RESPONSES
Provide (6) substantive responses with a minimum of 150 words each for Responses 1, 2, 3, 4, 5 and 6. Ensure you break down each response in a word document, along with its reference. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that's discusses the responses. 100% original work and not plagiarized. Must meet deadline.
ISSC 341
RESPONSE 1:
My favorite is the authentication and access controls. Mainly because it relates to what I deal with most, so I am more familiar with that area. I also think it is pretty cool how much control an administrator has when granting users access to different areas of the network, or even internet. After a few years of experience, there is still more to learn on different configurations for access. Authentication wise, there are a few different ways of authenticating that intrigue me like biometrics. Currently, most of the various methods are way too expensive for a business to consider implementing but not having to use the username and long passwords anymore sounds excellent. Just using a RFID badge and retina scanner would be so quick and simple. Or a voice scanner and some other type of token to ensure two factor authentication. I am not the biggest fan of two factor authentication due to its hassle, but when biometric authentication is needed on networks, 2FA will be needed as well. Both authentication and access are important to consider for any network, including a home network. Risk management is involved in every decisions, from whether passwords will be used versus smart cards, or how users access is controlled through separation within active directory. Some controls will hinder users efficiency and secure the network further, while some might make the network too vulnerable and cause an event on the network. Aside from this topic I think topologies is my second choice.
-DEVIN
RESPONSE 2:
Looking back through the last 8 weeks and thinking about everything this course had us learn and try and incorporate, I think my favorite topic was learning about the different ways of trying to connect long distance businesses with different means. It all kind of stemmed having to look up networking during major natural disasters. Trying to see what happened during Hurricane Katrina and Hurricane Sandy. The lengths people had to go through trying to get word out that they needed help and not being heard because what we live on as a society was failing due to horrible circumstances. It was crazy to see how reliant we are on this technology and how much it helps us function as a society. Just knowing how much of a safety net it really is and how much we don’t truly appreciate its capabilities. Then trying to imagine how frightening it must be to not have it available when you feel like you need it the most. Then all the awesome work that people did trying to ensure people had access to emergency lines through networks that acted like 911 phone lines. Plus, that was just the forum for that week, I think the case study kind of had a similar feel to it when I was writing it and finding where people are almost needing this technology, then seeing how we were tip toeing on things then a giant break throughs in technology leading to where we are today.
- TAVEN
ISSC 471
RESPONSE 3:
1. Discuss Auditor Certifications
For auditors, ISACA offers the Certified Information Systems Auditor (CISA) certification, which is similar to almost all other security control qualifications (CISA). The Certified Information Systems Auditor (CISA) credential is commonly recognized as the gold standard in the area of information technology auditing and is awarded to those who possess the qualification (IT auditing and controls – planning the IT audit). In contrast to a certification that is just focused on auditing, it demands you to comprehend the principles of auditing as well as information technology.
It confirms that you have a fundamental grasp of auditing and that you are qualified to be certified in that area on a graded scale. According to my findings, these certifications seem to boost the possibility that job opportunities will be accessible to the holder.
2. Discuss Auditor Qualifications
Qualifications for auditors are always growing; it has developed into a profession that demands a deep understanding of a wide range of topics. One hour, the auditor could be explaining and discussing IP routing and virtual local area networks with a network engineer department, and the next, he could be speaking with account receivables about best practices regarding the separation of cost center accounts for an enterprise resource planning (ERP). Auditors must also be meticulous in their work, possessing the ability to follow protocols and maintain an autonomous work environment, since they must often manage their own time effectively while on the job (IS Audit Basics). Finally, it is practically hard to get recruited into an auditing job if you do not have the necessary credentials for the position.
-JAMES
Refences:
IS Audit Basics | The Core of IT Auditing | ISACA Journal. (2021). ISACA. https://www.isaca.org/resources/isaca-journal/past-issues/2014/is-audit-basicsthe-core-of-it-auditing
IT auditing and controls – planning the IT audit [updated 2021]. (2021, June 2). Infosec Resources. https://resources.infosecinstitute.com/topic/itac-planning/
RESPONSE 4:
There are many different certifications offered by a wide variety of organizations that could prove the ability for a person to conduct IT audits for an organization. Two of the most common credentials are the Certified information systems security professional (CISSP) and the certified information systems auditor (CISA). The CISSP is issued by the International information systems security certification consortium. There are some requirements before one can apply for the CISSP, such as the need to possess a minimum of 5 years of direct full-time security work, the attachment to the truth of their assertions regarding the code of ethics, have a clean criminal background history, and have their qualifications endorsed by another member of the (ISC)². The CISA is similar but has more relaxed qualifications to take the test, though you still need experience and must pass the exam.
The qualifications to become a security auditor generally are either the position of a degree specifically in IT auditing, which some degree granting programs have started to incorporate, or a security degree. There is also the need to gain experience somewhere in the security field, meaning that the first job a prospective auditor is to have been likely not as an auditor. There are also some soft skills that auditors need to pose such as the ability to communicate and relate with other people since a large part of auditing is interviewing. There is also a need for the auditor to be analytical, be able to write professionally, and have excellent organization skill specifically related to project management.
-BRIAN
ISSC499
RESPONSE 5:
The design basis threat or DBT is, according to the dictionary of Energy, a succinct description, including type, composition and capabilities, of a threat from an enemy can on an organization asset (Design-basis Threat (DBT), 2014). This is applied to nuclear facilities (U.S. NRC), however, we could use the same process when it comes to cyber security for companies. This is required organization to show it has the capabilities to defend against threat, in this case the DBT.
The organization that I choose for my forum would the Department of Defense. Like with any other entity, Cyber security is very important for the DoD. Cyber security objectives for the DoD which includes many entities that play an important role in the defense of the American people, should mainly be the protection of government assets from hackers, most of which are Advanced Threat Persistent or APT. The DoD is responsible for ensuring the defense of the homeland and also U.S. interest from all attacks either in air, space, water or Cyber. The DoD shares every day sensitive information with other department and this information must be safeguarded. In a document shared by the DoD on its website it resumed its strategy and what they should address in one sentence, “building capabilities for effective cybersecurity and cyber operations to defend DoD networks, systems, and information; defend the nation against cyberattacks of significant consequence; and support operational and contingency plans (The DoD Cyber Strategy, 2015).”
-MICHAEL
Design-basis threat (DBT). (2014). In C. Cleveland, & C. Morris (Eds.), Dictionary of energy (2nd ed.). Elsevier Science & Technology. Credo Reference: https://search-credoreferencecom .ezproxy2.apus.edu/content/entry/este/design_basis_threat_dbt/0
U.S. NRC. (n.d.). Design-basis threat (DBT). Retrieved from https://www.nrc.gov/reading-rm/basicref/ glossary/design-basis-threat-dbt.html
The DoD Cyber Strategy. (2015). The Department of Defense Cyber Strategy. Retrieved from https://archive.defense.gov/home/features/2015/0415_cyberstrategy/final_2015_dod_cyber_strategy_for_web.pdf
RESPONSE 6:
This week we have been asked to discuss an organization’s design basis threat (DBT) in regard to cybersecurity. For the sake of this forum, I’ll examine the US Department of Defense (DOD). It is no secret that the DOD has heavily invested in integrated, networked kinetic and non-kinetic weapons systems. As such cybersecurity has become critical to America maintaining it technological edge against adversarial powers and international competition. As for cybersecurity objectives the DOD has five:
1. Ensuring the Joint Force can achieve its missions in a contested cyberspace environment. (Department of Defense, 2018)
2. Strengthening the Joint Force by conducting cyberspace operations that enhance U.S. military advantages. (Department of Defense, 2018)
3. Defending U.S. critical infrastructure from malicious cyber activity that alone, or as part of a campaign, could cause a significant cyber incident. (Department of Defense, 2018)
4. Securing DoD information and systems against malicious cyber activity, including DoD information on non-DoD-owned networks. (Department of Defense, 2018)
5. Expanding DoD cyber cooperation with interagency, industry, and international partners. (Department of Defense, 2018)
I do not think I am qualified to add anything to this list. However, if I had to hazard a proposal for a potential new objective, I would add an objective of driving the development and innovation of cybertechnology to build a build and maintain a decisive advantage over adversarial capabilities. This objective would ensure the DOD focuses on setting the tone for the world in cyber capability rather than playing catch up to a potentially non-friendly power.
V/R,
Jared
Reference:
Department of Defense. (2018). Summary - U.S. department of defense Cyber Strategy 2018. defense.gov. Retrieved December 10, 2021, from https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF.