IT/CYSE 200T

 Discussion Boards

Q: What benefit can organizations gain from using this framework, and how would you use it at your future workplace?

A: This framework is a very broad description of how a company could use cybersecurity. It gives the five basic stages of identifying, protecting, detecting, responding, and recovering. This is very broad because you can apply this to other fields. At the same time, this broad strategy can be very protective. The organizations using this will not only have procedures in place to combat cyber attacks, but hopefully be prepared before they even attack. The goal of cybersecurity, in my mind, is to never have to worry about the outside threats because you’re already prepared for them. In my future workplace, I would use a framework similar to this from an outside appearance because it covers the basic needs of cybersecurity. I would like to have the preparation be more intense than the response, but you have to always have the mindset that there will be more attacks that you weren’t prepared for. It is hard for a generic company to predict what attackers could do because they are more focused on their business. Ideally, there would be enough funding to have at least two people practicing attacks like someone on Red or Blue teams would.

Q: You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

A: I think that there are a many important things that can be used for the protection of a company’s systems. Implementing firewalls, antivirus software, and encrypting the company’s data are prime examples of safety precautions companies are able to take in order to protect their information. Another important step to take would be making sure every person in the company that has access to the company’s servers and information is briefed and trained on how to better protect the company and their own information from outside threats. If the company properly trains the workers, then they cannot be held liable for their employee’s mistake. The loss of information, and the blame can go on the specific person that caused the breach, rather than having to implement company wide training. These are very important because it provides security from the general attacks such as email phishing and going on websites that could have malware. Training on security breaches should be updated often to reinforce the importance of protecting the company’s assets. Another thing to help with protection would be restrictions on what websites someone can visit when connected to the company network, or if they are on a device with company property/information. The goal of a company’s CISO isn’t just to protect the company, but prevent a worker from creating a security breach as well. Safety is the number one goal, but the workers need to understand how valuable data is and how they might have to sacrifice some websites in order to achieve that goal.

Q: How has cyber technology created opportunities for workplace deviance?

A: Cyber Technology has created a large opportunity for workplace deviance. The access to a company’s most valuable assets, trade secrets, and customer data is at the fingertips of most cyber workers. The responsibility that comes with a job in the cyber field is extremely important. A single incorrect input on a keyboard could delete or expose a corporation’s valuable information. Hiring interns is a very serious process in order to protect the company’s assets. Disgruntled employees are a major vulnerability because they could easily choose to open a company up to outside viruses, or even shut down security measures already in place. Whether it is in spite of the company or in their own self interest, disgruntled employees are a major liability even if they have already been fired. They could have stolen data from the institution prior to being let go, and sell it to someone or hold it for ransom.

Looking at deviance from a different point of view than theft would be wasting company time on personal devices or websites not appropriate for work.  The age of social media has shortened the attention spans of the average person, meaning people would be looking for things to do when they get bored at work. Using company wife on a personal device can leave the company vulnerable to viruses from unsecure websites. Even if there is no intentional harm created, said person would still be liable for the breach. It shows how serious the security has become with so many threats trying to cripple institutions.

Q: How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p217) and networking of the material world?

A: When it comes to regulating markets, businesses, groups, and individuals at the same, it has to be done carefully. When things of such different variety are all involved, a single set of regulations would be very difficult. You would have to make the regulations so broad that each one of the mentioned sections would need to function at their maximum capability, while not interfering with each other. I think it would help all of those sections if there wasn’t a single baseline set of regulations, or at least not only that. There would need to be specific rules and regulations bases on each sector, as it could cause certain sectors to suffer aa a cost of others flourishing. A single baseline set of regulations for all of the sectors wouldn’t be a bad thing, but there would need to be specific rules for each sector that go along with that.  With the new generation of ICT’s coming into the physical world, it emphasizes the importance of these regulations to be in place. The difficult part is finding the middle ground. Having regulations that are too strict can scare people away from certain sectors. They need to have enough of a grip to prevent certain sectors from challenging the norm too much, but they also have to be loose enough to encourage innovation in the market. It is always a very tough question when having to find the middle ground is the goal. It could be much further from one side than the other, but the answer is only ever discovered through experimentation or trial and error.