From the discussion board “Opportunities for workplace deviance”
I think that cybersecurity has allowed for many great things to be possible for the world, that being said I think that it has also allowed for many less than reputable ways of conducting oneself online. For starters it has allowed employees to have access to many confidential and important pieces of data and information. This has caused some employees to utilize their access to perform various criminal acts, whether it be for financial gain, or otherwise. I think that since cybersecurity is a profession that allows for work at home, it can lead to some employees deviating from their job in order to do some other activities that they should not while on the clock for their employer. Cybersecurity could also be used as a sort of weapon by some, meaning that they could utilize their knowledge and experience to essentially spy on other coworkers, rival organizations, and it possibly could lead to bullying of other coworkers for personal satisfaction.
I think that some employees may not necessarily grasp all of the requirements and responsibilities that come with having this kind of access to a broad system. Making sure that everyone that is employed with the kind of access that cybersecurity professions have a general understanding of what they can and can not do is essential.
From the write up “The human factor of cybersecurity”
I think that in terms of being a Chief Information Security Officer, I believe that the most important part about making sure that the security of any organization starts with, and is maintained by good training for all employees at said organization. I personally believe that most attacks that occur are due to human related issues, these issues are cause most of the time by a general lack of understanding towards Cybersecurity and all of the nuance that comes with it. I think that a limited budget should prioritize training of staff above all else, this ensures that every employee understands what they need to do in order to mitigate and prevent future attacks on their organization. That being said, I do believe that the remaining money, however much it may be should be put towards providing the best equipment and newest technology possible in order to facilitate the means to better secure data and other important sites. Some would argue that new tech is expensive and if focus goes to training then there will not be enough money to buy the new equipment, I do not believe this. I think it is actually rather unexpensive to train people to use good and safe Cybersecurity practices, all you would need to do is just run them through the basics of what to look for and how to spot suspicious emails, calls, and any other scams or attacks. That would be how I would look at managing the budget were I a chief officer.
References:
https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon
From the write up “Exploring attacks on availability”
An attack on availability is an attack that targets accessibility, reliability, the performance of data, and the computing resources of an organization or individual. Some examples of this type of attack are Dos attacks, otherwise know as denial of service, this attack attempts to overload a network and or website to slow it down or to crash it altogether. A recent example of a DOS attack would be the DDOS attack on Microsoft Azure in 2021, a DDOS is the same as a DOS but at a much larger scale. This attack had a total throughput of 3.47 Tbps making it one of the largest attacks recorded. This attack was eventually mitigated and service was restored, but this has some very broad implications regarding the nature of online services and how secure they are. Attacks like this happen a lot, but not very often at a large scale such as the Microsoft Azure attack. Other attacks of similar scale have happened both before and after this incident as well. I think that this is a serious problem in todays world, seeing as more and more advances are made in the cyber world and more and more people are utilizing online services than ever before. This means that the need for better secured and safe sites and platforms is a must, attacks of this nature need to be stopped before they can even begin. However this is a difficult task to do, seeing as it is almost impossible to predict who the next target will be.
References: