During the course of the year, we have done several discussion boards debating current and past cybersecurity issues. Here are some of my responses.
From Verbeek’s writing (Mod 6, Reading 4) Designing the Public Sphere: Information Technologies and the Politics of Mediation – How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p217) and networking of the material world?
My answer: As state power wanes and technology rapidly advances, markets, businesses, groups, and individuals need proactive regulation. Decentralized systems like blockchain can help ensure ethical standards and transparency in markets. Businesses must be accountable for their technologies and data practices, while groups should protect against manipulation and prioritize digital literacy. Individuals must also adopt privacy safeguards and digital responsibility. Preemptive regulation and education are key to navigating a networked world and minimizing harm.
Opportunities for Workplace Deviance – How has cyber technology created opportunities for workplace deviance?
My answer: Cyber technology has created many different opportunities for workplace deviance. Remote work is incredibly commonplace nowadays, so many people choose to lax off at work and not do their jobs. Employees have done everything from simply not turning their cameras on so they can sleep, to automating their jobs with AI scripting tools. The only way an employer can know that the person logging in is actually the person they say they are, is through systems like two-factor authentication. Additionally that SCADA systems are so prevalent, any rogue or disgruntled employee can access and edit information critical to the company’s processes.
During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats. Now, put on your Chief Information Security Officer hat. Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology? That is, how would you allocate your limited funds? Explain your reasoning.
My answer: As a hypothetical CISO, or Chief Information Security Officer, I would prioritize
training over additional cybersecurity software. Consistently purchasing new software would
leave employees drowning and overwhelmed by having to learn completely new systems every
other month. I would choose to consistently train employees to adapt to modern techniques and
on how to mitigate modern styles of cyber-attacks. I would use services such as Cybeready and
Ninjio, which keep employees trained and up to date on the current landscape of cybercrime and
cybersecurity. In a perfect world, funding and time would be split 70/30, with 70 percent towards
training, and 30 percent towards new and updated software. I feel that this would create an ideal
balance between effective employees, and new-enough software to defend against attacks.