Understanding Cyber Security in Management
Write a Cybersecurity Background Summary
In Step 1, you familiarized yourself with your assigned organization.
Now, it is time to write a cybersecurity overview. Write a three-page background summary that includes a general overview of cybersecurity and a section on enterprise cybersecurity. Include the following items in the general overview of cybersecurity:
- Compare and contrast cybersecurity and computer security.
- Discuss data flows across networks. As part of this discussion it may help to review the following topics: binary digits, nontextual data ASCII hexadecimal computer networks network devices and cables and network protocols.
- Discuss basic cybersecurity concepts and vulnerabilities, including flaws that can exist in software. As part of this discussion, it may help to review the following topics: systems, utilities, and application software, software, interaction of software, and creating a program.
- Discuss common cybersecurity attacks. Helpful topics include protocols, web sessions, and security issues, servers and firewalls, a closer look at the World Wide Web and web markup language, cyberattacks, and attack vectors.
- Discuss penetration testing.
- Discuss how to employ network forensic analysis tools (NFAT) to identify software communications vulnerabilities. Include the following items in the enterprise cybersecurity section:
- List and discuss the major concepts of enterprise cybersecurity, including confidentiality, integrity, and availability (CIA)
- Discuss the principles that underlie the development of an enterprise cybersecurity policy framework and implementation plan.
- List the major types of cybersecurity threats that a modern enterprise might face.
You will attach this cybersecurity background summary to the security assessment in a later project step. Submit the cybersecurity background summary for feedback.
Step 3: Analyze Security Weaknesses
After writing the cybersecurity background summary, you are ready to analyze the security weaknesses of your assigned organization. When analyzing cybersecurity weaknesses, there are several areas to consider.
Analyze the organization’s security from the following perspectives:
- a technology perspective
- a people perspective
- a policy perspective
You will include this information in the security assessment. In the next step, you will consider risk factors.
Step 4: Compile a Risk Summary
Now that you have looked at security weaknesses, it’s time to identify areas that should be improved or strengthened, including potential risks associated with maintaining the current security posture. Discuss how you would employ network analysis tools to identify software communications vulnerabilities. Make sure to include the following information:
- Classify risks according to relevant criteria.
- Explain system and application security threats and vulnerabilities.
- Prioritize risks from internal and external sources.
- Assess the cybersecurity threats faced by your entity.You will include this information in the security assessment, which youwill compile in the next step.
Step 5: Submit a Security Weakness Assessment
From the information that you gathered in the previous steps, develop a two-page summary of your organization’s security weaknesses. Identify threats, risks, and vulnerabilities to achieve a holistic view of risk across the entity. Consider areas that should be improved from a technology perspective, a people perspective, and a policy perspective. Also note potential risks associated with maintaining the current security posture. You will reference this security assessment later when you make your business case and final recommendation. Submit the security assessment for feedback.
Step 6: Begin a Security Models Summary
Confidentiality, integrity, and availability (CIA triad), as well as authentication and nonrepudiation, are fundamental security concepts that must be considered when assessing and developing security options. Cybersecurity models have been developed to address some or all of these security concepts.
While these models were generally created to address a specific business case, each of the models has attributes that could be used to assemble a custom security plan. In order to draft a custom security plan for your organization, you will need to understand basic security models. You will identify key features, weaknesses, and targeted sectors and/or infrastructures.