Recent orders
Cybersecurity-DRBCP
D&J Services
Memo
To: Jason Savage, CEO of Advanced Research
From: CEO of D&J Services
cc: John Spoon
Date:
October 2, 2014
Re: Cybersecurity DR / BCP
As you are aware, disaster recovery plans are the crux of a business continuity plan as it provides the opportunity for you business to continue running in the face of an attack against your IT infrastructure. It is my goal to provide your company with a product that protects the company’s confidentiality and integrity while ensuring it is still available to your customers despite the presence of a threat. It is a known fact that delayed recovery time can cost companies a significant loss in revenue as the amount of downtime in any system directly affects the production rate for that company.
I have analyzed the research and reached a conclusion that I believe best fits the needs of your company as you work to secure your network against potential Stuxnet threats/attacks. Though there are various ways to halt a Stuxnet attack, I believe the method that best fits your company would be to disable the USB ports of your system. Due to the size of your company, I would further recommend using the 3rd party software developed by Lumension Device Control as this particular company limits access to the USB ports by using an access control list, maximizes confidentiality, and has a setting that allows you to authorize individual use/access in certain time frames. This method is significantly less time consuming than the others outlined in the attached briefing and so assists in your attempts to maximize efficiency while simultaneously maximizing profit.
I have attached all of my findings in the briefing slides attached for your perusal. While I am sure that you will agree with my findings based upon the evidence provided, I am more than willing to discuss my findings and answer any other questions you may have. I look forward to speaking with you further soon.
Kindest regards,
, CEO
Work cited
How can I prevent users from connecting to a USB storage device? (n.d.). Retrieved from http://support2.microsoft.com/kb/823732
Solutions. (n.d.). Retrieved from http://www.myusbonly.com/usb-security-device-control/
The Stuxnet Worm. (n.d.). Retrieved from http://www.symantex.com/en/uk.theme.jsp?themeid=stuxnet
USB storage devices: Two ways to stop the threat to network security. (n.d.). Retrieved from http://searchnetworking.techtarget.com/tip/USB-storage-devices-Two-ways-to-stop-the-threat-to-network-security
View any installed/connected USB device on your system. (n.d.). Retrieved from http://www.nirsoft.net/utils/usb_devices_view.html
Discussion entrees must be a minimum of 250 words
Discussion entrees must be a minimum of 250 words. You can write as much as you wish. You will not be able to respond to your classmates’ responses until you enter your own 250-word response. Blank first posts will result in an automatic F for that discussion board. No exceptions. I encourage you to write you discussion board post first in another document and then copy and paste it into discussion board. DO NOT attach word files or documents to the post. Only copy and paste or write up your post in the discussion board box. Then hit submit and respond to three students.
Grading responses to classmates.
If you don’t respond to a classmate as required that week, you lose a point for each missing, incomplete, or insubstantial response.
FAILURE TO PARTICIPATE IN DISCUSSION BOARD FOR MORE THAN TWO WEEKS RESULTS IN THE AUTOMATIC FAILING OF THE CLASS—NO EXCEPTIONS. (See syllabus for requirements regarding Discussion Board.)
Tell me what you think the reading is about and what you find most interesting. Do not summarize the reading.
To help you respond, consider:
What do you think is the point of the reading? In other words, what do you think the author is saying?
What ideas/themes seem important to the author? What ideas, themes, or images do you find important? (These two questions refer to two different things, so know the difference between your ideas and those of the author.)
Consider how the writer uses structure, form, language, voice, style, imagery to communicate his/her ideas.
Make sure to use quotes and examples from the readings to support your answers to the above questions.
Include passages from the reading that support your answer. Tell me why these quotes are important. Consider the language. How does the author use words? What images does the author use to communicate his or her main point? Feel free to bring in your own experience, but make sure they are relevant to the assigned reading. In other words, stay focused and don’t wander off topic. Don’t worry about getting it “right,” and feel free to discuss what you don’t understand or don’t like, but you must explain your feelings and ideas.
How I grade them:
I am looking for your thoughts and ideas about the readings; in other words, engage in critical thinking. Summary alone will lower your grade (see below). Including quotes from, and references to, the texts are expected. I’m not grading you on grammar or on whether the journals are “correct,” although excessive grammatical errors that impede understanding do hurt your grade; mostly, I am looking for an exploration of ideas.
Responding to Classmates:
You are required to respond to three classmates each week. When responding to students be respectful and helpful. It is ok for students to have different viewpoints; in fact, I welcome them! I don’t want anyone to be afraid of censorship or being penalized for unpopular or different viewpoints. However, please note the difference between the expression of an idea/view and a personal attack against a student. The first is welcome; the second is unacceptable.
How to respond: Read your classmate’s post and if you agree, explain why and build on the points made by your classmate. If you disagree, also explain why and support your claim. Also, please help your fellow classmates if they don’t seem to understand something or you don’t understand their writing. Helping students with their writing, grammar, and self-expression is one of the benefits of discussion board. I encourage students to see themselves as my teaching assistants and I will also kindly respond confirming or correcting writing feedback. We are all in this together!
Grade breakdown:
You responded with at least 250 words or more, not a summary, and include your ideas about and analysis of the readings. You include quotes and textual references and you responded thoughtfully to three classmates with 100 words or more: Grade 100% (Full 5 points)
You have responded with 250 words but your comments tend toward summary with some good discussion of your ideas about and analysis of the readings. Or an A grade with one point deducted because only responded to two instead of three students in 100 words or more as required: Grade 80-99% (4-4.9 points)
Your comments are mostly summary, less than 250 words, with little to no discussion of your ideas about or analysis of the readings. Or an A grade with two points deducted because only responded to one instead of three students in 100 words. Or B grade and only responded to only two instead of three students: Grade 60-79% (3 points)
Your comments are significantly shorter than 250 words, mostly summary with no discussion of your ideas about or analysis of the readings. Or an A, B or C grade with one, two or three points deducted because you because you only responded to two, one, or no students: Grade 20-59% (2 to 0.5 points)
You have not submitted any comments. Grade 0% (0 points)
Cybersecurity Technology has become a fundamental part of all areas of our life, including business.
CybersecurityName:
Institutional Affiliation:
Technology has become a fundamental part of all areas of our life, including business. Companies and businesses now rely on technology in their operations to help them increase efficiency, productivity, accuracy, and to cut down costs. Instead of writing up information on thousands of sheets of paper for business records, the company can put all these in computer files that are much easier to organize and sort through. It is difficult to imagine what the world would be without computers, emails, and many other related technologies that have made life so much easier. However, with all the benefits of technology also come many dangers. Criminals and cyber attackers use malware and ransomware to attack businesses and access crucial information that is sometimes confidential and essential to smooth operations.
Cybersecurity refers to methods and activities put in place to protect computers, programs, networks, and data from access by unauthorized parties who may want to exploit them. Because storing data on the internet, computers, and computer networks are standard procedures; criminals try to access them for many reasons. These include stealing information used in other areas such as financial fraud, identity theft, and demand ransom from any damaging or incriminating information. Common types of threats to cybersecurity include malware and ransomware (Abomhara 2015). Ransomware is used to lock or encrypt a company or other entity’s data until they pay a ransom demanded by the attackers. A person, business, or company cannot access or use any of their information, and if they cannot crack the ransomware, they have to pay or have all their data destroyed. Malware includes viruses and Trojan horses that prevent the efficient functioning of systems and also provide access to data.
Cybersecurity has a significant impact on identity protection. There are four major areas of cybersecurity, which are application, network, and information security, and the fourth is disaster recovery. Information security addresses the issue of identity protection. Identity theft has become a common issue. It a criminal act in which a fraudster gains access to personal information about a person such as their driver’s license, social security number, and passport information so that they can impersonate a person for whatever reason. Identity theft can be classified into different categories, such as social security identity theft, child identity theft, financial identity theft, medical identity theft, insurance identity theft, among others (Kuipers & Fabro 2006). These categories are based on what the stolen information will be used for. Because most of the data concerning all areas of people’s lives, including financial, medical, and other personal data can be found on computer systems, criminals try to access this information to suit their purposes. Cybersecurity helps people to protect important identity information so that no one impersonates them. On a business or company level, impostors can access systems pretending to be authorized personnel after accessing their information.
Cybersecurity affects modern management and leadership strategies. A PwC report that surveyed responses from 3000 business leaders across 81 countries found that the majority of them were ill-prepared for any type of cyber attack, which is quite alarming. The two major leadership types are transactional and transformational. Transactional leaders try to maintain the status quo, ensuring continuous running of day to day operations. Transformational leaders, on the other hand, look to the future and develop strategies to address potential issues so that the business can perform even better. Transformational kinds of leaders are the ones better suited to address issues of cybersecurity because they try to identify potential problems and prepare responses in advance (Hathaway 2012). Companies will, therefore, look to hire management with this kind of leadership style.
Cybersecurity systems are put in place to provide protection to data and systems within a business or company, and these come with advantages as well as disadvantages. Anti-virus and anti-malware systems are a necessary part of any cybersecurity system. The identify viruses and other malicious files and remove them. They work in real time to identify potential threats. The disadvantage is that updates can consume a lot of time and interfere with the normal operations of the system. Additionally, they need to be continuously updated because criminals are always working at new types of malware. They are also subject to false positives that can block and destroy legitimate files in the system. Password authentication systems are another form of protection that is widely used mainly in storing sensitive information (Cherdantseva et al. 2016). A secure password provides a reasonable measure of security, but the disadvantage is that if another person manages to crack it, the real owner will be locked out of access for a considerable time. Brute force attacks also crack passwords by using every possible combination of characters until the right one is found. Biometric systems have become more popular because they use biological information as proof of identity, which makes it difficult to infiltrate. The danger of this system is that they require expensive hardware and software, and it can compromise the biological data stored in the system.
In addressing cybersecurity, organizational leadership faces certain risks. One of these is that some cybersecurity programs may interfere with the normal working of company systems; for example, they may take significant periods of time updating and scanning systems. In addition to these, there is no way to be completely bullet-proof when it comes to cybersecurity. Measures are only put in place to improve preparedness, and companies still run the risk of getting attacked. An example of cybersecurity failures happened in 2017 to a credit-reporting agency, Equifax (Berghel 2017). Cyber attackers gained access to the financial information of millions of Americans, resulting in one of the most serious breaches in history. The main reason for the attack was the lax cybersecurity systems that the company had. For a company that holds such sensitive information for its customers, one would expect that they would invest more in their security efforts.
The hackers first gained access to the system through a customer complaint portal, from where they could access other servers because many passwords were stored in plain text. For months, the attackers kept stealing data from Equifax due to the failure to renew an encryption certificate. Based on my knowledge and information about the attack, the situation would have been avoided if the company put in place basic security measures such as segmenting systems, encrypting passwords, and renewing their encryption certificates on time. Companies that handle crucial and sensitive customer information must recognize the responsibility to protect such information to prevent identity theft and other incidents.
In conclusion, cybersecurity is an important issue with the increasing reliance on technology to manage and store data. Companies and businesses need transformational kinds of leaders who can identify potential future threats and then come up with procedures to address them before they happen. Some of the standard cybersecurity systems used include password authentications, biometric identification, and anti-virus and anti-malware systems. These provide security, but they also have some disadvantages. The breaching of Equifax’s cyber systems shows how companies must work hard to ensure they implement necessary cybersecurity measures to protect sensitive personal information. Technology has improved efficiency in the operations of businesses and companies, but they must also be aware of the threats that come with these advantages.
References
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.
Berghel, H. (2017). Equifax and the latest round of identity theft roulette. Computer, 50(12), 72-76.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & security, 56, 1-27.
Hathaway, M. E. (2012). Leadership and responsibility for cybersecurity. Georgetown Journal of International Affairs, 71-80.
Kuipers, D., & Fabro, M. (2006). Control systems cyber security: Defense in depth strategies (No. INL/EXT-06-11478). Idaho National Laboratory (INL).