1 – 9 Discussion Questions, Two Paragraph Only To Each Response.

 I need two paragraph sentences each for the below response to another student.

1. Cybersecurity Countermeasures

When it comes to establishing security for information systems the best method of defense is putting in place proper counter measures.  With proper counter measures in place threats to a system can be prevented in the first place.  If a threat is indeed able to make it through the initial security measures then proper counter measures will also help to ensure the threat can be resolved quickly.  Below I will outline some counter measures that I feel are important when it comes to cybersecurity.

The first and most important countermeasure in my mind is proper patching of systems.  Software companies are also checking and rechecking their systems for potential exploits.  When these exploits are discovered patches are created to remove the security gap created by those exploits.  By implementing patches quickly and efficiently that will create a proper first countermeasure.  The next best countermeasure is data encryption.  By encrypting sensitive data a company can ensure that even if that data were to somehow fall into the wrong hands it could not be read by the thieves.  A final countermeasure to ensure system security is having strong password policy.  This would involve forcing user to change passwords often to new and unique passwords.  This would help to ensure that should user credentials somehow be compromised system policies would ensure those passwords change hopefully often enough to prevent their use by nefarious groups.

Once countermeasures are in place it is up to security personnel to ensure these policies are followed.  This includes proper education for employees to make sure they understand the important of these countermeasures.  In addition it is up to security employees to make sure the guidelines are being followed such as good password policy and good patching schedules.  The best thing a company can do is try to prevent a threat.  Once the a threat breaches company systems it can become very difficult and very costly to rectify.

1. Response:

2. Context, Scope, and Feasibility

Good evening Professor and class,

Context is the principal way of finding specific solutions. Organizations must decide the various elements whether specialized as well as financial and how those elements will affect the organization’s security. The scope is the process that decides which functions and features will be secured. It will also spell out detailing responsibilities to who holds specific security functions in the security plan. The purposes are to determine the scheme’s economic benefits, do the requirements meet specific security standards, and if there are any technical issues that could delay or stop the plan. An example of a security solutions development process would be an organization that is determining to design and develop a brand-new system or even upgrades to their own system. A case of a security arrangements improvement process is an association that is deciding to structure and build up another framework or overhaul their present framework. The procedure will show the financial, technical, and specifics of how the organization will have the option to settle on the advancement of the new systems, upgrade their current system, or keep using their existing system with no changes.

 

2. Response:

3. Replace with your salutation and short title

Good Evening class,

The CIO is the key to any successful Information security. They are required to know what is going on throughout the system and the company. Always growing as the company grows and making things run more smoothly for the shareholders.

The three key elements I believe are keys for a CIO are ensuring all systems are up to date. This I believe is the most important task. Majority of security risk and problems that occur are do to systems not having the most up to date programs and implementations. The second I believe is important for the CIO to ensure is policies and procedures are known and implemented. This is difficult because all must be on the same page without confusion. The third task a CIO should be considerate about is credentials should be checked frequently and up to date to ensure know one is not where they should be.

The CIO takes many roles and one that should never be over looked is the communication between the CIO and the financial department should always be fluent. Having more conversation of what the financial aspect looks like will show where money can be used and what is feasible.

3. Response:

4. Data security

Hello Class

Data security get commonly termed as availability, confidentiality, and integrity. It is the policies and practices of ensuring data is not getting accessed or used by unauthorized parties or individuals. It ensures data is safe, reliable and accurate plus available while authorized access requires it. There are several most relevant factors which ensure the confidentiality and integrity of data assets. The factors are; ensuring account monitoring and control, managing patches and lastly scanning for vulnerabilities (Benjelloun & Lahcen, 2019).

Account monitoring and control ensure keeping track of who is accessing the data. However, it is a common aspect of data security policies. The security policy then should designate a few and specific IT members to control and monitor user accounts properly. It prevents illegal activity from happening. Another policy is managing patches. In ensuring protection against threats, implementation of a policy on the way to manage patches is a major consideration. Scanning for vulnerabilities is an important policy and ensures finding vulnerabilities of the data before hackers do. However, a company must advance a routine of checking its networks regularly. The rationale behind choosing the factors discussed is because hackers and other outside threats to organizations’ data attack the weakest points plus the sectors that get forgotten easily by security departments. For example, IT members forget to scan for data vulnerabilities of the company, which therefore becomes the stronghold of attackers.

4. Response:

5. Crisis management operations

Hello Class

Crisis management is defined as a series of steps performed by an organization to deal with a catastrophic event. A crisis disrupts business operations, threatens to harm people, damages your reputation, and negatively impacts your finances. Crisis management planning begins long before an issue arises. Companies can be tempted in putting off risk management when things are going well. However, inadequate preparation can have serious operational, legal, and public relations consequences. Unprepared stakeholders are more likely to make poor decisions and failing to prepare may increase recovery time.

In the current business world that we live in, anything that could negatively influence a company reputation or bottom line constitutes a crisis. Some worst-case scenarios include product recalls, stolen data, false accusations, or the loss of a key higher-up. Any of these situations could prove to be catastrophic or even fatal to your company name and/or earnings. Some emergencies, like natural disasters, terrorist attacks or a global financial crisis, are unavoidable and probably won’t damage your brand’s reputation if properly handled. Preventable crises that result from an oversight or a poor decision, however, could drag your name through the mud. For that reason, it’s imperative to formulate a crisis response strategy should the need ever arise.

5. Response:

6. Benefits derived from designing an effectrive training and awareness program

Hello everyone,

 

Information is only as valuable as it accuracy. Once information is compromised, it loses it’s value.  The largest risk to information security is the human factor.  A recent study shows that 80% of data beaches are caused by employee negligence.  A training and awareness program is beneficial to addressing and mitigating the risk factors.

There are several reasons a training awareness program is beneficial.  Training reduces errors.If a program explains the dangers of opening suspicious emails, and the effect phishing can have on an organization, employees are more likely to report suspicious activity.  Training increases security. An awareness program a company becomes less vulnerable.  Employees will more than likely create stronger passwords and report any unusual activity to their supervisor. last but  not least, training and awareness saves the company time and money.  It can take seven months or more to identify and recover from a successful cyber-attack.

The most important benefit is ,time and money.  Loss of revenue could cause a business to fold.  With that said, if a business folds due to a data breach, employees will lose their jobs.

6. Response:

7. Importance of Security Policies

Good Afternoon Professor and Class,

Acceptable use policies, remote access policies, and network security control policies are essential. Organizations need these policies to protect their resources. These policies establish and enforce well-defined rules controlling computer and network usage. They maintain the security of the network and prevent users from misusing their system. This reduces the risk of exposing the organization and the entire network to attacks.

I believe developing an acceptable use policy (AUP) is an efficient way to manage network security. AUP’s are established to outline the proper use of the network for various types of users (end-users, administrators, and outsiders). AUPs are useful for several reasons. They stipulate to employees they have no right to expectations of privacy when using business computers, email systems, and internet connections. Employees are required to sign an AUP acknowledging their understanding of it. In the event of misconduct by an employee it serves as a liability shield for the organization. It also serves as a legally sanctioned basis for disciplinary actions, including termination.

7: Response:

8.  Physical Security

Class

Physical security is the area of security devoted to the protection of the physical space and the physical entities within it.  Activities to ensure physical security plans are adequate must begin with the design of any facility, installation, or mission. Including physical security measures in the design, phase is critical to the protection of mission capabilities and is essential for an effective physical security program. Physical security planning also includes the creation of written plans, such as the Physical Security Plan, Standard Operating Procedures, and Post Orders. Other activities are to have employee training and upper management involvement, secure the building from outside in, robust access control, annual physical security assessments, creating an emergency plan, and establishing and enforcing strong policies.

The main priority is to protect the safety of the employees and the facility.  This will require continual diligence and willingness to prepare for the worst.  Being prepared and following best practices is the best way to prevent a tragedy before it occurs.

Measures to evaluate installed physical security is to have a user try to log into a workstation without the proper PIV card.  Checking every fire extinguisher to ensure they have been serviced and up to date.  Assessing windows for cracks, and ensure locked doors are locked can also prevent unauthorized users from gaining entry.

Stan T.

8. Response:

9. Good evening Dr. G and class. Pentagon cybersecurity boost

Good even Dr. G and class,

The article describes how the Pentagon is trying to fix all of the holes that they have when it comes to cybersecurity.  Defense contractors have described being attacked by foreign countries that have been trying to steal their information and secrets. The Pentagon has put in place a program that will make defense contractors address any vulnerability that they have so that they can avert being hacked and information getting into the wrong hands. If they don’t address then they will start to shut down equipment.

This is an especially important approach that the Pentagon is taking.  Having vulnerability in the defense sector should be the last thing especially when the information being stolen is weapons or layouts. Fixing these problems would make the country safer and keep us ahead when it comes to advancement in weaponry.  If these vulnerabilities aren’t fixed the one time that a hack occurs can be the most devastating one that can cause harm and even lives.  This will take time to completely finish and it will never be 100 percent but will be an improvement.

Fixing these problems will protect everyone within the companies that have contracts and the personnel abroad.  This will help keep strategic locations and the layouts from falling into enemy hands.  Also, if they aren’t able to get sensitive information then they wouldn’t have the counters to any plans or weapons that we have.  Overall the defense of all information within the defense sector is and should be the top priority.  This will save lives, intellectual technology, weapons, and layouts.

9. Response: