Category: Cyber security

In order to build on a program – the overall requirements of that program need to be developed. Some of them will be determined this week. For example, a bank has to be compliant with, at a minimum, state and federal laws. For purposes of this program we will try to focus on the laws and standards that apply regarding cybersecurity.
Completion Instructions:
For this week, there are several sections to complete:
4) Laws, compliance and framework requirements (30% points)
Laws that apply to the organization – describe at least two laws, and how they apply to the organization (they do not have to be specifically cyber related, but try).
Compliance related standards – describe at least two compliance related standards, and how they apply to the organization (PCI DSS is one example)
Aligned Standards – As earlier determined, the bank will be aligning to NIST 800-53r5. Also add the FFIEC Cybersecurity Assessment Tool (FFIEC CAT) – describe both at a high level.
You can leverage the material you posted in this week’s DB, ensure you add to it as necessary, as more is required here than was in the DB.
5) Data Classification Levels (60% points)
Define 3-5 data classification levels. Define and provide examples.
Be sure to include employee data in the determination, as well as customer data definitions.
6) Security Awareness Program (10% points)
For the discussion board material for this week – gather the Security Awareness program information and paste it in this section.
Discuss three annual activities that should be implemented at your organization to support the security awareness program.
One of these should be annual User Security Awareness Training.  
For that section, provide a list of 8 topics/bullet points that will be in that training (Here is a starter list: Social Engineering, Insider threat, Phishing, etc.)
Submission Instructions:
Each week, more content will be added to it, you will always turn in the entire document each time. There are additional notes and comments on the template, remove them as you move through the completion of the template. For example, for the sections due this week, all of the comments, notes, and suggested text should be removed for those sections.

You are working for the Chief of Staff (CoS) for a newly elected Governor. The governor asked the CoS to research and prepare a 5- to 7-paragraph background briefing (backgrounder) that addresses the below question. The CoS will use this background briefing to prepare the Governor and his appointed cybersecurity director as they answer questions from the press and general-public.
You are not answering the questions as the governor, rather you are providing the governor the information s/he needs to answer the question.
The question: As governor, how will your administration improve cybersecurity for the state’s Critical Infrastructures?
The CoS asked you to research and prepare a draft for the background briefing. Your draft must provide enough information that the CoS and the Governor understand key terms that you use in your explanations. To that end, your draft briefing must answer the following questions:
What is meant by “cybersecurity” for critical infrastructures?” Give examples of critical infrastructure associated with a specific state.
What is meant by “Threats” (i.e. individual hackers, politically motivated hacktivists, criminal enterprises, and unfriendly “nation state” actors), countermeasures, and safeguards? Explain technical terms and examples.
What are the three most important actions that the governor’s administration should take to help improve the security of critical infrastructures in the state? (You should identify and discuss these in greater detail than your response to the first two bullet points.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

Here is the link for the article that needs to be reviewed.  https://www.raconteur.net/risk-regulation/black-hat-hackers
I have also attached the article review directions

Case Study Presentation: Cybersecurity Awareness Campaign Design (20 mins)
Scenario: With the rise of generative AI in the workplace, the potential for inadvertently
compromising sensitive information has increased. Recent internal evaluations indicate a
significant gap in employee understanding of the risks involved in using publicly accessible AI
tools with company data. 
Task: Your task is to create a security awareness campaign using Microsoft PowerPoint that
addresses this issue. 
Campaign Objectives: 
• Increase Awareness: Educate employees on the risks associated with using generative
AI tools with sensitive company data. 
• Promote Best Practices: Encourage the implementation of data sanitization
techniques before inputting any information into AI tools. 
• Cultivate a Culture of Security: Establish a workplace environment that prioritizes
data privacy and security.
Requirements: 
• Detail the content and structure of the campaign. 
• Outline communication methods and materials you would use. 
• Propose a method to ensure the effectiveness of the campaign. 
• Develop a follow-up plan to ensure ongoing compliance with security protocols.
Deliverable: 
• Develop a presentation outlining the campaign strategy to be presented to the manager. 
The presentation should be no longer than 20 minutes and should emphasize
the strategic rationale behind your decisions. o Quality of the case study is key. 

This assignment is for a course in Industrial Espionage.
Instructions
This assignment consists of two questions to test knowledge and assimilation of the course objectives.  
1. One of the most significant and common threats is the insider threat. What actions do you think are appropriate for the security of an organization regarding the insider threat?
2. Imagine you are the new CEO of a toy Research & Design Company. Your company was in the process of creating an electronic gaming toy and the final protocol plans have been developed. You are not sure what security protocols are in place. What is your approach for securing the data from an outside threat?
Technical Requirements
Your paper must be at a minimum of 2-3 pages per question for a total of 4-6 pages (the Title and Reference pages do not count towards the minimum limit).
Scholarly and credible references should be used. Please use at least 2 scholarly sources per page of content.
Type in Times New Roman, 12 point and double space.
Students will follow the current APA Style as the sole citation and reference style used in written work submitted as part of coursework. 
Do not use Wikipedia or encyclopedic-type sources. It is highly advised to utilize scholarly references such as books, peer-reviewed journals, articles, archived documents, etc.
NOTE: An excellent reference for this assignment is Wimmer, C.B. (2015). Business espionage: Risks,
threats, and countermeasures. Elsevier Science & Technology.

Detailed description of the area researched
Technology involved in the area
Future trends in the area
Example companies involved in the area
Regulatory issues surrounding the area
Global implications for the area
References (minimum of 10)

Exam Content
Imagine you oversee cybersecurity operations for a major online sales company. It’s imperative that you have the most effective cybersecurity measures available at your disposal. Resolution after an attack has occurred is not a viable solution. So, your job is to make sure an attack never occurs. Recalling the fundamental goals, benefits, challenges, and counter measures you’ve learned so far:
Create a 2- to 3-page MS-Word report for your company, detailing the following:
Identify one potential network threat to your business.
Recommend 2 controls or protocols that need to be implemented to defend against attacks and limit the risk you identified for your business.
Describe 2 purposes of the controls or protocols you recommended for your business. For each, list 1 example where these controls or protocols were used in businesses. What did they protect against?
Discuss 1 significance of using OSI, TCP/IP, and SANS 20 Controls in network protection.
Name one control and protocol you find in a security policy.
Cite any sources to support your assignment.
Format your citations according to APA guidelines.

Introduction: As wireless and mobile technologies continue to grow in presence and popularity, the world is becoming more and more connected. Unfortunately, this also means that devices and networks are becoming more and more vulnerable to outside threats. Businesses must identify and mitigate these vulnerabilities and threats in order to protect employees’ personal information and ensure the organization is secure from passive leaking of proprietary information.
In this task you will assume the role of an IT professional who is responsible for identifying wireless and mobile vulnerabilities, as outlined in the scenario below. You will then present your findings and recommend solutions to mitigate these risks and prevent future threats.
Scenario: You are a network professional on the IT team at Alliah Company, a new but fast-growing social media provider. One year ago, Alliah launched a social media website aimed at young professionals. The company also released a mobile app for accessing the site from cellular devices. Alliah was able to launch its website with money generated by a crowd-funded campaign, but most of the funds were spent on the site and app development, with relatively little money (and time) devoted to the internal office network infrastructure.
Alliah has 35 full-time employees, all of whom have offices or shared work spaces in a three-story building that serves as the company headquarters. The building is an old warehouse that was converted for office use and is approximately 10,000 square feet. Currently, the employees occupy only two floors; the third floor is vacant and available for expansion.
The Alliah WLAN has a gigabit managed switch, a multiservice wireless LAN controller, and seven wireless access points strategically located to provide coverage to office staff. One access point services a large back patio area for employee use. The network is protected by a firewall. The Alliah website servers are located in a data center 100 miles from Alliah headquarters.
Five employees are account representatives who are on the road at least 80 percent of the time, and each rep has a company-issued laptop, tablet, and smartphone. They use a large, shared office in the headquarters building when they are not traveling.
Employees use company-owned computers that connect to the WLAN, and, in an effort to control costs during the launch, Alliah has a bring your own device (BYOD) policy.
The IT staff consists of five employees; three are devoted to website maintenance, one manages the headquarters’ computers and network, and another employee assists with the website and the office network. IT staff uses wired Ethernet connections to remotely access the website servers.
The Alliah website is successful, attracting more and more visitors each month. Jennifer, the CEO, anticipates hiring more employees and is considering a strategy that would take the company public within a few years. In preparation, she wants to ensure that Alliah’s wireless networking infrastructure is highly secure, especially because it may need to grow quickly in a short period of time, and she wants to understand the security risks the company faces. She also wants to decide if Alliah should continue allowing BYOD or restrict network access to company-owned devices only, or if a compromise solution is available.
Requirements: Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
A.  Describe two WLAN vulnerabilities that present risks for Alliah, based on the details in the scenario.
B.  Describe two mobile vulnerabilities that present risks for Alliah, based on the details in the scenario.
C.  Summarize the steps for mitigating each  identified WLAN and mobile vulnerability, including the specific tools or documentation that will be needed for mitigation.
D.  Recommend preventive measures to maintain the security posture of WLAN and mobile environments in a small business, such as Alliah. Reference federal, state, or industry regulations that justify these measures.
E.  Recommend a solution for the company’s BYOD approach, including research to justify your recommendation.
F.  Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
G.  Demonstrate professional communication in the content and presentation of your submission.
Help:  Task 2 addresses mobile and WLAN issues at Alliah.
You need 2 mobile vulnerabilities and 2 WLAN ones.
The mobile vulnerabilities could generally be addressed with a ‘mobile device management’ or “MDM” solution.
WLAN stuff is best addressed with a WPA-Enterprise deployment which allows auditing, authentication and access control.
Since Alliah is going to go public, certainly SOX compliance would also need this and is a good federal state or industry regulation to reference in this Task.

The Scenario:
After transitioning out of the military, you were contracted by a medium-sized start-up company that processes credit card transactions on a daily basis. The Chief Executive Officer (CEO) and other business staff have no knowledge of network security or the threats they face. They have an open position for a Chief Information Security Officer (CISO), but have yet to fill it. Thus, they hire you for your expertise in network security, firewalls, and VPN solutions.
This is a short term engagement that lasts 30 days. As the company’s subject matter expert/consultant, the CEO wants a 4-6 page report at the end of your assignment. The CEO tells you they will have remote users, so firewall and VPN technologies are needed. They provide you with the following report outline to use:
1.0 Introduction
2.0 Overview of network security fundamentals, security threats, and issues (discuss from a company wide standpoint).
3.0 Detailed network security recommendations
4.0 Summary
Note:
Section 3.0 should include:
Fundamentals of firewalls and VPNs
Recommendations for firewall and VPN solutions for the new company
Recommendations for implementing your proposed solutions
Practices that you will use to ensure security within the enterprise if they hire you long term. You may make these as sub-sections if you’d like (e.g., 3.1 Fundamentals of Firewalls and VPNs, 3.2 Recommended Firewall and VPN Solutions, etc.)
Section 4.0:
This section should be short, a paragraph or two.
Requirements:
Your submission should be 4 to 6 pages long (not including the title page and the reference page).
All sections are represented (Sections 1.0 – 4.0).
Paper is in APA format with proper citations and references.
1″ margins.
In Times New Roman or Arial font, font size 12.
Utilized correct grammar and spelling.
Include and cite references as needed.
The key to this assignment is to demonstrate your understanding of the topics, not to re-word the text or reference material.

Directions
Write a blog post (2 paragraph minimum
for each step) to reflect on your learning experience and how you are planning
to apply what you learned.  Label each paragraph with the
appropriate title with Part 1 or Part 2 of
the Blog.  
Note: You will not see
anyone’s post until you post first.   
Blog Topic
There are three parts to this
exercise, be to complete both parts.  
Part 1: Watch a video and demonstrate
knowledge 
#1: Watch the video
below about Cybersecurity and Crime:
Cybersecurity and crime | Internet
101 | Computer Science | Khan Academy – YouTube
#2: Write a blog post to
answer ALL the questions below (2 paragraph minimum). 
Ø
Name and explain the three threats are mentioned in the
video?
Ø
What steps should you take to stay safe while working
online?
Ø Blog
organizational hints:
o   Label
Part 1 
Part 2: Apply
knowledge and reflect (2 paragraph minimum)
Ø
Have you experienced, or come close to
experiencing, a potential threat with viruses or phishing while working
online? 
o   Explain
how you were able to tell and what steps you took to avoid or solve the
problem.
Ø If
you have not experienced a virus, worm,
trojan, or phishing, what safeguards have you taken to avoid this experience?
Ø Blog
organizational hints:
o   Label
Part 2. 
o   Discuss either “Have
you” or “If you have not.”