CYB_250_Final_Project_Milestone

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

250

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by DrTree1894

Report
Amelia Madsen Course: CYB 250 Section: R1978 Instructor: Patrick Valentia
In today's interconnected world, cybersecurity threats are constantly evolving, posing significant risks to organizations. As a security analyst it is crucial to develop a comprehensive cyber defense strategy. This report will address three critical elements of cybersecurity to safeguard our organization against potential threats. I. Personnel or Human Factor trend Employee cybersecurity training and awareness programs play a crucial role in enhancing an organization's security posture. By educating employees about potential threats, safe practices, and the importance of security measures, organizations can reduce the likelihood of human errors that may lead to security breaches. These training programs should cover topics such as identifying phishing emails, recognizing social engineering tactics, understanding the risks associated with sharing sensitive data, and the proper use of personal devices in a corporate environment. Additionally, employees should be made aware of the importance of keeping their smart headsets and Bluetooth-connected devices secure. Employee cybersecurity training and awareness are credible solutions we can use in our company. In our situation, technicians in the field use smart headsets that communicate with the central server through their cell phones via Bluetooth. The potential threats include phishing attacks, social engineering attempts, and unauthorized access to sensitive documents stored on the server. By implementing comprehensive training programs, employees can become the first line of defense against these threats. They can recognize phishing attempts and suspicious behavior, reducing the risk of falling victim to attacks. Moreover, educated employees are more likely to follow security protocols, ensuring that their Bluetooth-connected devices are properly secured and not vulnerable to unauthorized access.
II. Data Protection Strategy or Technology Trend: Data encryption is a fundamental strategy for protecting sensitive information. It involves converting data into an unreadable format that can only be decrypted with the appropriate encryption key. In our scenario, data encryption should be applied to all documents stored on the central server, especially those projected onto the optical screen of the smart headsets. Encryption ensures that even if unauthorized access to the server occurs, the data remains protected and unintelligible to attackers. This safeguards product schematics, invoices, emails, text messages, and other documents from being exposed in the event of a breach. Data encryption is a credible solution we can use in our company. The threat of unauthorized access to sensitive documents on the server is a significant concern. If these documents were to fall into the wrong hands, it could lead to intellectual property theft, financial losses, and reputational damage. By implementing strong encryption protocols, we can ensure that even if an attacker gains access to the server, the data remains secure and inaccessible without the encryption keys. This strategy provides a critical layer of protection, mitigating the risks associated with data breaches. III. System Protection Trend: Endpoint/server protection technologies encompass a range of solutions designed to secure devices (endpoints) and servers from various threats, including malware, ransomware, and unauthorized access. In our company, these technologies would be applied to both the smart headsets used by technicians in the field and the central server in the company's central office. These protection technologies include antivirus software, intrusion detection systems, firewall solutions, and regular software patching. They are essential to prevent malware from
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
compromising devices and servers, ensuring that the connection between the smart headsets and the server remains secure. Endpoint/server protection technologies are credible solutions we can use in our company. The constant communication between the smart headsets and the central server through Bluetooth connections poses a potential vulnerability. Malicious software or unauthorized access could compromise the integrity of this communication. By implementing robust endpoint/server protection technologies, we can actively monitor and defend against threats. Antivirus software can detect and remove malware, intrusion detection systems can alert us to suspicious activities, and firewalls can control traffic to and from the server. Regular software patching ensures that known vulnerabilities are addressed promptly, reducing the attack surface. In conclusion, employee cybersecurity training and awareness, data encryption, and endpoint/server protection technologies if well implemented would collectively form a strong cybersecurity defense for our manufacturing company's situation. These measures provide protection against various threats, safeguarding the smart headsets, the central server, and the sensitive data they handle. By implementing these strategies and technologies, we can enhance our organization's security posture and mitigate the risks associated with the constant communication between our smart headsets and the central server.
References Center for Internet Security. (n.d.). Southern New Hampshire University. https://snhu- media.snhu.edu/files/course_repository/undergraduate/cyb/cyb250/cis_controls_v7.pdf Human error is to blame for most breaches . Tech News. (2016, June 6). https://technews.tmcnet.com/cybersecuritytrend/topics/cyber-security/articles/421821-human-error- to-blame-most-breaches.htm The human factor in IT security: How employees are making businesses vulnerable from within . Daily English Global blogkasperskycom. (n.d.). https://www.kaspersky.com/blog/the-human-factor-in-it- security/ Lucas, J., & Moeller, B. (2004). The Effective Incident Response Team . Addison-Wesley. October 8, 2023, https://learning.oreilly.com/library/view/effective-incident-response/0201761750/? sso_link=yes&sso_link_from=SNHU Shostack, A. (2014). Threat modeling designing for security . Wiley. October 8, 2023, https://learning.oreilly.com/library/view/threat-modeling-designing/9781118810057/? sso_link=yes&sso_link_from=SNHU Thompson, E. C. (2018). Cybersecurity incident response: How to contain, eradicate, and recover from incidents . Apress. October 8, 2023, https://learning.oreilly.com/library/view/cybersecurity-incident- response/9781484238707/?sso_link=yes&sso_link_from=SNHU Wu, C.-H. (JOHN)., & Irwin, J. D. (2017). Introduction to computer networks and cybersecurity . ROUTLEDGE. October 8, 2023, https://learning.oreilly.com/library/view/introduction-to- computer/9781466572133/?sso_link=yes&sso_link_from=SNHU