University of the Cumberlands Situational Awareness Assignment

User Generated

Ynfln2019

Computer Science

University of the Cumberlands

Description

The discussions should be in APA format including references and between 350-400 words. Attached PDF version of the chapters.

1) Chapter 7 discusses situational awareness. Much of the security efforts of the past have been centered around prevention and protection. The increasing sophistication of cyber attacks have shown that no controls are 100% effective, and some compromises do occur. There is a rising realization that in addition to considering prevention and protection, controls that address detection and response are necessary to improve security posture. Please describe how situational awareness is a driver for detection and response controls.


2)Chapter 18 presented special risk management issues with Blue Wood Chocolates, and chapter 19 presented various financial risks at Kilgore Custom Milling. If Blue Wood Chocolate and Kilgore Custom Milling are to develop a risk management framework, who should lead the process at each company? Should a Chief Risk Officer (CRO) be appointed? If so, to whom should he/she report and have access to? How could smaller companies without the resources for a dedicated CRO deal with ERM? What is the role for the board in such a process?

To complete this assignment, you must do the following:

A) Create a new thread. As indicated above, if Blue Wood Chocolate and Kilgore Custom Milling are to develop a risk management framework, who should lead the process at each company? Should a Chief Risk Officer (CRO) be appointed? If so, to whom should he/she report and have access to? How could smaller companies without the resources for a dedicated CRO deal with ERM? What is the role for the board in such a process?

ANSWER ALL OF THE QUESTIONS ABOVE IN YOUR THREAD



Unformatted Attachment Preview

ITS 835 Chapter 18 Blue Wood Chocolates Enterprise Risk Management Professor Michael Solomon Introduction • Background • Market overview • Blue Wood financial performance • Conclusion Background • U.S. Manufacturer of chocolate products • Privately owned (family) • New CFO • • Outsider Brought in to stabilize financial performance • Blue Wood risk management practice in doubt • • Banks wondering if RM gaps are causing unstable finances Considering taking action • Internal politics and conflict Market Overview • Growing market • Major competitive factors • • Large producers Brand recognition / reputation • Cocoa markets overview • Sugar markets overview • Milk markets overview Blue Wood Financial Performance • Profitability measures worse that competitors • Lots of internal finger pointing • Currently borrowing against revolving line • In case cash flow couldn't cover dividend payments • Deteriorated cash position • Retained earnings falling • Substantial investments • Potential $10 million lawsuit • Risky entrance into currency hedges and futures Conclusion • Business underperforming • Immediate action is necessary to respond to banks • CFO requires • • Overall view of corporate objectives Major risks facing the company • Must have support from the top • After initial pass • Implement ERM ITS 835 Chapter 19 Kilgore Custom Milling Enterprise Risk Management Professor Michael Solomon Introduction • Background • The management team • The company • The new contract • The financial risk management meeting Background • Kilgore Custom Milling • • • Small private manufacturer Power window assemblies Based in southern Ontario, Canada • Pursued contracts to supply plants in the U.S. • Successful in negotiating a contract with Japanese manufacturer • Previous international contracts resulted in loss • Due to currency volatility The Management Team • Owner and CEO • • Steve MacLinden Left day-to-day operations for the rest of the team • Manufacturing and Plant operations • Rory Sullivan • Sales and Client relationships • Casey Dobblestyn • Treasurer and CFO • Cathy Williams The Company • Privately owned • • 100% by Steve MacLinden Planning to retire in 5 – 10 years • Main focus is cash flow management • Concerns with currency related cash flow issues • Additional concern about inflation differences • Between U.S. and Canada The New Contract • Dramatically increase sales • Over 100% for 5 years • Complex and exacting specifications • All proceeds in U.S. dollars • Kilgore must manage financial risk • Contract could be extended for 3 years • But at the same price, benefitting the buyer The Financial Risk Management Meeting • U.S. and Canadian dollars near par • Caused concern over U.S. competition • Multiple options to deal with currency risk • • • Long term swap contracts Short term forward contract Currency options • Management team lack understanding of the options • More open questions than answers • Lots more to do … Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 10 Awareness Copyright © 2012, Elsevier Inc. All Rights Reserved 1 • Situational awareness is the real-time understanding within an organization of its security risk posture • Awareness of security posture requires consideration of the following – – – – – – Chapter 10 – Awareness Introduction Known vulnerabilities Security infrastructure Network and computing architecture Business environment Global threats Hardware and software profiles Copyright © 2012, Elsevier Inc. All rights Reserved 2 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.1 – Optimal period of system usage for cyber security 3 • Factoring in all elements of situational awareness should create an overview of current security risk • Descriptors such as high, medium, and low are too vague to be helpful • Security risk levels should be linked with actionable items Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Introduction 4 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.2 – Rough dashboard estimate of cyber security posture 5 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.3 – Security posture changes based on activity and response 6 • No security task is more difficult and complex than the detection of an ongoing attack • Many tools for detecting attack, yet none comprehensive or foolproof • Determination of risk level is a fluid process Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Detecting Infrastructure Attacks 7 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.4 – Attack confidence changes based on events 8 • Situational awareness for national infrastructure protection requires a degree of attention to daily trivia around vulnerability information • Practical heuristics for managing vulnerability information – – – – Chapter 10 – Awareness Managing Vulnerability Information Structured collection Worst case assumptions Nondefinitive conclusions Connection to all sources Copyright © 2012, Elsevier Inc. All rights Reserved 9 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.5 – Vulnerability management structure 10 • Three basic rules for managers – Always assume adversary knows as much or more about your infrastructure – Assume the adversary is always keeping vulnerabilityrelated secrets from you – Never assume you know everything relevant to the security of your infrastructure Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Managing Vulnerability Information 11 • Daily cyber security intelligence reports are standard in government agencies • They would be useful in enterprise settings • A cyber security intelligence report would include – – – – Chapter 10 – Awareness Cyber Security Intelligence Reports Current security posture Top and new security risks Automated metrics Human interpretation Copyright © 2012, Elsevier Inc. All rights Reserved 12 • Tasks for creating a cyber security intelligence report – Intelligence gathering – Interpretation and publication – Dissemination and archiving Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Cyber Security Intelligence Reports 13 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.6 – Cyber security intelligence report creation and dissemination 14 • Security risks must be tracked and prioritized • Generally agreed upon approach to measuring risk associated with specific components begins with two estimations Chapter 10 – Awareness Risk Management Process – Liklihood – Consequences • Actual numeric value of risk less important than overall relative risk • A useful construct compares security risk against cost of recommended action Copyright © 2012, Elsevier Inc. All rights Reserved 15 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.7 – Risk versus cost decision path structure 16 • Increasing risks likely incur increased costs • Summary of management considerations – Maintaining a prioritized list of security risks – Justifying all decisions Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Risk Management Process 17 • The security operations center (SOC) is the most visible realization of real-time security situational awareness • Most SOC designs begin with centralized model – a facility tied closely to operation • A global dispersal of SOC resources is an around-theclock real-time analysis of security threats Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Security Operations Centers 18 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness Fig. 10.8 – Security operations center (SOC) high-level design 19 • A national-level view of security posture will require consideration of the following – – – – Commercial versus government information Information classification Agency politics SOC responsibility Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 10 – Awareness National Awareness Program 20
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: SITUATIONAL AWARENESS

Situational Awareness
Institution Affiliation
Date

1

SITUATIONAL AWARENESS
Situational awareness is when an organization understands the position in risky
situations. According to Fraser, Narvaez, & Simkins (2015), situational awareness helps in
detecting and responding to the risks that threaten the organization. There are different ways in
which situational awareness becomes helpful in helping to cope with the risks. situational
awareness will help in understand the environmental threats such as natural disasters, the cost of
the raw materials supplied, availability of water, and the temperatures and cl...


Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags