W Hudson Homework 2

In this discussion post, you will analyze and provide your perspective on why, in spite of verbose information and data on the likelihood and impact of a cybersecurity event, many organizations do not properly prepare for one. Begin by reading the article “Why Organizations Don’t Prepare for Information Security Incidents”. After reading the article provided above, respond to the following prompts in your post: Post at least three reasons you think organizations don’t prepare for information security incidents. Many applications that impact security and privacy are free. As a consumer, do you see more value in paying for an application that is more secure and does not use your personal information as part of the transaction? Justify your answer.

17 18 19 According to the NIST Cybersecurity Framework, an organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing cybersecurity risk. Based on your reading of the NIST Cybersecurity Framework, please select all the appropriate statement(s) that guide organizations on how the Framework can be used. 0 000 The Framework is not designed to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current cybersecurity risk approach and develop a roadmap to improvement. The Framework is designed to complement existing business and cybersecurity operations. It can serve as the foundation for a new cybersecurity program or a mechanism for improving an existing program. The Framework is designed to completely replace existing cybersecurity management practices and requires that organizations start fresh when "moving to the framework" O O O O The Framework…

Have you ever seen someone being harassed or bullied by someone else over the internet? When you initially learned of the issue, what was the very first thing that went through your head? How did you get at the conclusion that the individual had been the target of bullying conduct prior to your intervention? In other words, how did you come to that conclusion?

1. You've just been hired as a Chief Information Security Officer for a small startup. They've written four applications and just got funding to go live. Before they do so, they realized they've never had a cybersecurity professional, so they've hired you. While there are hundreds of things to do, you are asked to come up with a list of your top TEN (10) items, in a bulleted list, to focus on in the first day or two. These can be questions to ask or actions to take, and aren't meant to be the full solution, but the initial things you'll do to get control of the situation. Provide a NUMBERED LIST of TEN (10) items that is your initial list of priority areas to focus on and potential actions to take. Do not use more than one line per item. Many aswers are correct, so credit is given for coming up with ten good and comprehensive focus areas based on what we've covered in class, in the labs, and in our readings.

Have you ever seen an instance of internet bullying or harassment? How did you react when you first heard about it? The person has apparently been the target of bullying previous to your intervention; please explain how you arrived at this judgment.

Interns who appear to be violating many security policies are confronted by the CISO, who hears their complaints. The company claims its employees don't encrypt their computers, listen to music without a license, share files between work and personal devices, waste too much time on social media, and illegally access pornographic material. The CISO suggests drafting a security document (Rules of Behavior) with at least 15 rules outlining the conduct that is and is not acceptable on the company's network.

A security policy is a document that provides employees with clear instructions about acceptable use of company confidential information, explains how the company secures data resources and what it expects of the people who work with this information. Most importantly, the policy is designed with enough flexibility to be amended when necessary. You are working in organization X, and you are supposed to develop an issue-specific security policy, you can pick one issue from Table.1 [1] (In the photos) Your Task is: To develop the different sections of your policy and adequate procedure(s), you can refer to SANS Policy Templates [2]. References: [1] Developing an Information Security Policy: A Case Study Approach, Fayez Hussain Alqahtani. 4th Information Systems International Conference 2017, ISICO 2017, 6-8 November 2017, Bali, Indonesia. [2] https://www.sans.org/information-security-policy/

Explain the purpose of the National Institute of Standards Technology (NIST) Cybersecurity Framework. -The NIST Cybersecurity Framework is a set of mandatory rules for organizations to follow in order to protect themselves against cybersecurity risks. -The NIST Cybersecurity Framework is a voluntary guide that helps organizations understand and protect themselves against cybersecurity risks. -The NIST Cybersecurity Framework is a system of computers that monitors national cybersecurity threats and relays the information to businesses and other organizations. -The NIST Cybersecurity Framework is a cybersecurity software package available to organizations from NIST intended to bolster firewall capabilities.

Complete the "FIA's Complaints Registration Form" to report an incident of cybercrime. What's the trick?

What larger concepts and patterns currently account for most instances of cybercrime? Please include citations if you'd want a full answer.

CYB/405 **Who are the stakeholders although there may be multiple for some** Who are the KEY STAKEHOLDERS for EACH plan and policy: CYBERSECURITY PLANS: -Vendor management plan -Incident Response Plan -Business Continuity Plan -Disaster Recovery Plan   CYBERSECURITY POLICIES: -Virus and spyware protection policy -Firewall policy - Intrusion prevention policy -Host Integrity policy

providing an explanation of the concept and concrete illustrations of how to identify levels of exposure?

What do you think of the Act Creating the Agency for Cybersecurity and Infrastructure Security? Why don't you provide a source to back up your claim?

You've been warned about a ransomware assault known as Ryuk. Assume that each infected device will cost you $100 to restore your files. Write a one-page executive briefing (in memo style) outlining the following actions to address the danger you've identified: Find out about a security danger and/or breach and study the information you findAssess the danger and prepare a briefing for senior management (a one-page paper in Word, PDF, etc.)Write a concise summary of the main aspects of the problemWhat effect, if any, could it have on St. Eligius?Make suggestions for short-term measures to reduce the risk.Suggestions for long-term mitigation

State the details of an incident that you have read about (Example: breach due to attack, employee theft of data, etc.) and then use the incident response steps to analyze how you would handle the incident. Be certain to clearly name and define each step (Step 1: Identifying the Incident, etc.).

You are assigned as a Cyber Investigator to a Computer Crimes Unit within the Department of Homeland Security.  In your role, you are responsible for responding to crime scenes to collect items of digital evidence and conducting subsequent examinations of the things ordered.  Legal analysis is inherent in your position, and you are required to document your legal authority for each investigation.   Today, you responded to a College Dormitory to investigate an unidentified individual downloading Child Sexual Abuse Material (CSAM).  In the proceeding days, you downloaded 200 Gigabytes of known CSAM from a user over Peer2Peer software.  During the download, you were able to identify the Suspect's Internet Protocol Address, as well as a Port Number.  You specified the Suspect was using IP Address 71.143.70.239:8451.  Subsequently, the Internet Service Provider identified that l leased the IP Address to University Dorm Rooms. After coordinating with the university Office of Technology…