Discussion Board: The NIST Cybersecurity Framework
From your readings of pages 1 – 21 of the NIST Cybersecurity Framework, what benefit can organizations gain from using this framework, and how would you use it at your future workplace?
Organizations can use this framework as a supplement to their own to help them improve risk management by identifying, assessing, and managing cyber risks more effectively. Which encourages a consistent, repeatable process that can adapt to new threats based on organizational needs. Companies can customize the framework with four different tiers, each one increasing in severity of risk management. This allows them to tailor the framework to their specific needs based on cost, threat levels, and business goals. External participation is a key component to the framework allowing information about risks to be actively shared with partners as threats evolve, allowing other companies to stay proactive and increase their measures before an attack occurs.
I would use this framework to identify any gaps my company might have in its current process by accessing our priorities and risk tolerances. The use of external guidance from federal government departments and agencies and information sharing and analysis organizations would help determine an appropriate implementation tier for my company’s needs, whether that is tier 1 or tier 4. I would recommend a tier 3 selection based on the adaptability to changes in risk and the consistent monitoring of the cyber risks to assets. I would need to figure out what measures we already have in place and what is still missing so I know a starting place. Then perform a risk assessment of our previous activities, including those of our partners, to determine how likely an attack would be and what damage it could cause. I would then set up a target profile based on previous threats and threats likely to occur by comparing the current profile against our target profile to see if there are any gaps that need to be addressed.
Discussion Board: Protecting Availability
In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?
If I were the CISO of a publicly traded company, I would first develop an incident response plan. This would help limit the damage when a security breach happens by laying out exactly what to do, like how to spot it, contain it, get rid of the threat, and recover. I would also implement regular drills and simulations to test the effectiveness of the response plan. I would include tabletop exercises and full-scale simulations to prepare for different types of incidents. I would also implement a training program to raise security awareness and educate employees about common threats, providing guidance on how to recognize and respond to them.
Discussion Board: From Verbeek’s writing Designing the Public Sphere: Information Technologies and the Politics of Mediation
How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p217) and networking of the material world?
With the diminishment of state power and the increasing connectivity and intelligence of our world, traditional regulatory methods, primarily restrictive, state-driven approaches, aren’t sufficient for handling today’s interconnected technologies. Instead, I think markets should move toward more guided innovation, with states actively participating to encourage technologies that benefit society broadly. Businesses, on the other hand, should increasingly adopt internal ethical frameworks, embedding transparency and user autonomy directly into their technology design. Groups and communities must also actively participate, particularly as technology increasingly influences their daily interactions. Rather than passively accepting regulations, communities should have participatory roles in defining acceptable norms for things like data collection, content moderation, and AI deployment in public spaces. Lastly, we must empower individuals through digital literacy and explicit rights. This includes educating people about how technologies influence behaviors and decisions, alongside providing clear rights for explanations regarding AI-mediated decisions.