CCJS 421
.pdf
keyboard_arrow_up
School
University of Maryland, College Park *
*We aren’t endorsed by this school
Course
421
Subject
Information Systems
Date
Feb 20, 2024
Type
Pages
3
Uploaded by AmbassadorElement10594
Cybersecurity Defined and Key Concepts
In this Informational brief, I will be explaining what cybersecurity is, what the field entails, and
some of its key concepts. This brief will also acquaint you with threats that are currently facing
our infrastructure and the legalities associated with the protection of our enterprise.
Cybersecurity is the protection of networks, electronic devices, programs, and systems against
unauthorized access and unlawful attacks. It is based upon the CIA (Confidentiality, Integrity,
and Availability) triad, which is a fundamental baseline that guides a company or organization on
how to address security concerns (Fortinet, n.d.). Confidentiality ensures that data is kept
private and prevents the sharing of unauthorized access, whether it is intentional or by accident.
An element of maintaining confidentiality consists of granting necessary privileges to those with
access. Integrity makes sure that all data is free from tampering and kept authentic for the
recipient. Last, Availability makes sure that all systems and networks are functioning correctly
and readily available for authorized entities (Fortinet, n.d.).
Key Concepts within Cybersecurity
There are 5 key concepts that encompass cybersecurity. Each plays a part in creating an
effective strategy for protection digital assets:
•
Information Security: implements methods to protect the unauthorized use of data and
sensitive information.
•
Intrusion detection and Prevention: the process of continually monitoring system logs
and networks in real time to detect intrusions and unauthorized access.
•
Incident Response: is the after response to cybersecurity threat that include restoring
operations and understanding the events to prevent reoccurrence.
•
Threat Identification: is the identification of threats and malware.
•
Disaster Recovery: Aids in business continuity and assists with rebuilding a company’s
defense after an attack/intrusion took place (KnowledgeHut, n.d.).
Significant Threats to Data and Root Causes
As our internet usage and connections between IoTs expand, there will always be a threat
against our data and security. Cybercriminals will consistently be on the prowl to exploit
vulnerabilities, garnish data, and disrupt networks or systems. Not only do they pose a real
danger to our enterprise, but they differ in terms of their origins, techniques, tactics, and
procedures. Some sources of cybercrimes can be influenced by terrorist organizations, criminal
groups, nation states, and even abused by internal employees who have access to company
assets (Imperva, n.d.). To protect our infrastructure and data, we must place an importance on
Risk Management.
Importance of the Risk Management Framework
Risk Management in Cybersecurity is the process of identifying digital assets,
implementing solutions to mitigate discovered risks, and reviewing security measures. Risk
Management plays a strategic role in the protection of our infrastructure and data by handling
critical threats in a timely manner (Imperva, n.d.). There are four quadrants to the Risk
Management Framework:
•
Identifying the Risk: involves evaluating the companies environment for potential risk.
•
Assessing the Risk: found risks will be analyzed to understand their impact to the
company.
•
Controlling the Risk: involves procedures, technologies, and techniques that can aid in
mitigating the risks.
•
Reviewing Controls: involves continuous evaluation and adjustment of mitigation
techniques (Imperva, n.d.).
Recommended Best Practices for Protection of IT Assets
In addition to having the strategies above mentioned in place, there are various security
practices to incorporate that would aid in the protection of our IT assets. Since Employees and
C-Suite Executives can be susceptible to attacks, training them on security awareness would
prove to be a valuable investment. This would go into topics such as how to practice safe
internet usage on company or personal devices, device security, how to recognize phishing
emails, different kinds of cyber-attacks, password management, social engineering, and who to
report their suspicions to. Regardless of the size of a company, employees will always be a
prime target for cybercriminals. They can also be crafty and tailor their attacks to specific roles
within the organization. For a C-Suite Exec, they are just as vulnerable to attacks because their
position within their company gives them elevated privileged access (Oh, 2022). As a high-risk
target, cybercriminals can deploy a sophisticated attack, called Whaling. If successful, they can
gain access to their emails and under impersonation illicit payments from internal sources or
accounts team (Oh, 2022). Each mentioned would help with maximizing our efforts to harden
our security posture in hopes of staying vigilant on probable attacks.
Falling Victim to A Cyber Crime Incident
If our organization fell victim to a cybercrime or security incident, we will respond by immediately
investigating the incident and notifying the appropriate entities of the incident. Communication
would be important in this step because of how detrimental a security incident is. It can lead to
reputational damages to the company, potential lawsuits, and financial losses. Every second
would count, and the exposure of sensitive data can pose a risk to our consumers as well
(Gontovnikas, 2020.). Another critical step is to consult with legal counsel because of the
exposure of personal information and notify users within a 72-hour window. If this isn’t followed
through, then the company can face hefty fines.
Incident Response and Evidence Collection
The Incident Team would be the entity that would evaluate evidence, contain to stop further
damage, and determine the scope of the incident. The evidence gathered from this incident will
range from error messages, log files, data from intrusion detection systems, monitoring tools,
and firewalls (Borkar, 2022). Once all is gathered, it can be sifted through to find the severity of
the incident and collected as evidence if the incident reaches a court of law. There are six steps
to an incident response:
•
Preparation Phase: which develops an outlook on policies to implement in case of an
incident.
•
Identification Phase: this outlines the criteria to gather events and evidence from
monitoring tools, error messages, firewalls, and intrusion detection systems.
•
Containment Phase: isolates an incident to prevent the threat from further damages.
•
Eradication Phase: Once the threat is contained, systems need to be restored to their
initial state before the incident (Borkar, 2022).
If the Incident Response Team determines that Law Enforcement would need to be contacted,
their role would involve accessing crucial information given by the IR team and organization,
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help