ISE_690_Research Assessment Consulting Problem Three_Olaolu_Abayomi
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
690
Subject
Industrial Engineering
Date
Dec 6, 2023
Type
docx
Pages
4
Uploaded by KidCaribou1455
ISE 690
Research Assessment Consulting Problem Three Worksheet
Use this template to complete the Research Assessment Consulting Problem Three Worksheet assignment. Be sure to review the Research Assessment Consulting Problem Three Guidelines and Rubric
document as needed. Both documents are linked in the worksheet assignment in Module Six of your course.
Remember that at least one of the three sources should be accessed through Shapiro Library. Add space to the worksheet as needed.
Source One
Accessed through Shapiro Library? (Yes or No) __Yes____
Content category (IVA/GDPR or Tabletop exercises) _____Tabletop Exercise (IVA)____________
Citation in APA style: Yes
Ottis, R. (2014). Light Weight Tabletop Exercise for Cybersecurity Education. Journal of Homeland Security & Emergency Management, 11(4), 579-592.
https://eds-s-ebscohost-com.ezproxy.snhu.edu/eds/pdfviewer/pdfviewer?vid=5&sid=c4849dd9-b72f-
4c2f-9eba-4b4db578336a%40redis
Description of source contents:
This paper is focused on how to conduct a scenario-based tabletop exercise where data security practitioners participates in, and role plays how to manage security incidents, identify failure points within an organization information system and close-up same, Share information and work as a team with proper understanding of their individual roles and responsibilities, while applying information security best practices. This paper reflects the important role that gaming plays in cyber security education and incident response preparedness.
Evaluation of trustworthiness/reliability:
What/who is the source? How was it found and accessed? What do you know about the source (scope of content, reliability, influence, reputation, etc.)?
This paper was sourced from Shapiro library and was featured in the Journal of Homeland Security & Emergency Management, a periodic publication of Homeland Security, a United States government agency that has responsibility for national security. The author Ottis Rain is a scholar of the Center for Digital Forensics and Cyber Security, Tallinn University of Technology, Estonia. He is a researcher and An authority on National Security.
1
Assessment of use:
How can you use the source content in Milestone Three (and the corresponding component of the Final Project)? What aspects of the content are most relevant?
This paper would be most useful in the development of a tabletop training exercise for Incident responders at Callego, it would aid the demonstrating of an attack scenario inspired by real-life experiences, which enables the Incident Responders at Callego to rehearse and implement what their incident response actions, and attack counter measures would be in the event of an attack. This would avail Callego the opportunity to test the resilience and reliability of its security architecture, it would help it identify deficiencies in its response procedures, and reveal other hidden system weaknesses, positioning the organization to timely close-up all its identified gaps.
Source Two
Accessed through Shapiro Library? (Yes or No) ___No___
Content category (IVA/GDPR or Tabletop exercises) ______IVA___________
Citation in APA style: Yes
Lynskey, D. (2019). Alexa, are you Invading my Privacy? – The Dark Side of Our Voice Assistants. https://www.theguardian.com/technology/2019/oct/09/alexa-are-you-invading-my-privacy-the-dark-
side-of-our-voice-assistants
Description of source contents:
This article reviewed how Intelligent Virtual Assistants works, and the artificial intelligence that enables it. It specified how machine learning occurs through pattern recognition, self-learning, and past experience, and how IVAs makes its decisions. It highlighted the numerous advantages derivable from the use of IVAs and the risk surrounding its usage. It discussed privacy and other security related issues concerning Intelligent Virtual Assistants from the technology user’s viewpoint and recommends the security measures that can be built into and around IVAs.
Evaluation of trustworthiness/reliability:
What/who is the source? How was it found and accessed? What do you know about the source (scope of content, reliability, influence, reputation, etc.)?
This article was featured in the widely read “The Guardian”, it was written by Dorian Lynskey, the author of the famous “33 Revolutions Per Minute”. Dorian is a regular columnist in The Guardian, The Observer, The New Statesman and BBC Culture. Dorian has over 20 years’ publication experience.
2
Assessment of use:
How can you use the source content in Milestone Three (and the corresponding component of the Final Project)? What aspects of the content are most relevant?
This article would be very relevant in addressing Milestone Three consulting problem, Building Incident Management Capability with a Tabletop Simulation Exercise. It would help us identify the attack surface of the newly developed Callego Intelligent Virtual Assistants (IVAs) and enable us to address the security related issues of the IVA. It would help us incorporate the recommendations of the General Data Protection Regulation (GDPR), thereby helping Callego as an organization to comply with industry and institutional standards.
Source Three
Accessed through Shapiro Library? (Yes or No) __No____
Content category (IVA/GDPR or Tabletop exercises) _______Tabletop Exercise__________
Citation in APA style: Yes
Walkowski, D. (2021). MITRE ATT&CK: What It Is, How it Works, Who Uses It and Why?
https://www.f5.com/labs/learning-center/mitre-attack-what-it-is-how-it-works-who-uses-it-and-why
Description of source contents:
This resource explains the various malicious behaviors that advanced persistent threat (APT) groups have
employed in real life attacks, which is simply captured in the ATT&CK acronym, Adversarial Tactics, Techniques, and Common Knowledge. Tactics
speak to the strategy that an attacker intends to deploy in achieve his objective like gaining unauthorized access, establishing command and control or denial of service. Technique
describes the method they employed in achieving their objective like phishing. Procedure
explains the series of actions performed by attackers, all directed towards the realization of their attack objective like the use of malware, data corruption, service denial among others. This paper enables organizations to gain insight into attackers behavior, making Callego to see where there is a need
to improve its own defense.
Evaluation of trustworthiness/reliability:
What/who is the source? How was it found and accessed? What do you know about the source (scope of content, reliability, influence, reputation, etc.)?
This article is a publication of F5 Labs, a reputable organization specialized in threat intelligence and threat analysis. The author Debbie Walkowski is a Security Threat Researcher with over 20 years industry
experience, she’s an authority in threat related issues and has written many reports on Application 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Threat Intelligence. She’s a graduate of the University of Washington with a specialization in computer science. She has authored 18 technology books, among which is Vulnerabilities, Exploits, and Malware Driving Attack.
Assessment of use:
How can you use the source content in Milestone Three (and the corresponding component of the Final Project)? What aspects of the content are most relevant?
This paper would be useful in the development of a simulation exercise that brings awareness to Callego’s incident responders on the various malicious behaviors that attackers exhibit, which would make them have a good understanding of common tactics, techniques, and procedures that attackers often employ. It would enable them to identify system deficiencies within their organization and remediate them. This would boost their preparation effort in developing strong counter-attack actions. It
would save Callego its well-built reputation and lots of business funds that would have been lost in the event of an attack.
4