Topic Module-01 Discussion Topic

Information Systems Security Introduction
What is the defining difference between computer security and information security?  Why can we argue that information security is really an application of social science?

  • The difference between computer security and information security is that information security is usually based on the thought process of the C.I.A. Triad that involves “confidentiality, integrity, and availability,” with some more additions like authenticity and accountability. While computer security mostly focuses on hardware and software and trying to maintain a malware-free system so it doesn’t compromise the C.I.A. of the system itself. 
  • Information security can be closely related to social science because human behavior is the quickest way to understand and compromise information security sometimes. Understanding and deceiving people to get information from them is one of the most common ways to lose information security.

Topic Module-02 Discussion Topic

Internet-of-Things (IoT) Security Challenges
In your opinion, what are the biggest IoT security risks and challenges?  Cite resources and references that back up your assertions.

The biggest risk with IoT is the fact that they are usually made without security in mind. Tools and monitors that make things accessible with weak security mean that you are often liable to someone being able to access you. The ability to easily brute force these IoT, especially security cameras, is a huge risk in society. Not only can they start and perpetuate a botnet, but they can also give out home security information, like when you leave and get back home. In an article by The Medium, they say, “An IP camera is an IoT device that can be easily exploited,” and go on to explain that they can be used to start MITM, DDoS, and RCE attacks.

Jones, T. (2021, December 5). IoT Vulnerabilities: IP Cameras Most Insecure IoT device. Medium; Nerd For Tech. https://medium.com/nerd-for-tech/iot-vulnerabilities-ip-cameras-the-of-most-insecure-iot-device-b1dcf73d8b03

Topic Module-03 Discussion Topic

Malicious Attacks, Threats, and Vulnerabilities
What is the difference between a threat and an attack?  How do exploits relate to vulnerabilities?  Is there an ethically acceptable reason to study and use the various attack methods described in this module?

  • The difference between a threat and an attack is that a threat is an increased chance of someone exploiting a vulnerability in a system. An attack is a vulnerability in your system that someone has exploited. 
  • Exploits have a synonymous relationship with vulnerabilities. An exploit is using a vulnerability and taking advantage of it to either break into or break the system itself.
  • I do believe that there is an ethically acceptable reason to study. Being knowledgeable about these attacks helps us not to be blindsided when these attacks occur. We would need to know how and what a bad actor did to stop it from happening and persisting. 

Topic Module-04 Discussion Topic

The Drivers of the Information Security Business – Cybersecurity Incidents and Law Enforcement
The decision to escalate incidents to law enforcement is an area fraught with conflict. In your opinion, what are the pros and cons of law enforcement involvement?  What resources and references can you cite to back up your assertions?

  • In my opinion, the pros of law enforcement are that you know that there is someone with legal authority who can make investigations within the state or country to find out who is responsible. They also have the authority to go into dangerous areas and find these bad actors and malicious people and take them into custody.
  • The FBI has a cybercrime department named “United States Secret Service Electronic Crimes Task” that helps serve and protect critical infrastructure. 
  • The cons of this are that sometimes an investigation can take too long or there are too many legal roadblocks that can’t be ignored with the situation. These things can allow time for the bad actor to steal and gain everything they want and cover their tracks before anyone can make a meaningful investigation. 

Topic Module-05 Discussion Topic

Networks and Telecommunications – Internet Protocol Version 6 (IPv6)
Internet Protocol Version 6 (IPv6) was designed to address the limitations of Version 4 (IPv4).  What cybersecurity-related enhancements have been incorporated into IPv6?  The adoption of IPv6 has been pretty slow across both the public and private sectors.  What reasons can you attribute to this?  Cite resources and references that support your assertions.

  • IPv6 addresses many concerns with the IPv4. IPv6 provides additional bonuses to the CIA Triad and enhances end-to-end security. IPv6 also eliminates the need for the NAT system. With more address space, the need for translation would be redundant. IPv6 also has enhanced multicasting abilities, which allow for more “efficient transmission of data.”(Matteo Duò, 2020) 
  • A reason why the integration could be slow is because upgrading equipment without any perceived updates would be a net loss to any company. Another reason could be that there could be issues when trying to connect IPv4 and IPv6 systems.
  • Matteo Duò. (2020, August 21). IPv4 vs IPv6: What’s The Difference Between the Two Protocols? Kinsta®. https://kinsta.com/blog/ipv4-vs-ipv6 

Topic Module-06 Discussion Topic

Access Controls – Single-Sign On (SSO)
What are the benefits and risks of the use of SSO?  Specify measures that can be taken to better secure an SSO system.

  • Single Sign-On has a multitude of benefits. Things such as a faster log-on process due to employees not needing to re-enter their email and password to sign in can also be used to mitigate phishing scams by having employees already signed into their system. This means that they are less likely to input their information and leak it. Another benefit is that it allows users to remember one strong password for a longer time without the need to change it. Some risks are that if someone were to steal this credential, they essentially have all the systems that the credential accesses. 
  • To make SSO better, we can make sure that we enforce an MFA policy so attacker would need to get through extra steps to access a system.

Topic Module-07 Discussion Topic

Cryptography – Public-Key Infrastructure (PKI)
PKI is used extensively in the U.S. federal government. However, it has not caught on in the business and commercial sectors.  Why is this the case?  In your opinion, what is the future of PKI?  Do alternate methods such as those proposed by the FIDO Alliance (URL: https://fidoalliance.org) offer a viable alternative to PKI

  • Due to the high security requirements that the government operates through, a high security infrastructure is needed to bear all of the standards and requirements. With that being said, public sector implementation of this system has been slow due to the high financial cost and high maintenance to get key pairs. I feel like many businesses find it either a financial waste or too challenging to implement and use for an extended period of time. The future of PKI Is safe within the private sector of business, places like hospitals or our government it would thrive in, but in the public sector I believe security measures that FIDO uses like biometric security and hardware security keys would do fine. 

Topic Module-08 Discussion Topic

Malicious Code and Activity – Mitigation Methods
Describe some actions or techniques that can be used to mitigate or stop the impacts of malicious applications.  Are some of these methods more effective than others?  Provide an example of a cyber attack that resulted from the execution of malicious code.  There are plenty of examples that can be queried from the Internet.

  • To mitigate or stop malicious applications, organizations can use techniques such as application whitelisting, IP-based detection, least privilege enforcement, and regular software updates. Some methods are more effective than others depending on the attack type; for example, regular system updates allow you to be up to date on all currently known viruses that could threaten a known version of your system.
  • The NotPetya ransomware attack in 2017 involved malicious code execution. It exploited a Windows vulnerability (EternalBlue) to spread rapidly, encrypting files and destroying systems, making them inoperable. Stronger management and network segmentation could have reduced its impact.

Topic Module-09 Discussion Topic

Security Operations and Administration – Change Management Process
Imagine you are a manager responsible for implementing a significant cybersecurity-related technology change within an organization. What are the potential reactions to this change?  Indicate one way in which you would minimize the impact of adverse reactions within the change management process. Provide support for your recommendation.

Potential Reactions

  •  There can be a lot of negative interactions with new policies due to the fact that cybersecurity professionals have to push the bounds of usability for safety. This can cause many people to be angry or frustrated at the new implementation of these policies due to workplace disruptions. Some might even be uncomfortable with the new changes due to being uncomfortable.

Minimize adverse reactions

  • To minimize adverse reactions I would get a meeting or company-wide email to whoever it affects and explain to them what the changes are and why we have to implement them in the workplace. I would also do small breakout groups for training to ease anyone’s anxiety about using the new system.

Topic Module-10 Discussion Topic

Auditing, Testing, and Monitoring – System Monitoring
System monitoring and the use of network traffic log files are extremely important for gauging baseline performance and observing events.  Why does identifying abnormal behavior first require having a baseline?  What can a log file show that lends insight into abnormal behavior?

  • Without a point of reference, we wouldn’t be able to decipher what normal levels of traffic are and what could be considered abnormal. A baseline usually would have traffic patterns for a system and user behavior, which can help analysts in deciphering fluctuations and security threats. 
  • A log file could include unusual traffic, unauthorized access attempts, system abnormalities, and changes in user behavior. All of these can be seen as a possible security threat or malicious attack on the system that can affect business.

Topic Module-11 Discussion Topic

Risk, Response, and Recovery – Asset and Vulnerability Likelihood Value
What is the best value that should be assessed when evaluating the worth of an information asset to the organization – replacement cost or lost income while repairing or replacing?  What is the likelihood value of a vulnerability that no longer requires consideration? Cite resources and references that can support your assertions.

  • When looking at the worth of an information asset, it’s better to look at money lost while replacing or repairing rather than the replacement cost alone. The replacement cost alone does not factor in operational downtown, reputation damage, and lost business opportunities and stock profits. A vulnerability that no longer requires consideration is assigned a likelihood value of zero, indicating it is “no longer exploitable or has been fully mitigated” (NIST SP 800-30 Rev. 1, 2012)

Topic Module-12 Discussion Topic

Artificial Intelligence (AI)-Powered Digital Forensics: Enhancing Investigations or Introducing Bias?
Discuss the impact of Artificial Intelligence (AI) on digital forensic investigations. How do AI tools aid in evidence analysis and speed up investigations? What are the potential risks of AI introducing bias or errors? Share your thoughts on striking a balance between leveraging AI’s capabilities and maintaining the integrity of digital forensic evidence. Cite resources and references that back up your assertions.

  • AI can greatly progress digital forensics investigations by automating tasks like malware classification, anomaly detection, and more. AI-powered analysis can process large amounts of data, aiding investigators in reviewing and identifying evidence much faster than normal. Some risks when using AI can be discrepancies when scanning due to incorrect or biased training data. Some other risks are false positives or negatives, which can throw off an investigation or even sidetrack it for weeks looking for something that’s not there. This shows us that we need to work with AI instead of relying on it 100%.
  • Vasan, D., Mamoun Alazab, Sobia Wassan, Babak Safaei, & Zheng, Q. (2020). Image-Based malware classification using ensemble of CNN architectures (IMCEC). Computers & Security92, 101748–101748. https://doi.org/10.1016/j.cose.2020.101748

Topic Module-14 Discussion Topic

Information Security Professional Certifications – Cybersecurity Professional Credentials
What avenues should an aspiring information security professional use in acquiring professional credentials?  Cite resources and references that back up your recommendations. 

  • Some avenues and information some aspiring security professionals need to know are certifications, websites to advance knowledge, and social events. In the DoDD 8140 video, he first goes over how all security professionals are required to have certifications. Knowing what certification to get is crucial. Cyberseek is a great place to understand what is required of you from a specific job and what certifications you will need to succeed in getting the job. Social events also make up a great part of understanding security professions. Events like CTFs help build your experience in real world scenarios and outside-the-box thinking, which is a big thing to have.

References:

Topic Module-15 Discussion Topic

U.S. Compliance Laws – Health Insurance Portability and Accountability Act (HIPAA) Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule establishes a national set of minimum security standards for protecting all electronic private health information (ePHI) that a Covered Entity (CE) and Business Associate (BA) create, receive, maintain, or transmit. The Security Rule contains the administrative, physical, and technical safeguards that CEs and BAs must put in place to secure ePHI. With that in mind, what types of information system components need to be heavily scrutinized to help protect the confidentiality and integrity of ePHI?  What types of controls would you recommend implementing to safeguard ePHI?  Cite resources and references that back up your assertions.

  • To make sure that the confidentiality and integrity of ePHI are protected under HIPAA security rules, critical information systems like access controls, logging mechanisms, end-user devices, and data storage systems must be well protected. For some implementations, I would have a small training seminar to make staff aware of new dangers present within technology. I would also make Physical USB keys so not anyone can just log into a computer or system

References