Week 8 Emerging Threats and Countermeasures Discussion

User Generated

ohaal123

Computer Science

Description

Subject: Emerging Threats and Countermeasures

What is the goal of security audits and the importance of establishing best practices within and organization?

You must do this following:

1) Create a new thread.

2) Select AT LEAST 2 other students' threads and post substantive comments on those threads. Your comments should extend the conversation started with the thread.

Responses to Other Students: Respond to at least 2 of your fellow classmates with at least a 100-word reply. To help you with your discussion, please consider the following questions:

  • What did you learn from your classmate's posting?
  • What additional questions do you have after reading the posting?
  • What clarification do you need regarding the posting?
  • What differences or similarities do you see between your posting and other classmates' postings?


Reference:

* Amoroso, E. G. (2012). Cyber attacks: protecting national infrastructure. Elsevier.

* https://s3.us-east-1.amazonaws.com/blackboard.learn.xythos.prod/5a31b16bb2c48/5845538?response-content-disposition=inline%3B%20filename%2A%3DUTF-8%27%27Chapter%25205%2520Recording.mp4&response-content-type=video%2Fmp4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20191014T162019Z&X-Amz-SignedHeaders=host&X-Amz-Expires=21600&X-Amz-Credential=AKIAIL7WQYDOOHAZJGWQ%2F20191014%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a1d1027875703f37cd95c0fdf4bfb9a5d9250125257a682035b15fdde8bcbb3d

* Attached PPT for reference

Unformatted Attachment Preview

Cyber Attacks Protecting National Infrastructure, 1st ed. Chapter 5 Commonality Copyright © 2012, Elsevier Inc. All Rights Reserved 1 • Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack • Best practices, standards, and audits establish a lowwater mark for all relevant organizations • Audits must be both meaningful and measurable Chapter 5 – Commonality Introduction – Often the most measurable things aren’t all that meaningful Copyright © 2012, Elsevier Inc. All rights Reserved 2 • Common security-related best practice standards – – – – Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) ISO/IEC 27000 Standard (ISO27K) Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Introduction 3 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.1 – Illustrative security audits for two organizations 4 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.2 – Relationship between meaningful and measurable requirements 5 • The primary motivation for proper infrastructure protection should be success based and economic Chapter 5 – Commonality Meaningful Best Practices for Infrastructure Protection – Not the audit score • Security of critical components relies on – Step #1: Standard audit – Step #2: World-class focus • Sometimes security audit standards and best practices proven through experience are in conflict Copyright © 2012, Elsevier Inc. All rights Reserved 6 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.3 – Methodology to achieve world-class infrastructure protection practices 7 • Four basic security policy considerations are recommended – Enforceable: Policies without enforcement are not valuable – Small: Keep it simple and current – Online: Policy info needs to be online and searchable – Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Locally Relevant and Appropriate Security Policy 8 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.4 – Decision process for security policy analysis 9 • Create an organizational culture of security protection • Culture of security is one where standard operating procedures provide a secure environment • Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Culture of Security Protection 10 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.5 – Spectrum of organizational culture of security options 11 • Organizations should be explicitly committed to infrastructure simplification • Common problems found in design and operation of national infrastructure – – – – Chapter 5 – Commonality Infrastructure Simplification Lack of generalization Clouding the obvious Stream-of-consciousness design Nonuniformity Copyright © 2012, Elsevier Inc. All rights Reserved 12 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.6 – Sample cluttered engineering chart 13 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.7 – Simplified engineering chart 14 • How to simplify a national infrastructure environment – – – – – Reduce its size Generalize concepts Clean interfaces Highlight patterns Reduce clutter Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Infrastructure Simplification 15 • Key decision-makers need certification and education programs • Hundred percent end-user awareness is impractical; instead focus on improving security competence of decision-makers – – – – Chapter 5 – Commonality Certification and Education Senior Managers Designers and developers Administrators Security team members • Create low-cost, high-return activities to certify and educate end users Copyright © 2012, Elsevier Inc. All rights Reserved 16 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Fig. 5.8 – Return on investment (ROI) trends for security education 17 • Create and establish career paths and reward structures for security professionals • These elements should be present in national infrastructure environments Chapter 5 – Commonality Career Path and Reward Structure – Attractive salaries – Career paths – Senior managers Copyright © 2012, Elsevier Inc. All rights Reserved 18 • Companies and agencies being considered for national infrastructure work should be required to demonstrate past practice in live security incidents • Companies and agencies must do a better job of managing their inventory of live incidents Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality Responsible Past Security Practice 19 • Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices Chapter 5 – Commonality Responsible Past Security Practice – Past damage – Past prevention – Past response Copyright © 2012, Elsevier Inc. All rights Reserved 20 • A national commonality plan involves balancing the following concerns – Plethora of existing standards – Low-water mark versus world class – Existing commissions and boards Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 5 – Commonality National Commonality Program 21
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: EMERGING THREATS AND COUNTERMEASURES

Emerging Threats and Countermeasures
Student’s Name
Institutional Affiliation

1

EMERGING THREATS AND COUNTERMEASURES

2

The Goal of Security Audits
Internal audit is a vital function of any compliance and information security program.
Before companies create controls and procedures around the security of IT, it is vital to
determine the risk that is available. The first goal of security audits is to gives justification to the
financial expenditures that are required to keep the firm safe. Tight budgets are an implication
that it is very challenging to approve additional costs. Auditing in IT assists in educating the
internal stakeholders to ensure that they see the vitality of mitigating the crucial risks and
approving s...


Anonymous
Goes above and beyond expectations!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags