Need Peer Responses

profileLaw101

Please see attachments

Due tonight at 10:30pm 

  • 3 years ago
  • 12
files (3)

PeerResponseHSE350Wk3.docx

Peer Response HSE 350

Instructor (Need a response as well): Why is cyber security so important to protect as a critical infrastructure?

Response #1 (Zachary):  Creativity plays a large part in maintaining the cutting edge within any sector. It is no secret our government utilizes privately owned contractors to supplement its capabilities. This supplementation leads to great breakthroughs, as the system of capitalism is leveraged to encourage competition, decentralized wells of creativity are all drawn from to reach an optimized solution.

The problem that stems from these different sources of creativity is that they all must take measures to implement standardization, in order to interface with public bodies. It is through this interfacing that we can find a vulnerability in public infrastructure. Operators of the private systems must be thoroughly vetted to ensure that foul play doesn't come from within. The means of implementation must also be vetted to ensure that foul play can not be done remotely, after being implemented surreptitiously.

It is important for private entities working with public entities to disclose vulnerabilities they have found, as the whole ecosystem is set up to be streamlined using standards that can be exploited repeatedly if one node is compromised. Information must be shared in a sanitized manner so further targeting of sensitive data can be hindered. Compromised systems should also be an indicator to adjacent systems that they may have a vulnerability, as adjacent systems are often the ultimate target of certain attacks, as seen in some phishing attacks where sensitive data is amassed to the point where a more hardened system may be accessed, causing more grave damage.

In short, creating a secure ecosystem of independent networks relies on responsive communication between all networks to establish trust, and identify vulnerabilities and attacks before they get deeper within the ecosystem, where they may cause serve loss.

Response #2 (Kanysia): When it comes to cyberattack detection and prevention, there are many reasons as to why it is necessary and important to share information. Organizations can improve the security postures of other organizations as well as their own by sharing cyber threat information. Sharing of cyber threat information also "allows organizations to better detect campaigns that target particular industry sectors, business entities, or institutions" (Johnson et al, 2016). It can be more beneficial when multiple agencies and sectors have said information, as utilizing many agencies makes it easier to improve and catch threats that a single agency would likely miss. There are a few things that organizations should do before sharing threat information and a few of those include: "Before sharing threat information, organizations should: List the types of threat information that may be shared, Identify approved recipients of threat information, Apply information handling designations that describe recipient obligations for protecting information" (Johnson et al, 2016). It is important to already have a plan in place in case sensitive data happens to get leaked, internal and external threat information sources should be tracked, and find ways to better protect threat information which includes information that is sensitive. Following these procedures along with others not mentioned is a great way to protect the infrastructures security whenever cyber information is being shared. References: Johnson, C., Badger, L., Waltermire, D., Snyder, J., & Skorupka, C. (2016, October).  Guide to Cyber Threat Information Sharing. National Institute of Standards and Technology (NIST) Special Publication 800-150. http://dx.doi.org/10.6028/NIST.SP.800-150 

Must be 100 words each

Instructor response does NOT have to be 100 words

See Rubric for details