7-1 Project Three Submission Technical Brief - Copy

pdf

School

Full Sail University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Apr 3, 2024

Type

pdf

Pages

6

Uploaded by streaming85

Report
Nickolas Cook Southern New Hampshire University CYB 200 7-1 Project three Submission: Technical Brief Mr. James Pierce February 25, 2024
Scenario You are employed in a government agency that works with the United States Army on top-secret military contracts. The company you work for is secure and practices cybersecurity awareness monthly. You arrive to work simultaneously as Jan, a work colleague you have known since college. You have known her to be a solid worker, though always down on her luck financially. Recently, you've noticed that she has begun to wear nicer clothes and expensive jewelry. You observe the standards signs detailing the no cell phone and no Internet of Things device policies as you enter work. As she cleans up her lunch area, you watch Jan putting her android tablet into her backpack on your lunch break. When you ask her about it, she says that she only uses the tablet to read the newspaper and only does so during lunch. Later that day, you enter Jan's office to ask her a question about the upcoming project, and you witness her using that same device to take a picture of a schematic for the project. When you confront her, she explains that she has fallen way behind and needs the diagram to catch up on work while at home. You mention the situation to your supervisor, which leads to a formal investigation of Jan's recent activity. It is discovered that pictures taken using her tablet have been uploaded to cloud storage. A. Identify your threat actors and characterize their motivations or desired outcomes. Use research from the Project Three resource guide or decision aid to support your response. For example, is the threat actor gathering information for financial gain? In this scenario, Jan is suspicious because she did not follow security protocol. She is an employee of the United States Army and works on top-secret military contracts, even though the
company is secure and practices cybersecurity awareness monthly, Jan did not follow the policy. According to Taylor and Steele (2018), it is argued that threats may be either deliberate or accidental. Nonetheless, it should be noted that not all threats are malicious, and a multitude of unanticipated threats have the potential to cause harm, even if they are malicious (Taylor and Steele, 2018). Jan shows her irresponsibility by using her Android tablet to picture a schematic for the project. Jan may be collecting information for financial gain because she has been wearing expensive clothes and jewelry lately. Furthermore, I can describe Jan as an insider theft because of her insider information and knowledge. It is possible that she possesses sophisticated skills and is motivated by financial gain (as a member of organized crime); however, it is uncertain for how long she has been engaged in this activity and what her true motive is. B. Describe ethical and legal factors that should be considered and their significance in the company you are employed in. Use research from the Project Three resource guide or decision aid to support your response. Legal standards are outlined in government laws based on written law, while cyber-ethics is what separates security personnel from hackers ( Yang and Bhunia, 2021 ). It is the ability to understand right and wrong and adhere to ethical principles while on the job. Jan must have a strong sense of ethics and respect for privacy when working on confidential military contracts. An organization's human resources department is usually responsible for implementing proper employee background checks, especially for individuals accessing sensitive data (Taylor and Steele, 2018). Before hiring Jan, the organization conducted a background check and provided her with detailed training. According to Taylor and Steele (2018), granting trust involves a significant
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
amount of responsibility and obligation towards individuals, particularly when access to sensitive personal information or an area is granted to maintain the confidentiality of the organization. C. Describe at least one crucial tactic or method in responding to and countering this threat actor. Use research from the Project Three resource guide or decision aid to support your Response. CISA exploits company vulnerabilities (CISA, n.d.). Jan can be desperate for money or work for someone else. Users with access to sensitive data or networks can inflict extensive damage through privileged misuse and malicious intent. In order to avoid insider actors, we should keep an eye out for suspicious employees and monitor data and network access for every device and user. Lowering thresholds will ensure that we can identify an issue immediately and help protect against further attacks or victims. Furthermore, non-compliance at the workplace may contribute to administrative difficulties. In order to avoid insider actors, we should keep an eye out for suspicious employees and monitor data and network access for every device and user. The reduction of thresholds will ensure that we can promptly identify an issue and safeguard against any future attacks or victims (CISA, n.d.). Furthermore, non-compliance at the workplace may contribute to administrative difficulties. D. Describe at least one tactic or method that would be employed to reduce the likelihood of the same situation happening again. Use research from the Project Three resource guide or decision aid to support your response. One strategy would be to develop plans to restore computer and network resources quickly and obtain evidence to prosecute offenders. It is important to identify the risks associated with mobile workers and personally owned devices (Taylor and Steele, 2018) All employees are required to
follow the policy and leave their personal devices in the car. If the United States Army organization had a firm policy regarding individual devices, Jan would not be able to take pictures, and the accident would not happen. Candidates for eavesdropping include satellite, wireless, mobile, and other transmission methods. Conclusion Explain the potential ramifications of the tactics or methods you have suggested. Use research from the resource guide or decision aid to support your response. When it comes to these threats and numerous others, it is imperative that we as an organization recognize that human factors are not always considered risk factors. It would be prudent to establish a more comprehensive schedule for the auditing and cross-checking of physical access controls to ensure their proper functioning and utilization. Some possible ramifications are that all employees should take additional security measures on the computer, workspace, common areas, and unauthorized critical spaces. By agreeing on and using these methods and necessary tactics, we have a better chance of reducing risk, breaches, and other problematic circumstances for the organization (Shackelford, 2019). Log sheets with dates and times are a great way to track traffic in secured areas. Additionally, there would be a legal obligation for those who have to maintain, store, and safely keep secure regions under appropriate regulations. The auditors and the audited organization ought to collaborate towards achieving a more secure environment, as stated by Taylor and Steele, (2018). Avoiding attacks should be the highest priority. Our response to attacks should be as aggressive, proactive, and reactive as the attack itself (Taylor and Steele, 2018).
References CISA, (n.d.). http://www.cisa.gov/shields-up Shackelford, S. J. (2019). Should Cybersecurity Be a Human Right? Exploring the “Shared Responsibility” of Cyber Peace. Stanford Journal of International Law , 55 (2), 155 184 Taylor, B., & Steele, J. (2018). Developing a Cybersecurity Management Program. Benefits Quarterly , 34 , 21 26.. Yang, S., Paul, S. D., & Bhunia, S. (2021). Hands-On Learning of Hardware and Systems Security. Advances in Engineering Education , 9 (2).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Case Study- (Layout and Creation).docx
Case Study 5- Data Curation Project.docx
Lab2_VPC.docx
Project Charter.docx
LabAssignment6FULLUltimateKaliLinux.docx
FS_9002_L10_QuestionedDoc.docx
Q2pt1.pdf
Data_Dictionary_for_Excel_data.doc: 202410-Spring 2024-RSCH-4101-090-Research Methods.pdf
Lohff Assignment 8a.docx
Module 08 - PART 2 Course-Long Project-Project.docx
M12 StudyGuide F23.pdf
OS_Comparisons.docx