Apply Critical Thinking

Apply Critical Thinking

Start with Video and then follow each step to complete a essay. Also, essay of another student as an example is available to see how essay should look at the end.

Start with reading this Transcript of video.

Early one morning at work, CEO Alice Johnson asks if you have a moment to chat. I need your expertise and advice on a complicated situation for the company regarding an international hacking lawsuit. In her office, Alice explains that CyberTech is serving as the cyber forensics consultant for a law firm handling the suit from a 2015 hack of the Office of Personnel Management, OPM. The OPM hack compromised background information on millions of workers. In a related case Anomalous, a non-US gray hat hacking group suspected in the OPM breach case, is claiming that US-based Equation Set attempted to hack its facilities. So we have a non-US and a US set of test hacker groups involved. With Anomalous, the non-US group, being a client plaintiff in one case against Equation Set, the US group, and as a suspect in the OPM breach. But Alice then outlines why the case is problematic. Along with the OPM victims, CyberTech represents clients from some of the OPM breach suspect companies in unrelated cases, which could appear to be a conflict of interest. This could affect the way our company is perceived by others. We need to maintain our image as an unbiased cyber security consultant. Should CyberTech remain on both the OPM breach investigation and the overseas case at the same time? Or should we drop one of the cases? Apply your critical thinking and analytical skills to figure out what happened what we know and don't know, and how the company might remedy this situation. I'd like a paper by the end of the week with your recommendations

Step 1: Prepare to Think Critically

In this first step, you will prepare to respond to your boss’s request for an analysis of a problem in your organization. You realize that this will require careful thinking. So, you take time to review the process and to engage in  critical thinking and analysis .

When you have finished your review of the learning resources, you will move on to the next step: identifying the problem.

Step 2: Identify the Problem

Now that you’re prepared to think critically, it’s time to analyze the situation. Remember the direction from your CEO is to analyze the situation and advise on the two lawsuits. Review the video or transcript in Start Here as needed.

A suggested area of focus is to determine if a conflict of interest would exist in handling the two cases that might be related, and advise how to proceed.

Outline the points that you want to make in the first two sections of your paper (introduction, explanation) and draft those sections.

Next, it’s time to analyze the information.

Step 3: Analyze the Information

Now that you have some understanding of the nature of the breach and the parties involved, it’s time to gather and analyze information. The  problem analysis  resources will further aid your analysis and development of the third section of the paper.

Outline the points that you want to make in Section 3: Analysis of the Information of your paper, and draft that section.

In the following step, you will consider other viewpoints, conclusions, and solutions.

Step 4: Consider and Analyze Other Viewpoints, Conclusions, and Solutions

Once you have completed your analysis of the incident, the next step is to analyze alternative viewpoints, conclusions, and solutions. To do this, you will need to apply  ethical decision-making and reasoning . Also, read the highly recommended  Randolph Pherson's " The Five Habits of the Master Thinker ," a paper written for intelligence analysts, but applicable to all analytical thinking and reasoning.

Outline the points that you want to make in Section 4: Analysis of Alternative Viewpoints, Conclusions, or Solutions of your paper, and draft that section.

When you are finished, move to the next step, which involves developing conclusions.

Step 5: Develop Well-Reasoned Conclusions

You considered alternative viewpoints in the last step. Now you’re ready to develop personal conclusions and suggest remedies so that your boss is well-equipped to brief  leadership about the situation.

Remember, you may need to consult outside references, but this is not a research paper. It is more investigative in nature about the facts of the case. Cite outside sources carefully.

Now, outline your argument and draft Section 5: Conclusions and Recommendations, the final sections. Your boss is expecting to receive a concise, focused paper to prepare  for further meetings. Stay to the main points, although you may have more facts to answer any questions. You will submit your paper in the final step.

Step 6: Submit the Critical Thinking Paper

The final paper should be no more than five double-spaced pages, excluding the cover page and references page(s). Organize the paper in accordance with your preparatory steps, using these subheadings:

1. Introduction

2. Explanation of the Issue

3. Analysis of the Information

4. Consideration of Alternative Viewpoints and Conclusions

5. Conclusions and Recommendations

Here are some tips for success:

· Consider outside sources if they inform your case. However, stay on task.

· Use APA style for “in text” and reference citations. At this point, your citations should be error-free.

Essay of another student:

Analysis of the 2015 OPM Breach

Introduction

CyberTech is faced with a complicated scenario; the company is representing clients and organizations that are involved in one form of cyber-crime or the other. In order to avoid a conflict of interest and maintain the integrity of the company, there is a need to apply critical thinking and properly analyze the situation so as to reach a reasonable conclusion.

Explanation of the issue

From the available information, we know for a fact that CyberTech is serving as the cyber forensics consultant for a law firm handling the suit from a 2015 hack of the Office of Personnel Management, OPM. In a related case, Anomalous a non-US gray hat hacking group is claiming that US-based Company, Equation Set attempted to hack its facilities. We also know that in an unrelated case, CyberTech is representing OPM victims and clients from OPM breach suspect companies. Anomalous, the non-US gray hat hacking group is a suspect in the OPM breach. We therefore need to gather more information and analyze both cases being investigated by CyberTech; in order to proffer a solution that helps to avoid a conflict of interest.

Problem Analysis

The OPM hack compromised background information on millions of workers. There is a need to determine the extent of the breach. Getting to know the extent of damage done will give insights into the kind of workers information that was accessed.

CyberTech is representing Anomalous, the non-US based gray hat hacking group in a case against Equation Set which is the US based group for attempting to hack its facilities. More information on the nature of the case between Anomalous and Equation Set is required. Additionally, the ability to determine the relationship between the OPM hack and the

Anomalous versus Equation Set case will help answer a lot of questions. If from investigation, it is revealed that Equation Set was successful in the hack of Anomalous, then

additional information is required on the extent of the breach and the type of data that were compromised; there is a need to find out if such information are sensitive or not. Likewise, if it is verified that Anomalous was actually involved in the OPM hack, then further investigation need to be done to find out the sort of information they were able to access from the breach.

Furthermore, in other non-related cases, CyberTech represents OPM victims and clients from some of the OPM breach suspect companies. It is of importance to provide more information on the nature of these cases. Asides hacking, companies and individuals could be involved in other forms of cyber-crime. A common form of cyber-crime is phishing, which is the utilization of fake email messages to get personal information from internet users. Another type is identity theft which is the misuse of personal information. Other forms of cyber-crime include spreading hate and inciting terrorism, distributing child pornography, making sexual advances to minor, DDoS attacks and ransomware.

Consideration of Alternative Viewpoints and Conclusion

Additional investigation should be conducted so as to determine the root cause of an event. There are often a large number of failures that can be traced back to a handful of root causes. According to Spacey (2018), “Generally speaking, the only way to permanently fix a problem is to address its root causes” (para. 3). Asking the right questions can reveal the root cause of an event. For instance, it might be that security in depth structure wasn’t implemented. A question of why the firewall failed to report a constant probing from a particular IP address can reveal a lot. It could also be that no one was monitoring the security logs. A problem that initially looks like a human error might actually be issues of processes

and internal control. In the same token, it could be that the OPM breach took place successfully because a disgruntled employee was compromised. In light of this, employees past online activities should be investigated as this could provide vital information about a case.

As we are already aware, Equation set, which is the US-based gray hat hacking group is being sued by Anomalous. Consequently, we need to find out if CyberTech has clients in Equation Set as well; this information would be very useful in avoiding a conflict of interest. Additionally, who are those representing Equation set its case against Anomalous.

In addition to the aforementioned, a knowledge of client’s role in these cases is necessary. We need to find out if they are victims or perpetrators as it relates to the cases in question.

Conclusion

The OPM, burglarized by suspected non-us based hackers has completed its long-awaited damage assessment and more than 22million people inside and outside government likely had their personal information stolen, as announced by officials. That number is more than five times larger than what the Office of Personnel Management announced when first acknowledging that a major breach had occurred. Investigators ultimately determined that 19.7 million applicants for social security clearances had their social security numbers and other personal information stolen and 1.8 million relatives and other associates also had information taken, according to OPM. That includes 3.6 million of the current and former government employees for a total of 22.1 million.

Conclusive evidence proofed that sensitive information were compromised in the OPM breach. My recommendation to either handle both cases or drop one case for the other would be based on the results obtained from investigation in the other case and analysis of

additional information available to us. If for instance, it is determined that Anomalous was indeed part of the organization that successfully hacked the OPM, I will recommend that CyberTech drops the Anomalous case and focus on the OPM breach case. However, if Anomalous was successful in the hack but did not gain access to sensitive information, CyberTech should consider handling both cases. Also, taking a look at the whole scenario from a different angle, if there is evidence that Equation Set was successful in their hack of Anomalous and it is eventually determined that Anomalous gained access to compromising information in the OPM breach, CyberTech can consider handling both cases without it being viewed as a conflict of interest.

Another point of view would be to analyze the non-related cases in which CyberTech is representing OPM victims and clients from OPM breach suspect companies. If the cases in question are not related in any way or form to the OPM breach case, and the anomalous group did not gain access to sensitive data, then my recommendation is that CyberTech can handle both cases without it being perceived as a conflict of interest.

Finally, if a root cause analysis of the OPM breach reveals that the breach was the result of weak internal policies and human error rather than a deliberate human attempt, I will recommend that both cases should be handled by CyberTech.

References

Levine, M., & Date, J. (2015, July 09). 22 Million Affected by OPM Hack, Officials Say. ABC News. Retrieved from https://abcnews.go.com/US/exclusive-25-million-affected-opm-hack-sources/story?id=32332731

Spacey, J. (2018, March 02). 4 Examples of Problem Analysis. Simplicable. Retrieved from https://simplicable.com/new/problem-analysis

Veiligheid, M. V. (2016, October 05). Forms of cybercrime. Retrieved from https://www.government.nl/topics/cybercrime/forms-of-cybercrime