CYB 200 7-1 Project 3 KOCH
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Jun 22, 2024
Type
docx
Pages
4
Uploaded by CorporalGoldfish2212
7-1 Project Three: Technical Brief
Scenario One
James Koch
February 18, 2023
CYB 200 Cybersecurity Foundations
Instructor: Jillian Seabrook
Introduction
For this scenario, I would identify Jan as an “insider threat”. An “Insider threat is the potential for an insider to use their authorized access or understanding of an organization to harm
that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.” (Defining Insider Threats | CISA, n.d.) I would have to come to the conclusion that Jan is gathering classified information for financial gain. With my preexisting relationship with Jan, the knowledge of her recent financial hardships, and her current unexplained financial success, it would be beneficial to look into her non-compliance of the handling of classified government information for financial gain. Jan has already been caught taking photos of classified information and releasing that information into the cloud. Analysis
For this scenario, I believe that the best practice for detecting threat actors would be to monitor employees for abnormal behavior. “In order to make employee monitoring effective, you should first establish a baseline of normal behavior – their user access level, hours usually worked, files usually opened and downloaded, etc. Then, look out for signs of abnormal behavior
such as: copying information unrelated to their jobs, initiating unauthorized file transfers, installing unauthorized applications, logging into your network at odd hours, and creating unauthorized accounts. Once an employee behaves abnormally, immediately intervene, and find out why they’re doing what they’re doing before they cause any damage.” (Bell, 2017) I also believe that being able to mitigate opportunities for malicious insiders would decrease the amount of threats. “Malicious insiders may have the motivation, but if they don’t have the opportunity, they’re less likely to harm your business.” (Bell, 2017)
There are also some ethical and legal factors that should be considered for this scenario. Having defined roles and responsibilities helps everyone know what to do when a scenario like this comes up. As an IT department as a whole, it is necessary for everyone to know what to do and what everyone else does during a security breach. Similar to having defined roles, a good incident response plan is necessary. This will detail how everyone would respond in a scenario like this arises. It would detail our immediate response and what actions would be taken after that. Lastly, dealing with encryption issues would help stop a data breach. If the US Army encrypted all their classified information, it would make it much more difficult for a scenario like
this to be successful.
The tactic that I would use in response to Jan as the threat actor would be to immediately terminate her employment and to file federal charges against her. This would include disabling all of Jan’s access points to the organization’s physical location, networks, systems, applications,
and data. Turning Jan into the appropriate legal authority would be the next step. According to 18 U.S. Code § 1924 - Unauthorized removal and retention of classified documents or material, “Whoever, being an officer, employee, contractor, or consultant of the United States, and, by virtue of his office, employment, position, or contract, becomes possessed of documents or materials containing classified information of the United States, knowingly removes such documents or materials without authority and with the intent to retain such documents or materials at an unauthorized location shall be fined under this title or imprisoned for not more than five years, or both.” (18 U.S. Code § 1924 - Unauthorized Removal and Retention of Classified Documents or Material, n.d.) I believe that there is sufficient evidence to charge Jan with this crime.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
In order to reduce the likelihood of a situation like this happening in the future, I would make sure to emphasize the consequences of breaching our information security policy. Having this policy clearly documented and accessible to our employees will ensure that there are fewer gaps for an attack and limit any misconceptions about how seriously this policy is enforced by the company. I would also make sure to continue the monthly cybersecurity awareness training.
Conclusion
There are some potential ramifications to the methods that need put in place to better the companies security practices. For the most part, I would think that our employees would understand the importance of keeping top-secret government information out of the hand of bad actors. That being said, there might be some employees that might not quite fully understand why we would impose such stringent limitations on their movements and access to protected data. Simply put, we would have to educate them on why we do what we do and if they don’t understand or refuse to comply, we would be forced to terminate their employment as the security of the information that we protect is paramount.
References
Defining Insider Threats | CISA. (n.d.). https://www.cisa.gov/defining-insider-threats
Bell, A. (2017, November 7). 5 Best Practices for Insider Threat Detection. Solid State Systems LLC. http://solidsystemsllc.com/insider-threat-detection
18 U.S. Code § 1924 - Unauthorized removal and retention of classified documents or material. (n.d.). LII / Legal Information Institute. https://www.law.cornell.edu/uscode/text/18/1924