Week 1: From your readings of pages 1 – 21 of the NIST Cybersecurity Framework Links to an external site., what benefit can organizations gain from using this framework, and how would you use it at your future workplace?
- After reviewing the NIST Cybersecurity Framework (CSF) pages 1-21, it provides the foundations for organizations with a quite a structured approach when it involves managing cybersecurity risks, aligning with the industries best practices, ensuring regulatory compliance within a workplace. The NIST CSF enhances communication, supports continuous improvement within the time period, and is flexible enough to cater/tailor to certain business needs. Whenever I do establish my future position at a certain IT department or something to similar, I would take notes from the NIST CSF to assess current cybersecurity measures, develop a detailed and tailored roadmap to determine where my career would take me, implement continuous ongoing monitoring, and engage with stakeholders, ensuring a strong and adaptive cybersecurity stance.
Week 2: In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)? - If I were the CISO for a publicly traded company, I would ensure system availability is critical. My key strategies would implement redundancy and high availability architectures in order to prevent single points of failure, all the while back by disaster recovery plans and backups. DDos Protection and network traffic monitoring to defend against attacks, and having a reliable incident response team to ensure a swift recovery. I would incorporate using resilient networks along with multiple ISPs, having systems patched constantly, and cloud services with auto-scaling uptime. Any monitoring tools and string SLA’s along with vendors to ensure proactive management, while the implementation of Zero Trust architecture and ransomware defense against any internal or external threats.
DISCUSSION BOARD: Protecting Availability In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?
- In the age of digitizing DNA, ethical concerns are on the rise, particularly along the lines of privacy, security, and also consent. DNA is considered the most ultimate from of personal data, thus making its theft quite a significant risk, as it cannot be altered/changed like a password or a social security number (Rizzkallah, 2018). Also, there are rising concerns about the potential use for malicious code that is embedded in DNA in order to infect computers used for sequencing, showcasing the vulnerabilities in current bioinformatics systems (Coldeway, 2017). Furthermore, the general use of consumer DNA data for purposes way beyond an individual’s consent, such as criminal vacations, brings into the equation whether users fully understand and agree how their DNA is used (Rizzkallah, 2018).
- In order to address these ethical issues, of course, there must be stricter regulations, enhanced data security measures, and also, a more transparent consent processes to make sure individuals maintain control over their own genetic info.
- Coldewey, D. (2017, August 9). Malicious code written into DNA infects the computer that reads it. TechCrunch. https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/Links to an external site.
- Rizkallah, J. (2018, November 29). Hacking humans: Protecting our DNA from cybercriminals. Forbes. https://www.forbes.com/sites/forbestechcouncil/2018/11/29/hacking-humans-protecting-our-dna-from-cybercriminals/?sh=31cfac3a5287
Opportunities for Workplace Deviance
How has cyber technology created opportunities for workplace deviance?
- Technology has made way for new avenues for workplace deviance by enabling behaviors that are often quite hard to track and regulate. Employees can abuse company resources, access sensitive data without any form of authorization, or engage in cyberloafing (a.k.a spending work hours on other non-work activities). Remote work setups an increase in opportunities for unauthorized activities such as, using the company system for personal gain or sharing very private information. Social Engineering and phishing have also made it easier for insiders to bypass most security protocols or even commit fraud. This shift would require most companies to consider a change in policies, implement some advanced monitoring, and also creating a culture of digital responsibility in order to address these new and emerging risks.
The “Short Arm” of Predictive Knowledge : From this week’s Jonas Reading: How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?
After reviewing this week’s reading, Hans Jonas urges us to use caution in tech policy due to unpredictable impacts. He showcases the significant need for responsibility, foresight, and intergenerational accountability. The implementation of cyber-policies should be adaptable, inclusive, and focusing on minimizing harm while safeguarding the future.
From Verbeek’s writing (Mod 6, Reading 4) Designing the Public Sphere: Information Technologies and the Politics of Mediation
How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p217) and networking of the material world?
After reviewing Verbeek’s “Designing the Public Sphere: Information Technologies and the Politics of Mediation”, it appears technology continues to integrate itself into daily life, regulations must adapt by guiding its responsible use rather than resisting to it. Most businesses should make it a priority to be transparent and implement ethical designs, communities need to promote some form of digital literacy and shared norms, and individuals should have control over their own digital presence. Governments should integrate ethics into technological development, advocating for innovation but also safeguarding societal values.