Board Business Concepts and Other Organizations Discussion Board

Businesses are typically for profit institutions that need to make a profit to survive and please outside parties like shareholders. How do you think the concepts of a business apply to a organization like a non-profit, educational institution, or government? Should these organizations operate differently, or should they still rely on the operating model of a business? What do these entities do differently than a traditional business? 

  • The way these types of businesses still stay alive is through grants, taxes, and donations. These all stay relevant because they offer services that other people want and continue to pay into for others in their communities.

Team Roles and Responsibilities on a Cyber Team

Take a look at the Roles and Responsibilities (Starts on Page 13) from NIST Special Publication 800-12. Pick two Roles and then compare and contrast them. Which role would you prefer?

  • Information Security Architect & System Administrator

Comparison:

  • Both jobs are heavily focused on IT infrastructure and applications within.
  • They both have responsibilities to keep the system secure.

Contrast:

  • While information security focuses mainly on hardware security, system admin mainly focuses on keeping the system up-to-date and operational for all.
  • While InfoSec has to anticipate malware and check permissions in a system, the system admin has to make sure all patches are up-to-date and well-protected 

I would prefer to be an information security architect.

Protecting Availability

In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

  • First, I would implement new security failover plans and systems. If any systems fail there should be no reason why we would be down for more than a day. Another thing I would implement is a random multi-factor authentication system. Having our systems be able to be compromised because someone memorized their password is unacceptable.

Framework Core Activities of The NIST Framework

Which of the Core Activities of The NIST Framework do you think is the most important? Make sure to support your reasoning. 

  • I think that the most important part of the NIST framework is Respond. You cannot prevent everything, and you are not going to figure out everything till it’s too late. That’s why I think how you can communicate what the next step is and have everyone understand and operate toward improving the systems that would be the most beneficial. 

Vulnerabilities, Risks & Mitigation Strategies in the BioSciences

Given your knowledge or cyber vulnerabilities & this section’s material…


Risks – What risks might impact DNA Analysis systems, data and/or privacy?
Mitigation – What strategies would you implement to safeguard against these risks? 

Reference Article: Malicious Code Written into DNA Infects the Computer that Reads it

  • The risks associated with these systems are that they are not protected by any type of defense system. Malicious binary can be one of the most devastating attacks and could create lethal situations if spread to the wrong equipment. 
  • Mitigation: Ensuring the integrity of the sequence before anything is uploaded to a device is crucial. This will take time but could improve security.

16 Sectors of Critical Infrastructure

Look at the 16 Sectors identified by CISA. Which Sector do you think is most important and least important. Justify your answers

  • Out of all the sectors, I believe that the information technology sector is the most important. All of our infrastructure has now evolved to be used, monitored, or controlled by wireless devices, which means that it can be vulnerable to hacks. If we can’t use our infrastructure, then we will not be able to function as a country.

Deviance Opportunities for Workplace Deviance

How has cyber technology created opportunities for workplace deviance? 

  • It has increased the availability for the information of your company to be leaked. Even giving others access to your computer can initiate the biggest security risk to your computer. This can be an incentive to some employees that dislike the company.

Knowledge The “Short Arm” of Predictive Knowledge

From this week’s Jonas Reading: How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?

  • Given the short arm of predictive knowledge, we can approach this topic with small and adaptive steps to improve cyber policy. We should make sure that our priorities are based on responsibility and resilience.

Requirements Cybersecurity Job Requirements

Starting with 50 Cybersecurity Titles That Every Job Seeker Should Know About, pick two jobs that are of interest to you and research the required skills employers are looking for.

  • Malware Analyst: Understanding of programming languages, IT skills, at least a bachelor’s degree in an IT field like cybersecurity, IT, or computer science, and certifications.
  • Penetration Tester: At least a bachelor’s degree in cybersecurity or computer science, decent understanding of programming languages, and certification like Cisco, CompTIA, and AWS