What benefit can organizations gain from the NIST Cybersecurity Framework, and how would you use it at your future workplace?
National institute of standards and technology (NIST) is a cyber security framework that sets standards and guidelines for government agencies and other organizations. This framework aids organizations in maintaining their cyber security and risks. Organizations will also champion consumers’ privacy rights when discussing cyber security along with this framework, which will make organizations increase their credibility. Organizations will not follow the same standards and guidelines as other companies when using this framework because they each have specific needs that they have to adhere to. Also, as society goes through technological advancements accommodations with this framework will happen because this framework will easily work changes.
There are several benefits that the framework NIST provides in order for agencies and organizations to maintain their functionality. While using this framework it is important for organizations to recognize their priorities and goals because they should have a clear understanding of the specifications needed to manage cyber security risks. An organization that does manage its risks will look untrustworthy or incompetent to its consumers. It takes some trial and error when trying to effectively respond to a situation. Also, organizations will try to determine the cost of resources and see if the costs outweigh the benefits of having certain guidelines implemented. It is also important for companies to manage risks by performing a risk assessment. This will evaluate events that will likely happen and the damages that they may experience such as malicious hackers and competition. Most likely, when an organization encounters a risk that is hard to recover from, they have to find what worked and did not work previously and make some adjustments. If I had an organization that held my consumers’ sensitive information, I would make sure to implement some guidelines that would ensure their security. I would go over the guidelines and make sure that everybody follows them effectively. As I previously stated I would do risk assessments as often as possible and make sure that my guidelines correlate with my organization’s needs. If I happen to face problems, my team and I would work hard to find a solution. Having this framework will mitigate future challenges that organizations may face and ensure consumers’ rights.
You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?
Publicly traded companies are defined as enterprises offering their stocks and shares on the stock exchange to the general population. This allows a wide variety of people to purchase stocks and shares. As a chief information security officer (CISO) my job is to maintain high levels of security within the publicly traded company. People can try to infiltrate any publicly traded company system in order to obtain information that is not known to the public and affect the stock market. As a result, the company could lose its money, and its stock can plummet, and affect the overall stock market. As a CISO my duty is to prevent sensitive information that could risk the publicly traded company that I am working for profit.
Luckily, there are several protections that I can use to prevent people with malicious intent from gathering sensitive information. For example, I could utilize intrusion detection systems (IDS) in regard to protecting availability. IDS is defined as a tool that monitors and detects traffic on devices. Although they work similar to antivirus software, it keeps a list of signatures that showcases specific attacks and compare the traffic of the signatures. This system also can detect anomalies, which means that if something unusual occurs in the system, it can potentially be damaging for my company because somebody might be trying to infiltrate the company’s system. The reason why I chose to utilize this tool is because it provides constant monitoring and will oblige to my company’s specific needs since its tasks are customizable. Another protection tool/technique that I would implement as a CISO is backups. Although it does not guarantee that information will not get hacked, it is beneficial if somebody tries to use the company’s information as ransom. Having routine backups can ensure that information will not be lost nor used against you if a malicious person tries to hack the system. Although the company may face some damages, the loss will be minimal compared to surrendering to people who hold the information for ransom.
How has cyber technology created opportunities for workplace deviance?
Workplace deviance is when employees have the determination to cause harm to a business through their negative behaviors. There are many acts of deviance that companies punish such as theft and harassment. Since society has started to rely on technology more and implemented the use of technology at home, school, and the workplace, there has been a trend of deviant acts over the internet. Oftentimes people exchange and store information over the internet. Even if companies implement some form of security against cyber-attacks such as antivirus software or securing the Wi-Fi, there are ways to compromise their systems. Many companies try to train their employees on how to effectively use the internet, but their rules and regulations are often ignored because of the following reasons specified. Many companies face the threat of employees violating company policies and regulations over the internet. Although there are ways to monitor who is not being compliant with company rules, those violations will be able to affect a wide range of people. Employees could visit dangerous websites on their work computers and expose the company to viruses that can shut down the whole system. Also, visiting websites might grant others access to your computer by clicking a link or task that may seem legitimate, but is really a scam. Also, employees might purposely sell information to competitors or wipe the whole system if they are angry. As a result, companies can lose their consumers and face debt if it is not mitigated or addressed correctly.
CIA Triad Write-up: file:///C:/Users/Alysi/Downloads/CIA%20Triad%20final%20Alysia%20B%20(2).pdf
SCADA Write-up: