{"id":435,"date":"2024-04-20T18:42:21","date_gmt":"2024-04-20T18:42:21","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jchris82\/?p=435"},"modified":"2024-04-20T18:42:21","modified_gmt":"2024-04-20T18:42:21","slug":"guardians-of-cyberspace-the-human-element","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/jchris82\/2024\/04\/20\/guardians-of-cyberspace-the-human-element\/","title":{"rendered":"Guardians of Cyberspace: The Human Element"},"content":{"rendered":"\n<p><br>Justin W Christopherson<br>Old Dominion University<br>CYSE: 200T<br>Professor Kirkpatrick<br>31 March 2024<\/p>\n\n\n\n<p>Guardians of Cyberspace: The Human Element<br>The human aspect of cybersecurity is such a wide spectrum topic, but adding in the constraint of<br>an underfunded budget, makes it an easier pill to swallow. Taking on the role of Chief Information<br>Security Officer, the first task at hand would be to conduct a risk assessment to find out what data the<br>company holds valuable. The next logical step is to set up a program that proactively detects common<br>threats and then spells out how to respond to them. The final step in the process is to train all personnel<br>at the company in a way that the training will stick.<\/p>\n\n\n\n<p><br>Risk Assessment<br>To conduct a risk assessment, the first thing that needs to be done is to Identify what on the<br>network the company holds near and dear. This can be anything from trade secrets, to trademarked<br>material. An emphasis also must be made when looking at anything that leaves the companies offices,<br>whether it be to a remote office or even across the water to other countries. The second step is to<br>Identify and Use Sources of Cyber Threat Intelligence. This way it can be found what vulnerabilities<br>commonly plague this type of company. The third step in the process is to Identify and Document<br>Internal and External Threats. This is where a vetting process can be setup to prevent insider threats.<br>Step four in the process is to identify Potential Mission Impacts. This involves figuring out what happens<br>if the network goes down. The fifth and final step in the process is to take all the combined data from<br>the previous steps and use them to assign risks.<\/p>\n\n\n\n<p><br>Proactive Threat Detection and Response<br>The human aspect of proactive threat detection and response deals with continuously<br>monitoring who comes in and out of the office, as well as anyone who has access to the data. This is<br>done by monitoring the network for normal behavior and setting up the systems for notifications when<br>anything begins to operate outside normal parameters. When this happens, the operators can trace<\/p>\n\n\n\n<p>where the anomaly was initiated. With the knowledge of where it began, operators can track down an<br>anomaly to a specific terminal and then find out which employee operates it. Another aspect that needs<br>to be taken into consideration is monitoring cybersecurity threat intelligence for the industry the<br>company is in and in general. This can be done through various means such as following industry<br>leaders. Once this is done the network needs to remain secure by means of constantly keeping virus and<br>malware definitions up to date. The network has been secured so the next logical step is to set up a plan<br>for reporting anything suspicious on the network. This can be done by establishing standard operating<br>procedures, that outline what to do and who to notify as soon as something happens.<\/p>\n\n\n\n<p><br>Training Strategies<br>Once the network is secured, and constant monitoring has been established, the only thing left<br>to do is to establish an employee training program. This is by far one of the more challenging aspects<br>for a very technical Chief Information Officer, because while companies are willing to spend millions to<br>set up cybersecurity, they are not likely to spend millions on training non it related personnel. To<br>counteract this a CISO needs to set up a training program that does not use death by PowerPoint. This<br>can be achieved by using real world examples. An example would be to bring up a live attack tracker<br>that shows when and where attacks are happening around the world. After this it can be explained that<br>opening an email attachment can cause the company to end up on this tracker.<\/p>\n\n\n\n<p><br>Conclusion <\/p>\n\n\n\n<p>In the end the human aspect of cybersecurity is often overlooked and underfunded<br>which leads to data breaches. As Chief Information Security Officer the first thing to conduct would be a<br>thorough risk assessment to identify valuable company data and potential threats. Implementing<br>proactive threat detection measures and protocols ensures swift action against emerging risks, while<br>continuous monitoring maintains network integrity. Lastly, developing a training plan that actively<br>engages employees is essential in empowering personnel in recognizing and mitigating cyber threats. By<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>using these strategies, companies can strengthen their overall cybersecurity posture and mitigate risks<br>albeit budget constraints.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>References<br>Cyber risk assessment. (n.d.). https:\/\/www.cisa.gov\/sites\/default\/files\/2024-<br>01\/22_1201_safecom_guide_to_cybersecurity_risk_assessment_508.pdf<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Justin W ChristophersonOld Dominion UniversityCYSE: 200TProfessor Kirkpatrick31 March 2024 Guardians of Cyberspace: The Human ElementThe human aspect of cybersecurity is such a wide spectrum topic, but adding in the constraint ofan underfunded budget, makes it an easier pill to swallow. Taking on the role of Chief InformationSecurity Officer, the first task at hand would be &hellip; <a href=\"https:\/\/sites.wp.odu.edu\/jchris82\/2024\/04\/20\/guardians-of-cyberspace-the-human-element\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Guardians of Cyberspace: The Human Element<\/span><\/a><\/p>\n","protected":false},"author":26825,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts\/435"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/users\/26825"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/comments?post=435"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts\/435\/revisions"}],"predecessor-version":[{"id":436,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts\/435\/revisions\/436"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/media?parent=435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/categories?post=435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/tags?post=435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}