Security Awareness Brochure
43324Project 4
Scene 1
As you complete your morning login routine, you notice an urgent message from John, the chief
technology officer. “See Me ASAP!!”
You grab your tablet and stylus and rush to John’s office.
Scene 2
John gives you a friendly greeting as you enter his office, but he looks concerned.
“Good morning,” John says. “I appreciate you dropping everything and coming by so quickly. I need your
help with a high-level matter.
“Top executives are meeting to prepare for the quarterly meeting with the board of directors. They
would like to review the current vulnerabilities and threats that the organization has in regards to our
technology, people, and cybersecurity policies. The board will also be asking about our ability to educate
the organization’s population on not only our policies and practices, but also the need for them. I need
to prepare a presentation for the board meeting. However, I have several other urgent matters to
oversee.”
John continues, “I need you to prepare my presentation by reviewing common attack vectors, analyzing
our vulnerabilities, and preparing recommendations on what we should do to protect ourselves. In
addition, I need a brochure to show the board what we are doing to educate the organization on these
issues. I need this review in two weeks.”
You are grateful for John’s trust in allowing you to put together his presentation for the board, and now
you’re eager to show that his faith in you is justified. You will have to combine your technical and
research abilities to come up with the recommendations, and present them in a professional manner.
Organizations must implement countermeasures to protect information and data that are vulnerable to cyber attacks. As new security threats are introduced, these countermeasures must be evaluated and improved. In this project, you will investigate common types of cyberattacks and possible solutions, evaluate the costs of implementing identified countermeasures, and communicate the recommended solution to a nontechnical audience. Upon completion, you will present to management the most likely attack vectors against your organization and suggest solutions ranked by cost and effectiveness. You will also suggest how the mix of identified state and non-state actors should affect policy maker decisions and policy development for critical infrastructure protection. This is the final of four sequential projects. There are 15 steps in this project. Begin by reviewing the project scenario, then proceed to Step 1.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
5.2: Examine architectural methodologies used in the design and development of information systems.
6.2: Create an information security program and strategy, and maintain alignment of the two.
7.2: Evaluate international cybersecurity policy.
7.3: Evaluate enterprise cybersecurity policy.
8.2: Evaluate specific cybersecurity threats and the combination of technologies and policies that can counter them.
Step 1: Define Vulnerabilities, Threats, and Risks
Vulnerabilities, threats, and risks are important to understand in order to evaluate and ultimately improve security posture by mitigating risks. Your organization’s security posture will determine its cybersecurity policies. Assessing risk is key in this process. Define vulnerability, threat, and risk. Consider their relationship to one another and how they relate to the security of networks and data. You will use this information to complete your vulnerability assessment and to develop the educational brochure for your workforce. (Review Programming, Systems Software, Application Software and Software Interaction if you do not already have a working understanding of these topics.)
Step 2: Identify Examples of Vulnerabilities, Threats, and Risks
In Step 1, you familiarized yourself with the concepts of vulnerability, threat, and risk. You now understand their relationship to one another and how they relate to security. In this step, you are going to identify at least two examples of a vulnerability, two examples of a threat, and two examples of a risk in each of the following categories:
technology
people (human factors)
policy
You should identify a minimum of eighteen examples. This will assist you in conducting the vulnerability assessment and developing the educational brochure. (Review Basic Elements of Communication and Computer Networks if you do not already have a working understanding of these topics.)
Step 3: Identify Current Vulnerabilities and Threats
After defining and identifying examples of vulnerabilities, threats, and risks in Steps 1 and 2, you should understand the basic concepts of vulnerabilities and threats as they apply to general cybersecurity. However, vulnerabilities and threats are dynamic: They can evolve with changes in technologies, changes in adversary capabilities or intentions, or changes in human behaviors and organizational policies. It is important to understand current vulnerabilities and threats and their applicability to the larger community as well as to your organization (e.g., critical infrastructure protection), so that you can make informed recommendations on how/whether to mitigate them. Identify current known vulnerabilities and threats that could impact your organization. The vulnerabilities and threats that you identify will be necessary for your final presentation. (Review
List a minimum of two current known vulnerabilities and threats involving the following:
people (human factors)
technology
policy
Step 4: Vulnerability Assessment and Operational Security eLearning Module
To prepare for the upcoming vulnerability assessment, you will practice in a simulated environment with the Vulnerability Assessment & Operational Security eLearning Module. You will learn how to maintain effective audit, risk analysis, and vulnerability assessment practices in a fictional scenario. You will also review risk and vulnerability analysis tools. (Review Network Devices & Cables and Network Protocols if you do not already have a working understanding of these topics.)
Take time during this module to take notes as the information will be helpful during your own vulnerability assessment in Step 7. Specifically note the major components of cybersecurity architecture, architectural methodologies for the physical structure of a system’s internal operations and interactions with other systems, and architectural methodology standards that are compliant with established standards or guidelines.
Step 5: Identify Attack Vectors
Attack vectors are the means by which vulnerabilities are exploited and threats realized. As a result, understanding attack vectors is critical to developing impactful mitigations. Identify the applicable attack vectors, the weaknesses exploited, and the means used to gain access based on the vulnerabilities and threats identified in Step 2. Also note the common types of cyber attacks. The attack vectors and weaknesses that you identify will be necessary for your vulnerability assessment and final presentation. (Review A Closer Look at the Web, Web Markup Language and Web and Internet Services if you do not already have a working understanding of these topics.)
Identify attack vectors and weaknesses exploited via the following:
hardware
software
operating systems
telecommunications
human factors
Step 6: Examine and Identify Known Attribution
Attribution is often very difficult, if not impossible, to identify. One reason is the anonymity afforded by the Internet. Another reason is the potential sophistication of malicious state actors and non-state actors who are able to disguise themselves and/or exploit an innocent and often unknowing computer user to achieve their goals. Attribution is desired because knowing who is behind an exploit can provide insight into the motivations, intentions, and capabilities of threat actors. Understanding attack vectors used by threat actors provides key insights that help to build stronger defenses and construct better policy management. In order to complete your vulnerability assessment, you will need to first do the following:
From the attack vectors identified in Step 5, determine if attribution is known for the threat actor (e.g., name of nation state, non-state and/or hackers and actors) most likely involved in exploiting each weakness.
Categorize the threat actor(s) based on attribution for previous exploits, likely targets, and rationale(s) for targeting/exploitation (e.g., profit, political statements, extortion, etc.).
Step 7: Vulnerability Assessment
From the results of Steps 4, 5, and 6, develop and submit a spreadsheet that includes the following:
characterization of current and emerging vulnerabilities and threats
identification of the attack vector(s) employed against each
your assessment (high, medium, or low) of the impact the vulnerability could have on your organization
Make sure to address security architectures, including components, specifications, guidelines, standards, technologies, etc. Also consider international threats and attack vectors. This assessment will be included in your final presentation.
Submit your assessment for feedback.
Step 8: Identify Countermeasures
Now that you have assessed your organization’s vulnerability, you are ready to identify possible countermeasures. Identify specific countermeasures that will address the vulnerabilities/threats to your organization that you summarized in Step 7.
Review best practices as well as any published mitigations for the specific weaknesses identified. Include both cyber defenses and, as appropriate and legal in the United States, cyber offenses (cyber offensives / warfare). Make sure to address key cybersecurity technologies, methodologies, standards, and legal compliance. Record your findings to be included in your upcoming white-paper resource for your final presentation.
Step 9: Determine the Cost of Security Solutions
Once you have identified possible countermeasures for your organization, you will need to determine their cost. Discuss the relative financial impact of these countermeasures, considering appropriate technology and policy changes to address cyberthreats at the enterprise, national, and international levels as a result of procurement, implementation, and maintenance. Also consider the policy and technology tradeoffs at each level. Rank the countermeasures according to cost and effectiveness. Record your findings to be included in your upcoming white-paper resource for your final presentation.
Step 10: Assess Success
Develop your assessment of the likelihood of success of the mitigations when implemented as you prescribe. Criteria to be considered should include the following:
ease of implementation (technically as well as from a policy perspective)
ease of adoption by the workforce
impact on ability to perform the organization’s work (e.g., is productivity impacted, are additional steps required that impede workflow?)
record of success of this mitigation on the same/similar weakness
cost (as a factor of the overall budget of the organization, e.g., will significant trade-offs have to be made in order to invest in this solution)
leadership support
Record your findings to be included in your upcoming white-paper resource for your final presentation.
Step 11: Countermeasures White Paper
Compile your findings from Steps 8, 9, and 10 and submit a three-page paper that describes the countermeasures, cost, and potential challenges with implementing them in your organization. This paper will provide much of the basis for your final presentation. Make sure to include the following:
critical issues in cybersecurity management and technology policy
principles of cyber warfare theory and application (cyber offensives / warfare)
various concepts of enterprise cybersecurity
cybersecurity standards organizations
key initiatives in international cybersecurity policy advances
Submit your paper for feedback.
Step 12: Summarize Your Solutions
In order to develop recommendations to include in your presentation, you must first prepare your solutions. Summarize recommended solutions to mitigate the vulnerabilities and/or threats as identified in Step 10, with at least two recommendations each in the categories of people, technology, and policy. Rank your recommended solutions by both cost and effectiveness. You will use this solutions summary to develop your recommendations in your final presentation.
Step 13: Develop Recommendations
Your presentation will also need to consider an overall security strategy. Develop the overall way forward for your company that includes an explanation of the current security environment in your organization, identification of security vulnerabilities and threats, explanation of attack vectors, and recommended solutions. Refer specifically to the information prepared in Steps 4 through 12. Your recommendations must meet the following criteria:
coincide with IT vision, mission, and goals
align with business strategy
incorporate all internal and external business functions within the organization’s security program
create an organizational structure, if it does not already exist, to operate the security program and align it with the entities of the organization as a whole
include a rough implementation plan
evaluate the effectiveness of the security program
These recommendations will be the focus of your presentation.
Step 14: Presentation
You now have all of the information needed to develop the slide presentation that John requested for senior management. The presentation should clearly explain current known weaknesses in your organization’s security (to include people, technology, and policy) that could result in successful exploitation of known vulnerabilities and/or threats.
Develop a narrated slide presentation of 16-20 slides that concludes with the recommended way forward (e.g., continue to accept risks, accept some risks (identify them), mitigate some risks (identify them), mitigate all risks, etc.).
Submit your presentation for review when complete.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
5.2: Examine architectural methodologies used in the design and development of information systems.
6.2: Create an information security program and strategy, and maintain alignment of the two.
7.2: Evaluate international cybersecurity policy.
7.3: Evaluate enterprise cybersecurity policy.
8.2: Evaluate specific cybersecurity threats and the combination of technologies and policies that can counter them.
Step 15: Develop Security Awareness Brochure
Now that the pressing recommendations are complete, you also need to address the educational brochure that John will be presenting to the board for review. Develop and submit a two-page (one-page, front and back) brochure that will be used to educate your organization on the important concepts you defined and identified in Steps 1 and 2, as well as communicate the policies and procedures necessary to implement the recommendations you developed in Step 13. Your brochure should explain each concept, describe examples that will be familiar to your organization in common terms, and share tips on how individuals can contribute to improving the security of information and networks in your organization.
Submit the brochure when complete.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.