Week1Discussion_post1_CYB100_2023

Thec Informationc Systemc (IS)c ofc anc organizationc isc fundamentallyc thec usec ofc informationc

andc technologyc communicationsc byc ac businessc soc thatc peoplec canc usec thec technologyc

forc supportingc thec businessc processes.c Thec corec componentsc ofc anc ‘IS’c ofc ac businessc

encompassc telecommunications,c computerc hardware,c computerc software,c databasesc andc

datac warehousesc andc humanc resourcec andc procedures.c Eachc ofc thesec Informationc Systemc

componentsc hasc ac cardinalc rolec toc playc andc theyc functionc inc anc interlinkedc mannerc soc

thatc thec businessc canc usec thec technologyc forc thec intendedc purposec .Thec computerc

hardwarec isc thec physicalc technologyc thatc functionsc withc thec information.c Itc worksc alongc

withc thec computerc software.c Thec softwarec tellsc thec hardwarec whatc toc doc andc thusc itc

managesc thec operationsc thatc arec performedc byc thec hardware.c Telecommunicationsc isc

requiredc toc connectc thec hardwarec soc thatc ac networkc canc bec .Ac networkc isc requiredc inc

anc Informationc Systemc toc tiec togetherc computerc systemsc inc ac specificc area.c Thec

databasesc andc datac warehousesc storec thec materialsc thatc thec otherc ISc componentsc workc

with.c Thec datac availablec inc thisc sectionc actsc asc thec foundationc ofc thec ISc ofc anc

organization.c Thec finalc componentc encompassesc thec humanc resourcec andc proceduresc thatc

arec responsiblec forc runningc thec system.c Theyc arec relatedc toc cyberc domainc asc theyc workc

inc closec loopc withc otherc cyberspacec elements.c Thec organizationc Ic amc choosingc toc

discussc isc thec financialc institutionc USAA.c USAAc operatesc onec ofc thec mostc complexc

andc successfulc informationc systemsc inc thec world.c Itc communicatesc withc itsc broadlyc

dispersec customers,c mostlyc militaryc officersc andc theirc families,c primarilyc byc phone,c

email,c andc itsc Webc site.c Inc previousc years,c USAAc madec ac calculatedc choicec toc becomec

onec ofc thec morec technology-concentratedc organizationsc inc thec world.c Itc viewsc ITc asc ac

calculatedc weaponc andc usesc itc inc multiplec ways.c Forc example,c whenc customersc callc

formc theirc cellc phones,c offices,c orc homes,c thec personnelc overc atc USAAc greetsc themc

personallyc byc name.c Unlikec manyc diversifiedc companies,c ac customerc representativec canc

handlec inquiresc andc transactionsc aboutc allc ofc USAA’sc productsc usingc ac highlyc integratedc

database.c USAAc utilizesc itsc immeasurablec databasec toc keepc trackc ofc minutec details,c suchc

asc whichc autoc partsc arec repairedc mostc regularly.c Itc alsoc usesc itsc databasec toc discoverc

waysc toc lowerc claimsc costs.c USAAc spentc immenselyc toc developc anc image-processingc

systemc thatc digitizesc allc paperc documentsc mailedc inc byc applicants.c Itc takesc onlyc ac fewc

strokesc ofc thec computerc keysc forc ac policyc servicec representativec toc recoverc photosc ofc

allc thec documentsc inc ac client’sc file.c Thec systemc canc sortc andc prioritizec soc thatc workersc

arec alwaysc focusingc onc thec mostc urgentc andc importantc tasks.c USAAc providesc itsc

customersc withc onlinec depositc capturec usingc scanningc technology.c USAAc wasc thec firstc

U.S.c bankc toc administerc ac remotec depositc capturec applicationc forc thec iPhone.c USAA'sc

iPhonec applicationc allowsc clientsc toc takec photosc ofc bothc thec frontc andc backc ofc eachc

checkc andc submitc themc forc depositc electronically.c Thec companyc Ic decidedc toc usec isc

Medicaidc forc thec statec imc currentlyc locatedc in.c Theyc havec toc usec HIPPAc toc ensurec thatc

theyc don’tc givec outc patientsc informationc suchc asc socialc securityc numbers,c telephonec

numbers,c addresses,c andc Medicalc records.c Theyc alsoc havec toc makec surec thatc nobodyc

getsc hospitalc documentsc orc anyc typec ofc doctorc thatc acceptsc Medicaidc becausec thatc

containsc providersc informationc whichc includesc doctorsc accountc numbers,c staffc

informationc andc doctorsc socialc securityc numbersc asc well.c Medicaidc collectsc ac lotc ofc

informationc fromc doctorsc andc patientsc andc thec informationc isc beingc keptc onc computers.c

Ic believec thatc theyc needc toc crackc downc onc securityc ac littlec bitc morec becausec thec systemc

hasc beenc breachedc before.c Thisc allc connectsc toc thec cyberc domainc becausec everythingc

thatc youc usec toc lookc upc patientsc informationc isc throughc ac websitec onc thec internetc andc

whenc Ic wasc workingc forc Medicaidc everyonec wasc connectedc toc onec WiFi.c Alsoc peoplec

usedc toc connectc theirc personalc belongingsc toc thec samec WiFic atc thec officec soc itc wasc

easyc accessc forc ac hackerc toc gain.c Ic doc knowc thatc theyc usec VPNc nowc thatc peoplec arec

workingc fromc homec andc usingc theirc ownc WiFi.c Alsoc theyc wouldc havec toc makec surec

peoplec stopc connectingc theirc personalc phonesc toc thec workc computerc becausec thatc canc

alsoc spreadc aroundc informationc thatc thec employeesc won’tc evenc knowc theyc arec doing.c

Thec organizationc thatc Ic choosec wasc onec thatc Ic amc intimatelyc familiarc with,c whichc isc

thec Unitedc Statesc Army.c Thec Armyc hasc ac numberc orc protocolsc thatc mustc bec followedc

inc orderc toc accessc evenc thec mostc rudimentaryc ofc theirc computerc systems.c Thec mostc

basicc ofc whichc wouldc bec Armyc Knowledgec Onlinec (AKO).c Thisc isc ac systemc thatc allowsc

youc toc quicklyc accessc anyc numberc orc otherc militaryc websitesc suchc asc MyPayc (militaryc

websitec thatc allowsc accessc toc thingsc likec yourc pay-stubsc andc taxc information),c andc

iPERMSc (Interactivec Personnelc Electronicsc Managementc System)c whichc allowsc soldiersc

toc accessc theirc Armyc Militaryc Humanc Resourcec Recordc (AHMRR).c Inc orderc toc beginc

thisc processc thec soldierc mustc bec briefedc andc takec multiplec classesc andc passc examsc aboutc

ComSecc (Communicationsc Security).c Theyc arec alsoc issuedc ac Commonc Accessc Cardc

(CAC),c whichc notc onlyc servesc asc theirc officialc Militaryc Identification,c butc isc alsoc

preloadedc withc "Permissions"c forc thec variousc programsc andc websitesc thatc thesec soldiersc

arec allowedc toc access.

Thisc cardc isc typicallyc lockedc withc ac numericalc codec chosenc byc thec soldier,c whichc mustc

bec inputc wheneverc ac soldierc accessesc ac governmentc computer,c website,c orc inc somec casesc

securec areasc ofc buildings.c Onc topc ofc this,c manyc sitesc arec onlyc accessiblec fromc ac SIPRc

(Securec Internetc Protocolc Router)c linec asc opposedc toc utilizingc ac NIPRc (Non-Securec

Internetc Protocolc Router)c Accessc Point.

Whilec itc isc necessaryc forc thec securityc ofc thec military,c Ic willc bec thec firstc toc sayc thatc atc

timesc thec systemsc inc placec doc tendc toc runc slightlyc behindc thec civilianc worldc duec toc thec

difficultiesc andc expensec inc upgradingc suchc ac largec system.c Inc fact,c theirc arec stillc militaryc

websitesc suchc asc onesc focusingc onc distancec learningc classesc forc rankc progression,c thatc

requirec thec usec ofc Internetc Explorerc asc opposedc toc webc browsersc suchc asc Microsoftc

Edge,c FireFox,c orc Chrome.c Anotherc keyc componentc isc ofc informationc systemc isc Data,c

ifc datac isc incorrect,c thenc ITc systemc wouldc collapse.c Ic havec workedc forc ac nonc profitc

organizationc andc myc contractc wasc thoroughc FEMA,c Ic wasc workingc asc ac Datac Analystc

wherec Ic ranc reportsc forc usersc andc makec surec Datac isc enteredc correctlyc inc thec systemc

forc clientsc byc casec managers.c wec foundc numerousc discrepanciesc wherec datac wasc enteredc

incorrectlyc thereforec thesec reportsc werec veryc helpful.c Itc wasc webc portalc wherec Ic ranc

reportsc from,c itc wasc newc systemc andc wec hadc manyc errorsc asc wec ranc reports,c therec

werec manyc glitchesc inc thec system,c Datac wouldc changec thenc Ic wouldc havec toc runc thec

reportc againc andc sometimesc manyc timesc whichc wasc notc quitec easyc toc workc withc andc

soc sometimesc itc wasc embarrassingc inc frontc ofc usersc cuzc theyc knowc theirc clientsc andc

theirc informationc andc theyc werec complainingc thatc Datac Ic sentc themc isc incorrect.c Ic oftenc

triedc toc contactc themc andc theyc sayc itsc ac newc systemc andc itc hasc glitchesc andc wec justc

havec toc barec withc it.c Itc wasc quitec annoyingc speciallyc whenc wec needc thec reportsc forc

meetingsc orc createc ac reportc toc sendc thec correctc datac toc higherc ups.c Thec retailc storec thatc

Ic choosec willc bec Walmart.c Ic choosec Walmartc becasuec forc numberc onec itsc walkingc

distancec fromc myc house.c Myc childrenc likec toc getc outc andc walkc fromc timec toc time.c Ic

canc speakc onc theirc systemc becasuec theyc havec ac checkc systemc thatc willc notc letc mec letc

mec cashc anyc checksc andc Ic havec askedc severalc ofc timesc whyc theyc willc notc andc theyc

gavec mec ac numberc toc call.c Thec softwarec andc thatc theyc havec willc notc letc youc checkc goc

throughc thec systemc ifc therec isc noc funds.c Therec wasc ac timec whenc Ic sawc peoplec goc inc

thec storec withc checksc andc itc wentc throughc andc thec checkc justc bounced.c Thec keyc

componentsc ofc anc informationc systemc isc thec hardware,c software,c data,c andc security.c Thec

organizationc thatc Ic choosec toc discussc isc thisc doctorsc officec Ic usedc toc workc for.c Ic thoughtc

thatc theyc wouldc bec ac perfectc examplec toc usec becausec therec isc ac certainc levelc ofc

confidentialityc thatc onec hasc toc abidec byc soc youc mustc assumec thatc therec isc ac somec sortc

ofc securityc inc place.c Wellc allc ofc thec patientc informationc isc storedc onc ac computerc

programc calledc anc EMRc electronicc medicalc recordc andc ifc thec companyc doesc payc forc

topc notchc securityc thenc ac bunchc ofc patientsc informationc becomesc availablec forc hackersc

soc itc isc veryc importantc toc makec surec youc havec excellentc softwarec toc protectc thec

companyc fromc malwarec andc hackersc tryingc toc stealc thec patientsc information.c Peoplec alsoc

arec thec causec forc ac lotc ofc lostc data,c whichc isc alsoc importantc becausec therec shouldc Bec

someonec thatc isc alsoc monitoringc cyberc attacksc andc notc justc ac softwarec thatc wayc therec

willc bec extrac securityc protectingc thec patientc information.c Thec companyc Ic chosec toc

researchc isc Americanc Eaglec Outfitters.c Theyc arec ac largec retailc clothingc companyc basedc

inc Pennsylvania.c Ic workedc forc themc forc fivec yearsc asc ac retailc manager.c Atc Americanc

Eaglec wec hadc rewardsc programsc wherec wec wouldc storec shopper’sc personalc informationc

suchc as,c email,c address,c andc phonec number.c Theyc alsoc offerc ac creditc cardc whichc youc

canc applyc forc onc theirc site,c soc theyc havec yourc socialc securityc numberc asc well.c Withc

that,c theyc havec databasesc andc serversc toc storec thatc informationc on.c Ic recallc ourc systemsc

goingc downc onec dayc forc ac couplec hoursc andc wec couldn’tc doc anyc transactionsc orc lookc

upc rewardsc information.c Wec foundc outc laterc onc therec wasc ac threatc toc thec company,c butc

theyc claimedc thatc theyc weren’tc ablec toc retrievec anyc customerc information,c soc wec didn’tc

needc toc worry.c Thesec relatec toc thec cyberc domainc becausec therec isc importantc informationc

storedc thatc needsc toc bec protected.c Thec companyc Ic amc choosingc toc profilec isc myc currentc

employer.c Wec havec manyc keyc componentsc inc placec toc helpc usc preservec ourc informationc

security.c Onec measurec wec havec inc placec isc ac formc ofc physicalc security.c Eachc employeec

mustc enterc andc exitc throughc thec mainc entrancec usingc ac securityc badge.c Anyc visitorsc arec

alsoc routedc throughc thec mainc entrancec wherec theyc havec toc checkc inc withc receptionc andc

security.c Oncec they’vec checkedc inc withc securityc theyc arec givenc ac visitorsc badge.c Byc

doingc thisc myc employerc isc ensuringc onlyc authorizedc personnelc enterc thec building.c Thisc

isc importantc toc ourc informationalc securityc becausec itc limitsc thec availabilityc toc ourc

hardwarec andc infrastructure.c Itc alsoc verifiesc visitorsc authenticity.

c c c c c c c c c c c c c Anotherc keyc componentc ourc ITc departmentc hasc inc placec isc onlyc allowingc

authorizedc userc accountsc ontoc ourc network.c Ifc youc tryc toc accessc ourc internalc networkc

viac anc Ethernetc cablec orc WiFic withoutc havingc anc authorizedc accountc youc willc bec lockedc

out.c Inc additionc toc thatc theyc alsoc havec levelsc ofc confidentiality.c Ac goodc examplec ofc

thisc isc thec networkc drivec thatc humanc resourcesc usesc toc storec PII,c personalc identifiablec

information.c Onlyc accountc listedc withinc thec userc groupc ofc “Humanc Resources”c andc ITc

managementc canc accessc thisc drivec becausec ofc thec confidentialityc levelc establishedc byc

ourc accounts.c Thec organizationc Ic willc bec discussingc aboutc isc myc currentc employer.c Ic

currentlyc workc withc thec Bureauc ofc Automotivec Repair.c Ourc organizationc helpc consumersc

retirec orc repairc theirc vehiclesc basedc offc ofc eligibility.c Itc isc extremelyc importantc thatc wec

holdc thec utmostc confidentialityc forc ourc consumersc becausec wec keepc ac trackc recordc ofc

theirc privatec informationc suchc asc theirc vehiclec information,c mailingc address,c andc incomec

documentsc intoc ourc database.c Thec physicalc copiesc thatc wec getc arec confidentiallyc

shreddedc andc disposedc ofc properly.c Lately,c we'vec beenc receivingc emailsc fromc thec

Californiac Cyberc Securityc Integrationc Centerc aboutc employeesc reportingc multiplec

phishingc emailsc fromc outsidec sources.c Duringc thisc pandemic,c wec arec receivingc ac lotc ofc

emailsc fromc thirdc partiesc discussingc aboutc overduec invoices,c COVID,c andc thec 2020c

election.c Anc emailc wasc sentc toc warnc allc employeesc becausec ac fewc havec openedc thec

emailsc fromc thesec outsidec sourcesc andc causedc securityc toc breachc it.c Sincec wec arec

receivingc multiplec phishingc emailsc atc thisc time,c ourc cyberc securityc hasc createdc ac wayc

forc usc toc reportc phishingc emailsc throughc outlookc inc ac timelyc manner.c Thec organizationc

Ic havec chosenc toc discussc aboutc isc thec organizationc Ic workc for.c Ic amc employedc byc thec

Defensec Healthc Agencyc supportingc medicalc healthc carec systemsc asc ac tierc 1c desktopc

supportc specialist.c Thec keyc componentsc inc ourc informationc systemsc thatc correlatesc withc

thisc weeksc videoc wouldc bec ourc databasec isc wherec wec storec userc informationc alongc withc

patientc healthc information.c Itc isc storedc onc multiplec serversc forc redundancyc andc

availabilityc toc endc clientsc onc sitec andc acrossc multiplec militaryc installations.c Securityc isc

ac topc priorityc forc myc employerc andc wec arec constantlyc receivingc auditsc andc trainingc

fromc ourc securityc teamc toc ensurec wec followingc bestc practices.c Despitec followingc bestc

practicesc wec stillc havec threatc eventsc alsoc knownc asc attacksc happenc inc ourc enterprise.c

Thec mostc recentc attackc wec receivedc wasc actuallyc ac phishingc attackc thatc affectedc ac lotc

ofc ourc medicalc providers,c Thec basesc ofc thec attackc seemedc toc bec targetedc asc ac denialc

ofc servicec becausec ac lotc ofc thec medicalc providersc receivedc magnitudec ofc junkc emailc outc

ofc nowherec andc maxedc outc theirc 4gbc mailboxc capacityc whichc causedc ac lotc ofc ourc endc

usersc toc losec emailc functionalityc temporarily.c Luckilyc itc hadc minimalc impactc onc ourc

enterprisec andc resolvedc quickly.c Thec companyc Ic havec chosec toc researchc theirc

informationc systemsc isc Walmart.c Walmartc isc onec ofc thec largestc retailersc inc itsc industry.c

Walmartc usesc inc storec shoppingc asc wellc asc onlinec shoppingc inc whichc itc collectsc andc

securesc datac fromc possiblec threatsc Walmartc developc ac supplyc chainc managementc systemc

thatc communicatesc withc customers,c suppliers,c andc distributorsc andc alsoc builtc itsc ownc

datac centersc andc developedc supportingc cloud-basedc commercec applicationsc usingc openc

sourcec tools.c Walmartc alsoc hasc anc appc thatc storesc datac usedc onc thec appc suchc asc locationc

information,c bankingc information,c search,c andc orderc information.c Inc attemptsc toc preventc

customerc informationc leaksc Walmartc usesc operationalc systemc componentsc ofc PCIc DSSc

thatc includec maintainingc ac securec networkc viac usec ofc firewallsc toc protectc sensitivec data,c

encryptingc cardholderc datac thatc isc transmittedc acrossc publicc networks,c regularlyc updatingc

anti-virusc softwarec asc wellc asc trackingc andc monitoringc allc accessc toc networkc resourcesc

andc cardholderc data.c Wal-Martc maintainsc redundantc primaryc andc secondaryc informationc

systemsc toc mitigatec thec risksc ofc operationalc downtimec and/orc significantc lossc ofc

information.c Thec organizationc keepsc primaryc andc secondaryc informationc systemsc

physicallyc separated.c Thec companyc Ic chosec isc ac companyc Ic workc for,c Kaiserc Permanentec

Hospital.c I’vec beenc workingc herec forc almostc 2c yearsc now.c Ic workc inc thec pharmacyc

department,c wec handlec ac largec amountc ofc patientc information.c Wec constantlyc getc thesec

updatesc toc betterc protectc thisc information.c Wec constantlyc getc thesec phishingc emails,c

thesec emailsc arec mostlyc notc real,c kaiserc willc sendc outc thesec fakec phishingc emailsc toc tryc

toc trainc usc intoc notc openingc emailsc thatc arec sentc fromc thec outside.c Kaiserc Permanentec

alsoc requiresc ac passwordc changec everyc threec months,c andc requirec ac fingerc scanc forc

everyc taskc thatc isc beingc donec inc thec pharmacy.c Alongc withc that,c youc alsoc needc ac badgec

scanc toc makec yourc throughc certainc department,c noc badge,c noc entry.c

Alongc withc medicalc andc medicationc informationc thatc isc displayedc inc ac Patientsc chartc isc

alsoc theirc personalc information,c address,c phonec number,c email,c socialc securityc number,c

andc manyc timesc they’llc alsoc havec creditc cardc information.c Ic reallyc enjoyedc thisc weeksc

readingc assignment,c andc video,c itc gavec mec ac biggerc outlookc onc informationc security,c asc

wellc asc ac differentc outlookc onc kaiserc Permanente’sc proceduresc toc protectc patientc

information.c Ic havec workedc forc ac couplec ofc veryc largec companiesc onec wasc Verizonc

Onlinec andc thec otherc wasc BP.c Ic workedc asc ac Softwarec Testc Engineerc andc QAc managerc

atc Verizon,c andc ac Seniorc Businessc Analystc atc BP.c Bothc companiesc havec complexc

informationc systems,c butc Ic havec decidedc toc goc withc Verizonc Onlinec sincec Ic workedc

therec thec longest.c Verizonc Onlinec isc thec internetc andc landlinec sidec ofc Verizon,c andc

reallyc hasc nothingc toc doc withc thec cellc phonec sidec ofc Verizon.c Thec serversc thatc housec

allc thec informationc neededc forc variousc softwarec projectsc arec locatedc allc overc thec country.c

Therec arec serversc forc customerc informationc thatc includec names,c addresses,c billingc

information,c whichc servicesc ac customerc hasc subscribedc to,c etc.c Therec arec alsoc serversc

thatc arec usedc forc hostingc variousc Verizonc websitesc includingc production,c development,c

andc testingc environments.c Therec arec serversc forc Onlinec Helpc andc databasesc asc well.c

Therec arec multiplec developmentc teams,c testc teamsc (hardwarec andc software),c projectc

managementc teams,c legalc teams,c designc teams,c artists,c andc businessc owners.c Wec workedc

onc ac localc areac networkc forc ourc office,c butc wec alsoc hadc connectionsc toc otherc networksc

throughoutc Verizonc andc sometimesc 3rdc partyc vendors.c Wec evenc hadc accessc toc somec

Microsoftc serversc whenc wec didc ac jointc projectc withc them.c Sincec Verizonc isc ac

telecommunicationsc companyc thec companyc hadc toc worryc aboutc ac widec varietyc ofc threatsc

andc areasc thatc couldc bec exploited.c Verizonc providesc consumerc andc businessc servicesc soc

ifc therec wasc ac securityc breachc itc couldc potentiallyc affectc numerousc individualsc andc

businesses.c Therec isc ac dedicatedc securityc teamc butc reallyc everyonec wasc responsiblec forc

doingc theirc partc toc ensurec ourc datac stayedc secure.c Verizonc isc ac partc ofc thec cyberc

domain.c Thec services,c data,c hardware,c people,c andc proceduresc allc makec upc aspectsc ofc

thec cyberc domain.c Thec keyc componentc ofc thec informationc systemc Ic amc stuckc betweenc

isc thec databasec andc software.c Databasesc relatec toc thec cyberc domainc becausec Datac isc

oftenc thec mostc valuablec assetc ofc anc organizationc andc thereforec isc thec mainc targetc ofc

intentionalc attacks.c Systemsc developedc inc recentc yearsc arec likelyc toc makec usec ofc

databasec managementc systems.c Backingc upc allc datac periodicallyc willc increasec

redundancyc andc willc makec surec allc sensitivec datac isc notc lostc orc compromisedc afterc ac

securityc breach.c Attacksc suchc asc injectionsc andc ransomware,c compromisec thec integrityc

andc availabilityc ofc data.c Backupsc canc helpc protectc inc suchc cases.c Softwarec isc relatedc toc

thec cyberc domainc becausec Informationc securityc isc allc tooc oftenc implementedc asc anc

afterthoughtc ratherc thanc developedc asc anc integralc componentc fromc thec beginning.c Andc

refactoringc softwarec andc addingc securityc measuresc laterc onc isc farc greaterc thanc buildingc

inc securityc fromc thec start.c Securityc designedc applicationsc helpc reducec thec threatsc andc

ensurec thatc whenc software/networksc fail,c theyc failc safely.c Strongc inputc validationc isc

oftenc thec firstc linec ofc defensec againstc variousc typesc ofc injectionc attacks.c Softwarec andc

applicationsc arec designedc toc acceptc userc inputc whichc opensc itc upc toc attacksc andc herec

isc wherec strongc inputc validationc helpsc filterc outc maliciousc inputc payloadsc thatc thec

applicationc wouldc process.c Informationc systemsc isc ac setc ofc componentsc toc collect,c store,c

andc processc datac fromc consistedc data.c Informationc systemsc consistc ofc differentc typesc

suchc asc executivec support,c managementc information,c decisionc support,c knowledgec

management,c transactionc andc officec automation.c Asc farc asc organizationsc Googlec wouldc

bec thec onec Ic choosec asc theyc usec informationc systemsc forc thec searchc engine.c Thisc isc

howc datac isc transmittedc asc beingc thec mostc usedc byc users.c Forc examplec fromc thec givenc

components,c transactionc processingc systemsc arec includedc inc thec formc ofc googlec payc asc

wellc asc theirc onlinec stores.c Informationc systemsc arec relatedc toc cyberc domainc asc theyc

playc ac rolec forc manyc worldc widec systems,c theyc arec usedc fromc ac globalc scalec asc itc isc

everywhere.c Cyberc domainc isc ac globalc domainc thatc isc madec ofc differentc networksc ofc

information,c asc beingc ac infrastructurec isc countsc computerc systemsc andc networksc asc ac

whole.c Soc beingc ac wholec domainc thisc includesc informationc systemsc availabilityc onc thec

samec scale.c Cyberc domainc alsoc consistsc ofc informationc securityc toc managec itc withc

computer,c data,c andc networkc securityc thec 3c mainc aspectsc toc informationc security'sc

architecture.c Ic havec chosenc System76c asc thec companyc Ic wantc toc research.c System76c

mayc notc bec wellc known,c butc itc isc ac smallc computerc retailerc basedc outc Colorado.c Theyc

sellc Linuxc basedc computerc systemsc andc havec createdc theirc ownc flavorc ofc Linuxc calledc

PopOS!.c Ic havec beenc ac fanc ofc thisc companyc forc severalc yearsc now,c andc Ic currentlyc runc

theirc OSc onc myc system.c Ic wantc toc focusc onc themc becausec notc onlyc arec theyc ac retailerc

butc alsoc havec anc operatingc systemc thatc hasc ac largec communityc basedc supportc system,c

soc theyc havec PIc andc inc thec communityc oftenc screenshotsc arec sharedc thatc couldc cluec ac

threatc sourcec in,c andc thec biggerc threatc isc ifc youc arec likec me,c youc couldc possiblyc openc

yourselfc upc toc potentialc maliciousc codec whenc youc updatec yourc system.c Ic hopec thisc isc

ac goodc researchc andc hopec thatc Ic findc thec faithc Ic havec inc System76c isc wellc placed.c Thec

organizationc thatc Ic willc bec usingc isc CACIc Internationalc whichc isc anc Americanc companyc

headquarteredc Inc Arlington,c VA.c “CACIc providesc expertisec andc technologyc toc enterprisec

andc missionc customersc inc supportc ofc nationalc securityc missionsc andc governmentc

transformationc forc defense,c intelligence,c andc civilianc customers.”c (CACI,c 2020).c Thesec

typesc ofc organizationsc havec manyc assetsc thatc ifc theyc fellc intoc thec wrongc handsc couldc

compromisec notc onlyc thec company’sc interestsc butc thatc ofc nationalc securityc asc wellc duec

thec naturec ofc thec defensec andc intelligencec customer’sc theyc workc with.c Forc example,c

theyc developc electronicc warfarec systemsc forc thec Departmentc ofc Defensec toc combatc thec

enemy’sc surveillancec andc reconnaissancec systems.c Ifc thec plansc forc thisc assetc wherec toc

fallc intoc thec wrongc handsc thenc thatc wouldc cripplec thec integrityc andc usefulnessc ofc thosec

systems.c Therec arec manyc attacksc thatc theyc havec toc thwartc everyc dayc fromc manyc

differentc attackers,c whichc couldc includec otherc companiesc whichc arec competitorsc orc

foreignc entitiesc thatc arec againstc somec ofc theirc customers.c Thec companyc hasc toc havec

manyc securityc measuresc setc intoc placec toc counterc attacksc byc alwaysc lookingc toc improvec

theirc securityc measuresc withinc thec organization.c Somec ofc thec waysc toc mitigatec thesec

risksc includec alwaysc keepingc thec workforcec awarec ofc thec latestc threatsc throughc securityc

trainingc whichc includesc educatingc thec workforcec onc thec differentc threatsc theyc face,c strictc

passwordc policies,c andc twoc factorc authenticationsc usingc thingsc likec tokensc duringc logins.c

Thec companyc hasc toc keepc theirc securityc teamc sharpc asc well,c asc threatsc arec alwaysc

evolvingc asc newc softwarec willc comec withc newc vulnerabilitiesc thatc othersc willc bec lookingc

toc compromisec forc theirc personalc gain.c Ic researchedc quitec ac fewc differentc organizationsc

soc farc thisc weekc forc ideas.c Itc camec downc toc ac fewc selectc organizationsc withc enoughc

publicc keyc componentsc relatingc toc thec cyberc domainc toc makec myc choicec butc Ic ultimatelyc

wantc withc Microsoft.c Ic havec alwaysc usedc Microsoftc productsc andc learningc ac littlec morec

aboutc theirc keyc componentsc ofc anc informationc systemc wasc anc interestingc internetc

adventure.c Myc originalc ideac wasc toc goc withc Amazonc butc afterc muchc considerationc Ic

decidedc toc goc withc Microsoftc definingc thec cyberc domainc couldc bec accomplishedc multiplec

ways.c Ic thinkc itc couldc easilyc bec describedc asc ac domainc occupiedc byc anythingc thatc dealsc

withc cyberc technologyc orc cyberc space.c Whilec itc appearsc somec definitionsc goc morec intoc

depthc thisc isc thec definitionc Ic willc bec stickingc tooc forc myc assignmentsc andc futurec

discussionc postsc surroundingc thisc topic.c Keyc componentsc ofc thec informationc systemc Ic

choosec relatec toc thec cyberc domainc inc multiplec waysc butc morec soc Importantc isc howc thec

informationc systemsc keyc componentsc directlyc relatec toc howc thec cyberc domainc isc

established.c Amazonc isc thec companyc Ic choosec toc writec becausec ofc it’sc sizec andc

capabilitiesc itc providesc toc customersc acrossc thec cyberc domain.c Amazonc isc ac hugec onlinec

corporationc withc physicalc logisticalc hubsc growingc atc anc increasingc ratec everyc year.c Duec

toc thisc companyc sizec andc clientc basedc Ic wouldc thinkc theyc havec manyc defensesc inc placec

toc protectc thec customersc datac thec adversariesc wouldc lovec toc exploit.c Theyc havec manyc

seversc withc theirc customerc personalc identificationc informationc andc financialc informationc

asc well.c Notc onlyc doc theyc containc andc protectc personalc informationc theyc mustc safeguardc

manyc linkedc accountsc likec amazonc primec thatc hasc usersc accountc withc informationc thatc

mustc protectc againstc threatsc thatc couldc resultc inc lossc ofc information.c Amazonc willc havec

toc protectc againstc threatc ofc sabotagingc serversc orc data.c Adversaryc threatsc arec presentc

dailyc withc noc warningc toc Amazonsc datac basec customersc informationc fromc exploitationc

toc bec downloadedc andc soldc toc sites.c Advisoriesc willc createc waysc orc designc theirc ownc

waysc toc usec ac exploitc onc thec assetsc datac basec toc bec resold.c Amazonc takesc measuresc toc

safeguardc physicalc attacksc asc wellc toc preventc lossc ofc datac basesc physicalc ofc exploitingc

data.c Thec companyc Ic chosec isc ac third-partyc helpc deskc thatc providesc supportc forc ac muchc

largerc earthc movingc company.c Itc hasc anc informationc systemc thatc consistsc ofc physicalc

hardwarec andc softwarec thatc thec computersc run,c thec proceduresc thec companyc usesc andc

enforcesc forc troubleshootingc orc softwarec licensingc andc muchc more.c Itc alsoc consistsc ofc

thec peoplec activelyc whoc workc onc thec helpc deskc orc onsitec atc thec warehouses,c orc evenc

behindc thec scenesc thatc employeesc ofc thec companyc neverc interactc with.c Anotherc corec

componentc isc thec largec amountsc ofc datac storedc onc serversc thatc isc accessedc byc employeesc

ofc thec servicec deskc orc byc thec employeesc whoc workc forc thec companyc itself.c Mostc

employeesc mustc accessc orc connectc toc thec cyberc domainc inc orderc toc doc theirc jobs.c

Whetherc itc bec toc accessc datac orc inputc datac inc ac certainc databasec orc sharec itc withc

someonec elsec whoc worksc inc thec company.c Onc thec servicec deskc wec accessc ac ticketingc

systemc wherec wec inputc detailsc ofc thec customerc andc thec issue.c Therec arec stillc somec

formsc ofc physicalc datac isc onsitec lockedc awayc butc forc thec mostc partc allc informationc

existsc inc thec cyberc domainc andc needsc toc bec securedc toc keepc thec datac safe.c Applec isc

thec companyc Ic amc goingc toc writec aboutc sincec itsc ac bigc growingc industryc andc Ic knowc

ac lotc aboutc it.c Whenc creatingc ac Applec IDc youc startedc yourc informationc Asset.c Addingc

yourc Creditc orc debitc cardsc toc thec walletc appc andc usingc keychainc toc savec itc toc thec

iCloudc whenc youc backupc yourc devicec whichc isc ac Physicalc Asset.c Applec hasc madec itc

toc wherec youc canc usec Applec Payc inc ac lotc ofc placesc alongc withc differentc websites.c

Doingc soc opensc ac doorc toc Adversary'sc thatc wouldc wantc toc gainc accessc toc thisc typec ofc

information.c Usingc Phishingc attemptsc likec emails,c phone,c textc andc pop-upsc toc pretendc

theyc arec applec supportc andc gainc Informationc Assets.c Applec developedc ac wayc toc makec

yourc informationc morec securec byc creatingc Twoc factorc authentication.c Wherec youc wouldc

needc toc eitherc havec ac Trustedc devicec orc ac Trustedc Phonec toc gainc accessc toc yourc Applec

ID.c Usingc thisc methodc makesc itc harderc forc Adversary'sc toc gainc accessc toc yourc

Informationc Assetsc withc justc inputtingc yourc applec Idc andc password.c Twoc factorc usesc ac

methodc wherec whenc youc logc intoc yourc applec IDc itc sendsc ac Verificationc codec toc eitherc

yourc Trustedc devicec orc Trustedc phonec number.c Withoutc thatc verificationc codec youc arec

unablec toc gainc accessc toc yourc applec ID.c Nowc ifc youc endc upc clickingc thec attachmentsc

fromc ac phishingc emailc thenc itc opensc ac doorc toc wherec theyc canc havec accessc toc

informationc orc ifc youc callc thec numberc onc thec phishingc emailc yourc givingc thec Adversaryc

thec nextc stepc toc gainc accessc toc yourc Informationc Asset.c Thec companyc Ic chosec toc doc

myc researchc onc isc thec companyc thatc Ic workc forc Northropc Grumman.c Northropc isc ac

globalc aerospacec andc defensec technologyc companyc theyc havec multiplec locationsc

throughoutc thec countryc andc worldwide.c Ic currentlyc workc inc theirc logisticsc departmentc

butc havec dealtc withc theirc informationc systemsc departmentc whenc wec havec securityc

concernsc orc hiccups.c Theirc keyc componentsc forc informationc systemc wouldc bec toc

monitor,c control,c andc protectc communicationsc (transmittedc orc receivedc byc organizationalc

systems)c atc thec externalc boundariesc andc keyc internalc boundariesc ofc organizationalc

systems.c Protectsc thec authenticityc ofc communicationsc sessionsc andc preventsc unauthorizedc

andc unintendedc informationc transferc viac sharedc systemc resources.c Myc companyc canc

relatec toc cyberc domainc becausec ofc howc tightc theirc securityc is.c Oncec ac monthc wec getc ac

phishingc emailc toc helpc usc understandc thatc evenc thoughc thec companyc mayc appearc toc

havec highc securityc ac hackerc canc stillc easilyc slipc inc andc hackc ourc systemsc ifc wec arec notc

carefulc whenc itc comesc toc openingc thec rightc orc wrongc emailsc andc links.c Preventc remotec

devicesc fromc simultaneouslyc establishingc non-remotec connectionsc withc organizationalc

systemsc andc communicatingc viac somec otherc connectionsc toc resourcesc inc externalc

networks.c Thec organizationc Ic chosec toc researchc theirc Informationc Systemc isc Advanced1,c

ac draftingc companyc Ic previouslyc workedc forc whoc isc contractedc byc Spectrum,c theirc mainc

client,c andc otherc companies.c Theyc havec locationsc inc Centralc Texasc withc 3c separatec

officec locationsc inc Sanc Antonio,c Waco,c andc Georgetownc asc theirc mainc office.c Theyc

designc thec layoutc forc fiberc optic,c coaxialc cables,c andc equipmentc toc bec usedc whenc

buildingc subdivisionsc asc wellc asc providingc servicec toc existingc areas.c Thec drafterc mustc

remotelyc logc inc toc thec client’sc serversc andc usec thec designc softwarec theyc use,c mostc

commonlyc v8i.c Inc orderc toc maintainc securityc forc theirc client’sc privacyc thec officesc arec

interlinkedc byc anc EPNc (Enterprisec Privatec Network)c allowingc emailc communicationc

amongstc eachc otherc onlyc andc noc accessc toc outsidec emailsc orc internet,c onlyc Googlec Earthc

forc draftingc purposes.c Upperc managementc arec thec onlyc onesc grantedc accessc toc outsidec

emailsc toc bec ablec toc communicatec withc clientsc onc anyc issuesc thatc mayc comec upc onc

designs.c Ic feelc theirc informationc securityc relatesc toc thec cyberc domainc inc thec wayc theyc

approachc securityc forc theirc networkc toc helpc keepc theirc client’sc informationc confidential.c

Byc limitingc accessc toc outsidec networks,c itc helpsc keepc thec possibilityc ofc hackersc andc

virusesc down.c Everyc drafterc needsc toc logc inc toc thec serversc withc theirc ownc credentialsc

dailyc withc maximumc ofc 12c hoursc allowedc toc bec inc thec serverc beforec needingc toc enterc

theirc credentialsc again.c Evenc thoughc theyc keepc securityc asc thec utmostc priorityc therec isc

stillc roomc forc improvement.c Ic workc forc ac ratherc largec companyc thatc isc onc thec globalc

500c list.c Thisc isc BPc Lubricants.c Whilec Ic havec beenc workingc forc thisc companyc inc ac

generalc ITc rolec Ic havec seenc manyc differentc typesc ofc attacksc comec across.c Mostc commonc

arec thec emailc phishing.c Whilec Ic amc notc inc security,c Ic doc notc seec mostc ofc thec

infrastructurec thatc needsc toc bec securedc andc Ic doc notc dealc withc allc ofc thec differentc typec

ofc threatsc onc ac dailyc basis,c Ic havec seenc quitec ac fewc differentc typesc ofc attacksc andc

attempts.c Mostc ofc ourc infrastructurec includesc databasesc withc informationc assetsc andc

networkingc technologyc toc connectc allc ofc thec differentc sitesc together.c Whilec Ic havec beenc

workingc there,c ic havec onlyc seenc 1c notablec attackc thatc causedc largec scalec companyc widec

issues.c Ic amc notc surec exactlyc whatc itc wasc butc rumorsc saidc thatc itc wasc ac DDoSc typec ofc

attackc onc thec corporatec office.c Ic rememberc thisc specificallyc becausec thec companyc

internetc wasc knockedc outc forc aboutc 3c daysc andc manyc peoplec werec unablec toc work.c

Sincec thenc theyc havec implementedc manyc differentc layersc morec ofc securityc includingc thec

Mimecastc emailc securityc forc betterc scanningc andc filteringc ofc emails.c Beforec thisc systemc

wasc introducedc wec wouldc getc phishingc emailsc oncec everyc sixc orc soc months.c Thisc wouldc

alwaysc comec acrossc asc ac companyc emailc toc justc aboutc everyonec inc thec companyc andc

wec wouldc soonc afterc getc anc emailc fromc thec securityc managerc sayingc notc toc openc itc orc

clickc onc anyc linksc inc itc andc ifc youc hadc toc contactc thec securityc team.c Thec companyc Ic

chosec toc highlightc inc thec weekc onec discussionc isc thec fortunec 500c company,c Sherwin-

Williamsc Paintc Company.c Ic currentlyc workc forc hisc companyc inc ac managementc levelc

positionc andc havec experiencedc manyc degreesc ofc ac lackc ofc informationc security.c Thec

Sherwin-Williamsc companyc hasc thousandsc ofc assets,c whichc needc protectionc fromc

adversaries.c Thesec assetsc includec informationc assetsc asc wellc asc physicalc assets.c Inc thec

currentc worldc wec livec inc peoplec arec constantlyc tryingc toc getc yourc information,c soc youc

needc toc havec ac certainc levelc ofc protectionc toc threatc sources.c Sometimes,c Ic doc notc seec

ac highc levelc ofc securityc withinc thisc company.c Therec havec notc beenc manyc threatc eventsc

thatc Ic havec witnessedc myself,c butc anythingc couldc happen.c Therec hasc beenc anc increasedc

riskc ofc threatsc latelyc becausec ofc COVID-19.c Sherwin-Williamsc wasc strictlyc curbsidec forc

ac period,c andc duringc thisc timec theyc werec takingc allc informationc overc thec phonec orc

writtenc information.c Therec werec occasionsc wherec people’sc personalc informationc wasc

writtenc down,c includingc theirc financialc information,c andc wasc leftc outc forc days.c Luckily,c

evenc duringc ac vulnerablec time,c thec companyc andc thec employeesc didc ac greatc jobc atc

reducingc thec exploitsc inc ourc systems.c Thec Sherwin-Williamsc companyc needsc toc doc ac

betterc jobc atc securingc clientsc informationc onc shortc notice.c Thec computerc systemsc

Sherwin-Williamsc usesc hasc greatc security,c butc whenc youc arec forcedc toc improvise,c

withoutc thec computers,c youc arec morec likelyc toc havec hiccupsc inc thec structure.c Overall,c

theyc havec ac solidc foundationc ofc informationc security,c butc theirc needsc toc bec

improvement.c

Students also viewed