Discussion #1: Going on a Job Hunt

Using the article 50 Cybersecurity Titles That Every Job Seeker Should Know AboutLinks to an external site., research two or more of these jobs that are of interest to you. What disciplines do you see represented in these 50 jobs? What skills are required for the two jobs you selected? What was your biggest surprise? Be sure to include links to your research.

The two jobs I chose were blockchain Developer/Engineer and Cyber Insurance Policy Specialist. The disciplines across the Cybersecurity industry are surprisingly broad, including engineering, data analysis, assessment-related jobs, software development, architecture, and executive management.   

For the Blockchain Developer/Engineer job, you need a strong knowledge of data structures, cryptography, and software development.  My biggest surprise was that this role was considered to be Cybersecurity related because I had always associated blockchain with bitcoin and cryptocurrencies, which are about digital transactions.  My research link is https://www.simplilearn.com/tutorials/blockchain-tutorial/how-to-become-a-blockchain-developerLinks to an external site.

For the Cyber Insurance Policy Specialist job, it is critical to have general knowledge of Cybersecurity, understand the potential risks of a cyber attack, and have working knowledge of how insurance products work.  My biggest surprise was simply the existence of cyber insurance.  I am familiar with auto and homeowner’s insurance, but I was unaware that you can be protected and compensated if you are a victim of a cyber attack.  My research link is https://prowritersins.com/cyber-insurance-blog/cyber-security-specialist/Links to an external site.

Discussion #2: The NIST Cybersecurity Framework

From your readings of pages 1 – 21 of the NIST Cybersecurity Framework Links to an external site., what benefit can organizations gain from using this framework, and how would you use it at your future workplace?

The most beneficial aspect of the NIST Framework is that it gives companies a straightforward plan for the security they want and need through the Target and Current Profiles. Once the company chooses a target profile and the current profile is evaluated, they are left with the gap analysis, which is essentially a to-do list for the company. This gives the company a goal and an idea of what to do. I would use this Framework to the fullest. One thing I liked about this document is the communication aspect and the guidelines with the Target Profile for smoother and quicker communication within the company and with its stakeholders. An example from the framework shows this: If another company is doing business with another, and there are potential risks, company 1 could use its current profile to show its requirements and cybersecurity needs. Another system I would implement would be the Tiers system, which would simplify understanding vulnerabilities and evaluating current responses to threats.

Discussion #3: Protecting Availability

In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure the availability of your systems (and why)?

As the Chief Information Security Officer (CISO) for a publicly traded company, ensuring the availability of our systems is paramount to maintaining operational continuity, safeguarding customer trust, and meeting regulatory requirements. I would employ a multi-layered approach incorporating network security measures like firewalls, intrusion detection systems, and redundancies across data centers and servers to achieve this goal. Data backups and offsite storage would be routine, and load balancing would prevent single points of failure. Regular software updates, dedicated DDoS protection, and continuous monitoring enhance resilience. An incident response plan would be in place, and regular audits would evaluate system effectiveness and compliance with relevant regulations. Employee training and vendor management would also be crucial elements in our strategy to ensure uninterrupted service availability.

Discussion #4: Ethical Considerations of CRISPR Gene Editing

Based on your readings related to the BioCybersecurity section of this course, identify possible ethical considerations and explain your position.

BioCybersecurity aims to safeguard biological data, systems, and infrastructure from cyber threats, which necessitates addressing various ethical considerations:

• Privacy Concerns: The increasing accumulation and analysis of biological data, such as DNA sequences and biometric information, pose a significant risk of infringing upon individuals’ privacy. Protecting this data is crucial to prevent potential misuse or discrimination based on sensitive health or ancestral information.
• Data Access Balancing: While researchers require access to biological data to develop treatments and cures, ensuring data security and privacy is paramount. Establishing clear data access and use guidelines helps maintain integrity and prevents unauthorized exploitation.
• Informed Consent: Respecting individuals’ autonomy and rights involves obtaining informed consent to use their biological data. People should understand how their data will be utilized, including potential risks and benefits, and be free to opt-out or withdraw their consent if desired.
• Dual-Use Technology Regulation: The dual-use nature of biological data and technology raises concerns about potential misuse for biowarfare or bioterrorism. Regulatory measures are necessary to mitigate these risks and ensure responsible use to prevent harm.
• Equity and Fairness: Like any field, BioCybersecurity is susceptible to biases and inequalities. It’s essential to ensure that technological advancements benefit all individuals equitably and that data isn’t exploited to perpetuate existing disparities.

In summary, ethical considerations are integral to BioCybersecurity, guiding practices to protect privacy, maintain data integrity, and promote fairness in applying technological advancements for the betterment of society.

Discussion #5: Opportunities for Workplace Deviance

How has cyber technology created opportunities for workplace deviance?

Cyber technology has opened doors to various forms of workplace deviance. Employees can exploit digital systems for unauthorized access and data theft, engage in cyber espionage to spy on competitors, leak confidential information, or perpetrate cyberbullying and harassment using email or social media. Sabotage through malicious software, insider trading using confidential information, and time theft through cyberloafing are also common. Additionally, social engineering attacks and online fraud pose significant risks. While cyber technology enhances productivity, it necessitates stringent cybersecurity measures and ethical guidelines to counteract these potential threats.

Discussion #6: The “Short Arm” of Predictive Knowledge

From this week’s Jonas Reading: How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?

Given the “Short Arm” of predictive knowledge in cyber policy and infrastructure, our approach to development should prioritize adaptability and resilience. Rather than relying solely on the ability to foresee future threats, we must design policies and infrastructure flexibly to respond to evolving challenges rapidly. This necessitates continuous investment in research and development to stay ahead of potential cyber threats. Moreover, fostering collaborative international partnerships and facilitating robust information exchange mechanisms are essential to a collective global defense strategy against cyber threats. We can effectively bolster our cyber resilience globally by leveraging collective expertise and resources. Additionally, prioritizing education and training initiatives is crucial for building a skilled workforce capable of effectively managing cyber threats. Developing cyber expertise can strengthen our overall cyber resilience and better protect our critical infrastructure.