CYSE 200T Assignments

1. Write Up: Components of a Buisness

Details: Identifying components to a business.

Use the following presentation and research (Google articles):

Components of a BusinessLinks to an external site.

Within this presentation, you were asked several questions. Please submit your answers here. 250 word minimum

Q’s

  1. Identify other components of a business
  2. Where do they “fit” in the organization
  3. Where does IT “fit” in an organization?
  4. What are the Roles & Responsibilities w/in IT?
  5. How should IT itself be organized?

My Response:

1) Other business components can include operations, research and development, and customer service. Operations brings the task of handling day to day activites to the workplace. Research and Development brings innovative ideas and improves the workplace as a whole. Finally customer service is very important as it supports customers with any issues or questions they have with the business as well.

2) These components are organized in a hierarchal structure that helps the business keep on going. Each component has its own department or tem that go ahead and work together to achieve a certain goal that the company itself is striving to obtain.

3) IT also standing for Information Technology is a support function within the company. It provides the technology infrastructure and supports all other departments.

The world is a technology driven society so IT workers play a huge role in all companies.

4) IT roles include: an IT manager who oversees all IT operations, the Network Administrator who manages all the networks, a system administrator who manages all the computer systems, a person who considered the help desk who provides technical support, a lot of software developers who creates softwares. All of these jobs are responsible for maintaining hardware and software, ensuring data and security for the company, providing technical support, and finally developing and implementing IT strategies for the company to use and follow.

5) IT can be organized in different ways: centralized where all IT. functions are in one department, decentralized: IT functions that are spread across different departments, hybrid where a mix of centralized and decentralized functions work, and the best structure would depend on the company’s size and its needs.

2. Write Up: Cyber Roles & Responsibilities

Details: Using NIST 800-12 link above, start at page 13 “Roles and Responsibilities”. Choose one role within the Cybersecurity team to discuss. Address questions such as who they are, why are they part of the team, etc.

My Response:

The CIO or Chief Information Officer is pretty much a very crucial organizational official, essentially the senior agency information security officer. Their primary responsibility revolves around safeguarding information and ensuring its secure handling within an organization. The CIO’s role encompasses several key areas. First they are responsible for developing and maintaining procedures and control techniques to meet all applicable requirements. This would include but not limited to establishing adn enforcing security protocols to protect sensitive information. Second, the CIO oversees personnel with significant information security responsibilities, ensuring theyaare adequently trained to handle their duties effectively. Third, the CIO assists senior organizational officials with their information security responsibilities, providing guidance and support. Finally, the CIO is tasked with reporting on the overall effectiveness of the organization’s information security program and recommending any necessary actions. The responsibilities of a CIO include allocating resources to protect systems, ensuring systems align with the organization’s mission and business functions, and guaranteeing that systems are protected by approved security plans. They also ensure the smooth operation of these systems and that organization-wide information security is effectively implemented. In summary, the CIO is the driving force behind an organizations information security efforts. They are responsible for establishing, implementing, and maintaining a robust security posture in order to protect sensitive data and ensure the organization’s continued success. To add onto that, the CIO also plays a key role in strategic planning, aligning IT initiatives with the businesses goals. Whilst also driving innovation, ensuring the organization leverages technology for competitive advantage, and manage IT budgets effectively to maximize value. The CIO is essential for maintaining operational efficiently and securely.

3. Write Up: The Human Factor in Cybersecurity

Details: During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats.  Now, put on your Chief Information Security Officer hat.  Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology?  That is, how would you allocate your limited funds?  Explain your reasoning.

My Response:

Given a limited budget, I’d prioritize cybersecurity training over solely investing in additional technology.
1.  Assess Current Infrastructure: Understand existing vulnerabilities and technological gaps.
2.  Prioritize Training: Allocate a significant portion to training employees. Phishing simulations, password management, and identifying social engineering attempts are key.
3.  Invest in Essential Tech: Focus on core security tools like endpoint detection and response (EDR) or a basic SIEM (Security Information and Event Management) system.
4.  Regular Updates: Ensure existing software is updated to patch known vulnerabilities.
5.  Incident Response Plan: Develop and regularly test an incident response plan.
6.  Monitor and Adjust: Continuously monitor the threat landscape and adjust the budget allocation as needed.
Reasoning: Employees are often the weakest link. Even the best technology can be bypassed through human error. Training creates a human firewall, making employees more vigilant and resilient against attacks.
Conclusion: Prioritize cybersecurity training while strategically investing in essential technologies and regular updates.