CCJS 421
pdf
keyboard_arrow_up
School
University of Maryland, College Park *
*We aren’t endorsed by this school
Course
421
Subject
Information Systems
Date
Feb 20, 2024
Type
Pages
3
Uploaded by AmbassadorElement10594
Cybersecurity Defined and Key Concepts
In this Informational brief, I will be explaining what cybersecurity is, what the field entails, and
some of its key concepts. This brief will also acquaint you with threats that are currently facing
our infrastructure and the legalities associated with the protection of our enterprise.
Cybersecurity is the protection of networks, electronic devices, programs, and systems against
unauthorized access and unlawful attacks. It is based upon the CIA (Confidentiality, Integrity,
and Availability) triad, which is a fundamental baseline that guides a company or organization on
how to address security concerns (Fortinet, n.d.). Confidentiality ensures that data is kept
private and prevents the sharing of unauthorized access, whether it is intentional or by accident.
An element of maintaining confidentiality consists of granting necessary privileges to those with
access. Integrity makes sure that all data is free from tampering and kept authentic for the
recipient. Last, Availability makes sure that all systems and networks are functioning correctly
and readily available for authorized entities (Fortinet, n.d.).
Key Concepts within Cybersecurity
There are 5 key concepts that encompass cybersecurity. Each plays a part in creating an
effective strategy for protection digital assets:
•
Information Security: implements methods to protect the unauthorized use of data and
sensitive information.
•
Intrusion detection and Prevention: the process of continually monitoring system logs
and networks in real time to detect intrusions and unauthorized access.
•
Incident Response: is the after response to cybersecurity threat that include restoring
operations and understanding the events to prevent reoccurrence.
•
Threat Identification: is the identification of threats and malware.
•
Disaster Recovery: Aids in business continuity and assists with rebuilding a company’s
defense after an attack/intrusion took place (KnowledgeHut, n.d.).
Significant Threats to Data and Root Causes
As our internet usage and connections between IoTs expand, there will always be a threat
against our data and security. Cybercriminals will consistently be on the prowl to exploit
vulnerabilities, garnish data, and disrupt networks or systems. Not only do they pose a real
danger to our enterprise, but they differ in terms of their origins, techniques, tactics, and
procedures. Some sources of cybercrimes can be influenced by terrorist organizations, criminal
groups, nation states, and even abused by internal employees who have access to company
assets (Imperva, n.d.). To protect our infrastructure and data, we must place an importance on
Risk Management.
Importance of the Risk Management Framework
Risk Management in Cybersecurity is the process of identifying digital assets,
implementing solutions to mitigate discovered risks, and reviewing security measures. Risk
Management plays a strategic role in the protection of our infrastructure and data by handling
critical threats in a timely manner (Imperva, n.d.). There are four quadrants to the Risk
Management Framework:
•
Identifying the Risk: involves evaluating the companies environment for potential risk.
•
Assessing the Risk: found risks will be analyzed to understand their impact to the
company.
•
Controlling the Risk: involves procedures, technologies, and techniques that can aid in
mitigating the risks.
•
Reviewing Controls: involves continuous evaluation and adjustment of mitigation
techniques (Imperva, n.d.).
Recommended Best Practices for Protection of IT Assets
In addition to having the strategies above mentioned in place, there are various security
practices to incorporate that would aid in the protection of our IT assets. Since Employees and
C-Suite Executives can be susceptible to attacks, training them on security awareness would
prove to be a valuable investment. This would go into topics such as how to practice safe
internet usage on company or personal devices, device security, how to recognize phishing
emails, different kinds of cyber-attacks, password management, social engineering, and who to
report their suspicions to. Regardless of the size of a company, employees will always be a
prime target for cybercriminals. They can also be crafty and tailor their attacks to specific roles
within the organization. For a C-Suite Exec, they are just as vulnerable to attacks because their
position within their company gives them elevated privileged access (Oh, 2022). As a high-risk
target, cybercriminals can deploy a sophisticated attack, called Whaling. If successful, they can
gain access to their emails and under impersonation illicit payments from internal sources or
accounts team (Oh, 2022). Each mentioned would help with maximizing our efforts to harden
our security posture in hopes of staying vigilant on probable attacks.
Falling Victim to A Cyber Crime Incident
If our organization fell victim to a cybercrime or security incident, we will respond by immediately
investigating the incident and notifying the appropriate entities of the incident. Communication
would be important in this step because of how detrimental a security incident is. It can lead to
reputational damages to the company, potential lawsuits, and financial losses. Every second
would count, and the exposure of sensitive data can pose a risk to our consumers as well
(Gontovnikas, 2020.). Another critical step is to consult with legal counsel because of the
exposure of personal information and notify users within a 72-hour window. If this isn’t followed
through, then the company can face hefty fines.
Incident Response and Evidence Collection
The Incident Team would be the entity that would evaluate evidence, contain to stop further
damage, and determine the scope of the incident. The evidence gathered from this incident will
range from error messages, log files, data from intrusion detection systems, monitoring tools,
and firewalls (Borkar, 2022). Once all is gathered, it can be sifted through to find the severity of
the incident and collected as evidence if the incident reaches a court of law. There are six steps
to an incident response:
•
Preparation Phase: which develops an outlook on policies to implement in case of an
incident.
•
Identification Phase: this outlines the criteria to gather events and evidence from
monitoring tools, error messages, firewalls, and intrusion detection systems.
•
Containment Phase: isolates an incident to prevent the threat from further damages.
•
Eradication Phase: Once the threat is contained, systems need to be restored to their
initial state before the incident (Borkar, 2022).
If the Incident Response Team determines that Law Enforcement would need to be contacted,
their role would involve accessing crucial information given by the IR team and organization,
working with domestic and international law enforcement to locate the offenders. They would
also assist in how to communicate the incident to the public, customers, and workforce (Secret
Service, n.d.).
Cyber Laws That Protect Our Organization
The Computer Fraud and Abuse act is a federal law that was enacted in 1986. The law
addresses that unauthorized access into a computer is a federal crime. This is one example of a
law that protects our organization against cyber criminals. An example of a related cybercrime
case dates to 1999. A man by the name of Kevin Mitnick was found guilty of 14 counts of wire
fraud, interception of a wore or federal computer, 8 counts of possession of accessing
unauthorized devices, and causing damages to a computer (JRank, n.d.) He was prosecuted
numerous times before for related hacking crimes, gaining access to computers without proper
authorization, and for illegally copying software from a company. This case was significant
because it was the first ever to bring international attention to computer security issues. Kevin’s
actions helped shaped the industry of cybersecurity by utilizing penetration testing
methodologies and social engineering techniques. It was understood that hacking can be used
for good against potential adversaries. The field of cybersecurity employs professional ethical
hackers in order identify vulnerabilities within a targets network, infrastructure, or system.
(JRank, n.d.).
The Budapest Convention on Cybercrime is an international agreement that was developed in
the 1990s. It served as an international treaty that provided definition to the crimes through
computer networks and on the internet (Brumfield, 2023). The treaty shared three objectives
which is to support the investigations of cybercrimes, harmonize national laws related to
cybercrimes, and increase international cooperation. Roughly 67 countries participated in the
international treaty in hopes of making it easier to exchange needed evidence pertaining to
cybercrime and quickly bring justice to those who abuser their internet privileges. The evidence
obtained would also support the expedited preservation of data too. Due to the challenges faced
by cybercriminals conducting their crimes across borders, the Budapest Convention on
Cybercrime protects our organization internationally by allowing foreign countries to cooperate
with US and allows the harmonization of laws across international borders.
Requests to Protect our Organization
To best protect our organization, I would ask that as the CSO of our company to
incorporate and be familiar with the information provided within this informational briefing.
Managing the development and implementation of security policies will benefit the security
posture of our company overall. I think it would be important to have other executives and IT
departments collaborate with providing new security initiatives relating to standards and
guidelines, assist with the development of security training for employees, and to be open to
feedback provided from us, the Security team. With the understanding that Information Security
is a new field for you, open communication between teams would be ideal in case issues may
arise or clarification may be needed. I would hope that this Information Brief provided insight
into the basics of what cybersecurity entails, the legalities surrounding the field, and the ongoing
threats that the organization faces daily.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help