CCJS 421 - Discussion 6
pdf
keyboard_arrow_up
School
University of Maryland, College Park *
*We aren’t endorsed by this school
Course
421
Subject
Information Systems
Date
Feb 20, 2024
Type
Pages
2
Uploaded by AmbassadorElement10594
Imagine you're a senior executive for a large company. You've just been put in charge of your
company's Information Security (IS) Program and told that your mandate is to prevent
cybercrime through developing sound policy. Your primary challenges are twofold: 1) You are a
transnational company and employees travel all over the globe, and 2) Your company has no
active audit program in place to quantify vulnerabilities and potential losses from attacks on
information systems. Attack them one at a time.
●
Realizing that when employees travel they are exposed to risk and possible
cyberattacks. You need to put information security protocols in place for
individuals traveling abroad; specifically what other steps will you put in place to
ensure that information (and equipment) will be secure? Will your plan vary
depending on the countries your employees visit or is it one security plan that
works for all countries visited? Why? What steps must employees take before
leaving and how will you measure that those steps have been taken?
As a senior executive, I would address the following mentioned challenges:
Transnational Company & Global Employee Travel
Since employees will be traveling globally, I would recommend these security protocols to
ensure the protection/security of company information
●
Enforcing VPN usage: A VPN (a virtual private network) establishes a secure and
encrypted for the device, which makes it harder for hackers to intercept. This would be
ideal when needing to access company information remotely.
●
Avoid Public Wi-Fi: Using public Wi-Fi should be discouraged due to the possibility of the
connection being unsecured and easily compromised. Hackers can intercept and
eavesdrop on your emails, and personal information, and steal login information. If public
Wi-Fi has to be accessed, then a VPN would be to be enforced.
●
Enable 2MFA & Password/Facial Protect Devices: 2MFA is an additional layer of security
and employees should enable this option if an account allows it. All devices
(mobile/laptop/USBs, etc.) need to be locked via password or facial recognition.
Passwords should be roughly 12 characters, complex, and changed every 3 to 6
months.
●
Avoid Suspicious Emails: Report all suspicious emails and be cautious when clicking on
links or attachments within the email.
●
Backup Data: All backed-up data should be kept on a separate device or in the cloud.
Maybe this can be done before traveling in case there is an issue with theft, loss of a
device, or unforeseen damage.
●
Be Weary of Surroundings: Employees should never let their guard down and practice
situational awareness. Maybe position themselves in an area that prevents their screen
from being seen or use a privacy screen on devices to prevent shoulder surfing.
●
Keep Software/Devices to Date: Employees should keep all software and devices up to
date. This ensures the device is protected against the latest threats and vulnerabilities
are patched.
This plan isn't limited to specific countries. It's a security plan for all employees to practice
locally and internationally.
●
Your other immediate challenge is to discuss with management the challenges
associated with quantifying vulnerabilities and potential losses from attacks on
your company's computer systems. What's involved in doing that and what are
some of the biggest challenges involved in accomplishing that kind of
assessment?
●
Quantifying vulnerabilities and potential losses from cyber attacks is a necessary task that
involves evaluating the financial impact of a threat. When quantifying vulnerabilities, there are a
few challenges to consider such as sifting through data to find indicators of risk, being unable to
calculate the risks, and ever-evolving threats (Balbix, n.d.).
What is your take on the "Why Leaders Should Care About Security" podcast you listened to
this week? Are the perspectives espoused in the podcast naïve and idealistic, or spot on?
Julia Allen is a recognized leader in the field of governance/executive outreach and a senior
researcher at CERT. She goes on to discuss why executives should be conscious about security
and have the right protocols in place. She encourged leaders to conduct risk assessments and
incorporate stragegies to mitigate those risks found. I think the perspective she shared was spot
on. She mentioned that "many organizations come to security through a compliance door; in
other words, some regulation or law is imposed upon them and they take action and tend to
approach it more like a checklist exercise: “If I pass my audit, I’ll be fine.” (Carnegie Mellon
University, n.d.). I think that it is a naive and irresponsible approach for a company or leader to
have that mindset, espcially when the companys reputation is at stake and the possible fines
that can occur from a breach.
Reference:
Equifax. (n.d.).
Traveling Employees Can Put Company Data at Risk: 14 Tips for Better
Cybersecurity for Road Warriors
. ID Watchdog by Equifax. Retrieved March 5, 2023, from
https://www.idwatchdog.com/cybersecurity-for-traveling-employees/
What is Cyber Risk Quantification?
(2022, April 13). Balbix.
https://www.balbix.com/insights/what-is-cyber-risk-quantification/
Why Leaders Should Care About Security
. (2006, October 17). Carnegie Mellon University.
Retrieved March 24, 2023, from
https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=34500
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help