sending alerts to IT personnel when abnormal activity is detected. Antivirus software is another crucial safeguard from attacks where data is being continuously scanned for known malicious code. Each type of mitigating technique to prevent harm from malicious applications addresses different vulnerabilities to computer systems. Using just one technique isn’t a good approach to preventing attacks because hackers will try other ways and break through vulnerabilities that aren’t protected from the one technique used. This is why a defense-in-depth approach should be used to protect computer systems. In February 2020 the Toll Group announced it had one of the worst attacks of the year carried out on them. Two different unconnected ransomware attacks were carried out on the Toll Group within a three month period. Ransomware attacks are where malicious code attacks a computer limiting authorized users from accessing data using encryption.

Waldman, A. (2021, January 5). 10 of the biggest cyber attacks of 2020. SearchSecurity. https://www.techtarget.com/searchsecurity/news/252494362/10-of-the-biggest-cyber-attacksLinks to an external site.

Kim, D., & Solomon, M. (2018). Fundamentals of information systems security (3rd ed., pp. 363–391). Jones & Bartlett Learning.

Response

The options highlighted to mitigate and stop malicious applications are all great examples of ways to help prevent attacks. The point about no one approach is enough relates to this weeks reading about defense-in-depth. Computer systems need many multilayer safeguards to prevent unwanted intrusion. Security should never rely on one catch all approach for protection. If just one approach is utilized there likely will be attacks made through unrealized vulnerabilities. 

‌Module 12: The NIST CSF (URL: https://www.nist.gov/cyberframeworkLinks to an external site.) was developed to provide “a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.” Do businesses and government agencies need to utilize such a framework to maintain a proper cybersecurity posture?  Can an organization mitigate cybersecurity risks without incorporating such a framework? Cite resources and references that back up your assertions.

Initial Post

NIST’s own quick start guide for using the cybersecurity framework states that it isn’t a one-size-fits all approach. However, it is intended for any and all organizations to help improve their cybersecurity posture. If organizations choose to build their own plan to mitigate cybersecurity risks they should at least consult the NIST Cybersecurity Framework to ensure that all areas of concern are addressed. The Framework is composed of 5 key functions identify, protect, detect, respond, and recover. If an organization ignores a risk exposing themselves to a well-known vulnerability they could be opening themselves liability and extensive challenges.

NIST. (2023). Quick Start Guide. NIST. https://www.nist.gov/cyberframework/getting-started/quick-start-guide

Response

The NIST Framework does make sense to use as a resource since it is a set of guidelines created to help prevent and mitigate cyber-attacks and threats. Your point about the guidelines being free resource for government and business is important.  Cybersecurity departments can pick and choose how much they want to adapt from the Framework and how much they want to develop apart from it. Organizations can benefit from comparing their mitigation efforts to the recommendations explained in NIST’s Framework to help ensure they are aligning their efforts to security with best practice.

Module 13: The Health Insurance Portability and Accountability Act (HIPAA) Security Rule establishes a national set of minimum security standards for protecting all electronic private health information (ePHI) that a Covered Entity (CE) and Business Associate (BA) create, receive, maintain, or transmit. The Security Rule contains the administrative, physical, and technical safeguards that CEs and BAs must put in place to secure ePHI. With that in mind, what types of information system components need to be heavily scrutinized to help protect the confidentiality and integrity of ePHI?  What types of controls would you recommend implementing to safeguard ePHI?  Cite resources and references that back up your assertions.

Initial Post

HIPPA’s security rule allows CEs and BAs flexibility in creating safeguards to protect ePHI. However, if applicable, the rule gives instructions on how the three areas of administrative, physical, and technical safeguards must be implemented. Administrative safeguards make up half of the security rule’s required safeguards. Some important administrative safeguards would include a security management process, security personnel, information access management, workforce training and management, and evaluations. Physical safeguards include facility access and control and workstation and device security. Technical safeguards include access control, audit controls, integrity controls, and transmission security. 

U.S. Department of Health & Human Services. (2022, October 19). Summary of the HIPAA Security Rule. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

Kim, D., & Solomon, M. (2018a). Fundamentals of information systems security (3rd ed., pp. 464–466). Jones & Bartlett Learning.

Response

You gave a lot of great examples of technical safeguards that can be used to protect ePHI. Using encryption helps protect information that is being transmitted electronically. Firewalls would help prevent unauthorized access to systems that contain health information. Using antivirus software would help prevent malicious code from being loaded onto systems that could compromise protected data. Intrusion Detection Software can be a great tool that helps notify IT personnel if abnormal activity is identified on a network.

Module 14: What avenues should an aspiring information security professional use in acquiring professional credentials?  Cite resources and references that back up your recommendations.  You can watch the following videos to help answer this topic:

Expect Career Success with CompTIA Security+Links to an external site. [Alternate LinkLinks to an external site.]

Links to an external site.Top 10 IT Certifications for Security Cleared Professionals Links to an external site.[Alternate LinkLinks to an external site.]

DoDD 8140 – Cyberspace Workforce Management Links to an external site.[Alternate Link]Links to an external site.

Initial Post

The videos listed as prompts for this exercise do a fantastic job giving many examples of where to look for cybersecurity education opportunities for employment. The CompTia Security+ certifications is a great first step. It is listed as the number one best certification for employers because it widely accepted and supported by businesses, Department of Defense, and the FBI. In the video “Top 10 IT Certifications for Security Cleared Professionals” the video ranks the top certifications that can lead to better knowledge, understanding, and employment in the cybersecurity field giving some positive aspects of each. Another place to look for better security knowledge and higher employment aspects is the DoD directive 8570 and directive 8140 both give great examples of required and encouraged certifications in working with secured federal networks. The National Initiative for Cybersecurity Careers and Studies map the different careers based on category and recommends good certifications and education that is applicable to each. For people interested in cybersecurity degrees a little research is required to ensure you are applying time, energy, and effort wisely to obtain the types of certification and educations that will be the most beneficial and helpful in achieving a cybersecurity career.

dodd 8140 cyberspace workforce management. (n.d.). Www.youtube.com. Retrieved June 22, 2023, from https://www.youtube.com/watch?v=ovfxanMTJzU

Expect Career Success with CompTIA Security+. (n.d.). Www.youtube.com. https://www.youtube.com/watch?v=efjm7j4WeXE

Top 10 IT Certifications for Security Cleared Professionals. (n.d.). Www.youtube.com. https://www.youtube.com/watch?v=ptVOp9KKnKU

Response

The certification programs you listed are the top rated and recognized program for people who are or are interested in working in cybersecurity. The most common and poplar IT companies that you listed Microsoft, Google, and Cisco are terrific for improving skills since these companies build and maintain the most widely used systems being utilized in Internet Technology. The DoD and top professional companies would have some of the best recommendations since they are the number 1 employers in the cybersecurity field.

Module 15: Cybersecurity education and training are provided in a variety of ways.  These include online/face-to-face courses, online self-study (e.g., Skillsoft Skillport), reading textbooks/periodicals, and video presentations.  Of the various approaches, which do you feel is the most effective?  Are there any recommendations you could provide to help improve the ways that cybersecurity knowledge is conveyed?

Initial Post

In my opinion a mix of educational approaches is the best approach to the most effective learning. Students gain different skills and benefits from each approach. Face-to-face helps with having a dialog where students can give verbal feedback demonstrating their understanding. Online self-study can give students an outlet for extending their education on their own time and at their own pace. Online self-study also allows for extending education past the traditional programs. Student’s can take extra certification courses to supplement their education if they desire extra learning. Self study also gives busy employees an outlet for continuing their professional development in their free time. Reading textbooks, periodicals, and watching video presentations can be a valuable reference resource when learning new concepts or reinforcing old concepts. Every student will have a different path to the most effective education for them. A person wanting pick up new skills or reinforce old ones should take time thinking about and discussing their goals to map out the best approach to achieve them.

Response

I agree that combination of different methods to learning is the most effective way to learn. The most important of the approaches is hands-on since it shows and demonstrates the skills are being acquired. Students can watch and memorize content consuming an immense amount of time, however,  if they can’t demonstrate their education abilities it likely wont benefit their career. Employers and colleagues can’t recognize an individuals knowledge and understanding if they can’t see it in production.