Week assignment requirement
For this assignment, you will create a narrated presentation that predicts the future use of technology within your selected organization.
For this assignment, you will create a narrated presentation that predicts the future use of technology within your selected organization. Pay special attention to technology changes available to your organization and threat actors that would include the cybercriminals and nation-state adversaries relevant to your selected organization’s industry.
Be sure your presentation includes the following:
A prediction of future use of technology.
Identification of changes within threats and vulnerabilities inside and outside the organization.
Identification of important adjustments and necessary resource allocations.
Identification of cybersecurity needed within all areas of the organization.
Length: 6-7 content slides, a conclusion, and references. At least 200 words of notes for each slide, include any citations. Add audio using voice-over in PowerPoint or record using Kaltura
References: Include a minimum of 3 scholarly resources in addition to those provided within the course.
Week Review :
Cybersecurity is indeed a new frontier. Although there has been a considerable change, one of the fundamental problems is that organizations are still unable to quantify risk accurately. Sufficient risk reduction techniques cannot be implemented without a simple measure of risk. Good security practices often go unrewarded, and poor security practices go unpunished without an appropriate risk measurement. By encouraging market forces to work, developing a better understanding of risk can assist in putting market forces to work.
Today, agencies recognize the value of risk management and have invested substantial resources in securing government information systems, such as recruiting and educating information security experts, designing security policies and procedures, and providing user education (NIST, 2020).
Furthermore, the threat environment is shifting, requiring the government to enact adaptive strategies to resolve these issues. While the initial response in government is to ban disruptive emerging innovations that breach current security models, such as cell phones or social networking sites, a long-term moratorium on innovation is neither feasible nor advisable.
If at all possible, one of the first principles of forensics is to retrieve as much data as possible while the device is still operational. Administrators can be forced to respond very quickly and pull the plug on the computer or disconnect it from the network, depending on the extent of the harm.
References
Cloud Computing System Risk Estimation and Service Selection Approach Based on Cloud Focus Theory
Lin, F., Zeng, W., Yang, L., Wang, Y., Lin, S., & Zeng, J. (2017). Cloud computing system risk estimation and service selection approach based on cloud focus theory. Neural Computing & Applications, 28(7), 1863–1876.
This paper proposes a cloud computing system risk assessment approach based on cloud theory and collected the risk value and four risk indicators from each virtual machine to produce the five property clouds.
Social Cybersecurity: An Emerging Science
Beskow, D. M., & Carley, K. M. (2019). Social Cybersecurity: An Emerging National Security Requirement. Military Review, 99(2), 117.
With the growth of online platforms that enabled individuals to gather and distribute information came the rise of online cybercrime aimed at exploiting single individuals and entire groups. As a result, researchers and practitioners started to investigate this digital playground and the ways in which socially and digitally embedded individuals could be exploited. Social cybersecurity is a modern science and engineering field that is gaining traction. This paper describes this emerging field, gives examples of research issues and resources required, and sets out a research agenda in this field.
Scoping the Ethical principles of Cybersecurity Fear Appeals
Dupuis, M., & Renaud, K. (2020). Scoping the ethical principles of cybersecurity fear appeals. Ethics and Information Technology, 1.
This paper creates an effects-reasoning matrix for all stakeholders, outlining the possible benefits and drawbacks of cybersecurity fear appeals by developing six ethical standards to direct the implementation of cybersecurity fear appeals.
Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study
Humayun, M., Niazi, M., Jhanjhi, N., Alshayeb, M., & Mahmood, S. (2020). Cyber security threats and vulnerabilities: A systematic mapping study. Arabian Journal for Science & Engineering (Springer Science & Business Media BV), 45(4), 3171–3189.
This paper focuses on identifying key cybersecurity vulnerabilities, targeted/victimized applications, mitigation strategies, and infrastructures so that researchers and practitioners can gain a deeper understanding of the issue.
Comparing Traditional and Next-Generation Intrusion Prevention Systems (IPS)
Santos, O. (2017). 2.2 Comparing traditional and next-generation intrusion prevention systems (IPS) (Lesson 2: Network security devices and cloud services) [Video]. In CCNA Cyber Ops SECFND 210-250. Pearson IT Certification.
There are different types of intrusion prevention systems. The first one is a traditional network-based IPS, and an example of that is the network IPS devices from Cisco, like the 4200 sensors, the Cali6500 IPS modules, and some others. These devices actually have been end-of-life for quite some time now. The next-generation IPS are replacing them, like the Cisco Firepower IPS systems and the Cisco ESA 5500 series Firepower Services. They provide intrusion prevention, firewall capabilities, and VPN services in a single unit and easy-to-deploy platform.
Implementing Information Security Continuous Monitoring (ISCM)
Greene, S. (2015). 6.8 Implementing information security continuous monitoring (ISCM) (Lesson 6: Security assessment and testing) [Video]. In CISSP. Pearson IT Certification.
The ISCM process was designed to support the NIST risk management framework for ongoing and iterative monitoring. The ISCM process was designed for federal agencies but is adaptable to any public or private sector organization. The objective of ISCM is to continually measure and report on the effectiveness of organizational security controls.
MITRE ATT&CK®
MITRE ATT&CK. (n.d.). MITRE ATT&CK.
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework
Mouzakitis, S., & Askounis, D. (2021). Assessing MITRE ATT&CK risk using a cyber-security culture framework. Sensors, 21(9), 3267.
This paper emphasizes the effort on the hybrid MITRE ATT&CK for Enterprise and Industrial Control Systems model as a broader and more holistic approach.
-National Institute of Standards and Technology. (2020). Security and privacy controls for information systems and organizations. NIST Special Publication 800-53, Revision 5.
Answer preview for this assignment, you will create a narrated presentation that predicts the future use of technology within your selected organization.
8 slides