Peer responses 9/8/2023

PeerResponseHSE350Wk4.docx

Peer Response HSE 350

Instructor (Need a response as well): Good work addressing the role of the NIST. I believe the monitoring phase is especially important. How has cybersecurity changed over the past ten years?

Response #1 (Audrey): NIST uses a variety of techniques and standards to protect federal networks from cybersecurity and privacy risks. For example, The NIST Cybersecurity Framework which provides a set of guidelines and best practices for managing cybersecurity risk in a consistent and effective way. The Risk Management Framework provides a comprehensive, flexible, repeatable, and measurable 7-step process for managing information security and privacy risk for organizations and systems. The NIST also provides the Privacy Framework, and other factors like Cybersecurity Supply Chain Risk Management and the workforce framework. Recently one of the t initiatives by NIST is to develop an Artificial Intelligence Risk Management Framework, which aims to improve the management of risks to individuals, organizations, and society associated with artificial intelligence The AI-RMF is intended to be compatible with the existing NIST frameworks, such as the CSF and the RMF, and to address the specific challenges and opportunities posed by AI. There are many different technologies and standards they use these are just some prime examples and what job they fulfill. The Enhanced Risk Management Models are also used by NIST are based on the concept of integrating cybersecurity and enterprise risk management. This means that cybersecurity risk is not treated as a separate or isolated issue, but rather as part of the overall risk management strategy of the organization. By aligning cybersecurity objectives with business objectives, organizations can better prioritize their resources, communicate their risk posture, and achieve their desired outcomes.

The Enhanced Risk Management Models are designed to be practical and adaptable to different contexts and needs. They are not prescriptive or one-size-fits-all solutions, but rather provide a common language and framework for understanding and managing risk. They also leverage existing standards and guidelines, such as the NIST SP 800 series, to support implementation of risk management programs. However, like any model or framework, they are not perfect or complete.

Response #2 (Hudson): The National Institute of Standards and Technology (NIST) works in many ways to ensure the highest standard for safety and constantly improve and work to be better. NIST constantly works to create and follow standards that work to ensure the highest level of safety to protect federal networks. One thing that NIST does to help with security is engage with stakeholders and the public very often to make sure that they have systems that work to address the main problems and help to improve security measures. NIST has different activities and techniques within the realm of cybersecurity that are focused on specific needs and can make a positive difference. NIST listed specific priorities that include, “cryptography, emerging technologies, enhanced risk management, identity and

access management, cybersecurity measurements, privacy, trustworthy networks, trustworthy

platforms, and education, training, and workforce development” (NIST Cybersecurity, 2022). Some standards that NIST has help with their overall function and success such as being open and transparent, being collaborative, being practical, and most importantly forward-thinking to stay ahead of the issue. NIST does a great job of working with everyone in both the private and public sector to ensure optimal success (NIST Cybersecurity, 2022). Upon evaluating the Enhanced Risk Management Model, a basic overview recommended that stakeholders create Integrated Cybersecurity and Enterprise Risk Management, NIST Cybersecurity Framework, Risk Management Framework, Privacy Framework, and Cybersecurity Supply Chain Risk Management (NIST Cybersecurity, 2022). In my opinion I think that these models are very practical and work very well. Although there is constant need for improving NIST does a great job of maintaining constant improvements and keeping systems, techniques, and standards up to date with the needs of all levels. These models play a crucial role when it comes to assisting organizations in both the public and private sector and help to increase their level of cybersecurity and risk management. These models give a very structured and secure not to mention safe way of managing cybersecurity risks. These models work together in a great way to improve the safety of infrastructure and remain on top of cybersecurity threats. With the implement of constant improvement and upgrading while at the same time providing risk management there is a very strong security wall set in place.

References:

NIST Cybersecurity & Privacy Program Extended Fact Sheet. (2022, July). https://www.nist.gov/system/files/documents/2022/07/21/Extended%20Cybersecurity%20Vitals%20Fact%20Sheet.pdf

Must be 100 words each

Instructor response does NOT have to be 100 words

See Rubric for details

PeerResponseHSE400Wk4.docx

Peer Response HSE 400

Zebedee: Q: As an investigator you encounter or are handed a case (either one is fine) dealing with national security. It appears there may be a terrorist cell or organization operating within your jurisdiction. Describe what procedures you would need to take pertaining to surveillance and wire-tapping. How would you go about investigating the individuals you believe are terrorist without violating any part of Title III or the Patriot Act? Describe how and why you would do want needed to be done for a sound investigation.

A: The first step as an investigator handing a case with the possibility of a terrorist cell operating within my jurisdiction is obviously gonna be wiretapping I’m gonna want to gather as much information as I can the problem is I have to do it the right way under the umbrella of Title 3 of the Omnibus Crime Control and Safe Streets Act of 1968. This Act outlines procedures for obtaining warrants to authorize wiretapping government officials. So the first step to getting permission I have to plead my case to a Federal Judge if my probable cause is backed by enough evidence that a wiretap will reveal more evidence that a crime is taking place I will be issued a warrant authorizing the interception of communications for up to 30 days. Within those 30 days I have to be able to pull through and obtain any information that I can that includes telephone records such as text and emails, oral wiretapping, and cell tower location updates. With this I should be well within the legal limits of the Patriot act and Title 3. It gets tricky when I have to piece together this possible terrorist cell with other insurgents because if this leads me to a bigger plot or more people I have to get warrants for multiple subjects.

Henry: If there was a suspected terrorist organization operating in my jurisdiction the first thing, I would do would be to survey the suspected area of operation. This process could take some time, but it would be useful to see if a suspected enemy combatant could be identified based on their activities and places they frequent. This would also allow time to gain probable cause for a wiretap in the suspected area. As far as investigating individuals, knowing places they frequent allows one to gather information from people they are seen communicating with. Finding out background information is important in terms of learning what type of individuals are associating with each other. It is possible to catch them in the act of a minor crime which would allow them to be arrested and questioned about their whereabouts without violating Title III or the Patriot Act. Information extracted from them could also be utilized in the probable cause to obtain a warrant. I would want all the proper channels crossed during an investigation so that the wiretapping or surveillance would not be deemed illegal and be suppressed in a court case against the suspects.

References:

Dahda v. U.S. Roosevelt Rico Dahda, 138 S. Ct. 1491, 200 L. Ed. 2d 842 (2018) ( https://www.supremecourt.gov/DocketPDF/17/17-43/22106/20171130135510500_17-43ts.pdf n.d.).

Must be 100 words

See Rubric for Details

PeerResponseHSE350Wk4.docx

Peer Response HSE 350

Instructor (Need a response as well): Good work addressing the role of the NIST. I believe the monitoring phase is especially important. How has cybersecurity changed over the past ten years?

Response #1 (Audrey): NIST uses a variety of techniques and standards to protect federal networks from cybersecurity and privacy risks. For example, The NIST Cybersecurity Framework which provides a set of guidelines and best practices for managing cybersecurity risk in a consistent and effective way. The Risk Management Framework provides a comprehensive, flexible, repeatable, and measurable 7-step process for managing information security and privacy risk for organizations and systems. The NIST also provides the Privacy Framework, and other factors like Cybersecurity Supply Chain Risk Management and the workforce framework. Recently one of the t initiatives by NIST is to develop an Artificial Intelligence Risk Management Framework, which aims to improve the management of risks to individuals, organizations, and society associated with artificial intelligence The AI-RMF is intended to be compatible with the existing NIST frameworks, such as the CSF and the RMF, and to address the specific challenges and opportunities posed by AI. There are many different technologies and standards they use these are just some prime examples and what job they fulfill. The Enhanced Risk Management Models are also used by NIST are based on the concept of integrating cybersecurity and enterprise risk management. This means that cybersecurity risk is not treated as a separate or isolated issue, but rather as part of the overall risk management strategy of the organization. By aligning cybersecurity objectives with business objectives, organizations can better prioritize their resources, communicate their risk posture, and achieve their desired outcomes.

The Enhanced Risk Management Models are designed to be practical and adaptable to different contexts and needs. They are not prescriptive or one-size-fits-all solutions, but rather provide a common language and framework for understanding and managing risk. They also leverage existing standards and guidelines, such as the NIST SP 800 series, to support implementation of risk management programs. However, like any model or framework, they are not perfect or complete.

Response #2 (Hudson): The National Institute of Standards and Technology (NIST) works in many ways to ensure the highest standard for safety and constantly improve and work to be better. NIST constantly works to create and follow standards that work to ensure the highest level of safety to protect federal networks. One thing that NIST does to help with security is engage with stakeholders and the public very often to make sure that they have systems that work to address the main problems and help to improve security measures. NIST has different activities and techniques within the realm of cybersecurity that are focused on specific needs and can make a positive difference. NIST listed specific priorities that include, “cryptography, emerging technologies, enhanced risk management, identity and

access management, cybersecurity measurements, privacy, trustworthy networks, trustworthy

platforms, and education, training, and workforce development” (NIST Cybersecurity, 2022). Some standards that NIST has help with their overall function and success such as being open and transparent, being collaborative, being practical, and most importantly forward-thinking to stay ahead of the issue. NIST does a great job of working with everyone in both the private and public sector to ensure optimal success (NIST Cybersecurity, 2022). Upon evaluating the Enhanced Risk Management Model, a basic overview recommended that stakeholders create Integrated Cybersecurity and Enterprise Risk Management, NIST Cybersecurity Framework, Risk Management Framework, Privacy Framework, and Cybersecurity Supply Chain Risk Management (NIST Cybersecurity, 2022). In my opinion I think that these models are very practical and work very well. Although there is constant need for improving NIST does a great job of maintaining constant improvements and keeping systems, techniques, and standards up to date with the needs of all levels. These models play a crucial role when it comes to assisting organizations in both the public and private sector and help to increase their level of cybersecurity and risk management. These models give a very structured and secure not to mention safe way of managing cybersecurity risks. These models work together in a great way to improve the safety of infrastructure and remain on top of cybersecurity threats. With the implement of constant improvement and upgrading while at the same time providing risk management there is a very strong security wall set in place.

References:

NIST Cybersecurity & Privacy Program Extended Fact Sheet. (2022, July). https://www.nist.gov/system/files/documents/2022/07/21/Extended%20Cybersecurity%20Vitals%20Fact%20Sheet.pdf

Must be 100 words each

Instructor response does NOT have to be 100 words

See Rubric for details

PeerResponseHSE400Wk4.docx

Peer Response HSE 400

Zebedee: Q: As an investigator you encounter or are handed a case (either one is fine) dealing with national security. It appears there may be a terrorist cell or organization operating within your jurisdiction. Describe what procedures you would need to take pertaining to surveillance and wire-tapping. How would you go about investigating the individuals you believe are terrorist without violating any part of Title III or the Patriot Act? Describe how and why you would do want needed to be done for a sound investigation.

A: The first step as an investigator handing a case with the possibility of a terrorist cell operating within my jurisdiction is obviously gonna be wiretapping I’m gonna want to gather as much information as I can the problem is I have to do it the right way under the umbrella of Title 3 of the Omnibus Crime Control and Safe Streets Act of 1968. This Act outlines procedures for obtaining warrants to authorize wiretapping government officials. So the first step to getting permission I have to plead my case to a Federal Judge if my probable cause is backed by enough evidence that a wiretap will reveal more evidence that a crime is taking place I will be issued a warrant authorizing the interception of communications for up to 30 days. Within those 30 days I have to be able to pull through and obtain any information that I can that includes telephone records such as text and emails, oral wiretapping, and cell tower location updates. With this I should be well within the legal limits of the Patriot act and Title 3. It gets tricky when I have to piece together this possible terrorist cell with other insurgents because if this leads me to a bigger plot or more people I have to get warrants for multiple subjects.

Henry: If there was a suspected terrorist organization operating in my jurisdiction the first thing, I would do would be to survey the suspected area of operation. This process could take some time, but it would be useful to see if a suspected enemy combatant could be identified based on their activities and places they frequent. This would also allow time to gain probable cause for a wiretap in the suspected area. As far as investigating individuals, knowing places they frequent allows one to gather information from people they are seen communicating with. Finding out background information is important in terms of learning what type of individuals are associating with each other. It is possible to catch them in the act of a minor crime which would allow them to be arrested and questioned about their whereabouts without violating Title III or the Patriot Act. Information extracted from them could also be utilized in the probable cause to obtain a warrant. I would want all the proper channels crossed during an investigation so that the wiretapping or surveillance would not be deemed illegal and be suppressed in a court case against the suspects.

References:

Dahda v. U.S. Roosevelt Rico Dahda, 138 S. Ct. 1491, 200 L. Ed. 2d 842 (2018) ( https://www.supremecourt.gov/DocketPDF/17/17-43/22106/20171130135510500_17-43ts.pdf n.d.).

Must be 100 words

See Rubric for Details

PeerResponseHSE350Wk4.docx

Peer Response HSE 350

Instructor (Need a response as well): Good work addressing the role of the NIST. I believe the monitoring phase is especially important. How has cybersecurity changed over the past ten years?

Response #1 (Audrey): NIST uses a variety of techniques and standards to protect federal networks from cybersecurity and privacy risks. For example, The NIST Cybersecurity Framework which provides a set of guidelines and best practices for managing cybersecurity risk in a consistent and effective way. The Risk Management Framework provides a comprehensive, flexible, repeatable, and measurable 7-step process for managing information security and privacy risk for organizations and systems. The NIST also provides the Privacy Framework, and other factors like Cybersecurity Supply Chain Risk Management and the workforce framework. Recently one of the t initiatives by NIST is to develop an Artificial Intelligence Risk Management Framework, which aims to improve the management of risks to individuals, organizations, and society associated with artificial intelligence The AI-RMF is intended to be compatible with the existing NIST frameworks, such as the CSF and the RMF, and to address the specific challenges and opportunities posed by AI. There are many different technologies and standards they use these are just some prime examples and what job they fulfill. The Enhanced Risk Management Models are also used by NIST are based on the concept of integrating cybersecurity and enterprise risk management. This means that cybersecurity risk is not treated as a separate or isolated issue, but rather as part of the overall risk management strategy of the organization. By aligning cybersecurity objectives with business objectives, organizations can better prioritize their resources, communicate their risk posture, and achieve their desired outcomes.

The Enhanced Risk Management Models are designed to be practical and adaptable to different contexts and needs. They are not prescriptive or one-size-fits-all solutions, but rather provide a common language and framework for understanding and managing risk. They also leverage existing standards and guidelines, such as the NIST SP 800 series, to support implementation of risk management programs. However, like any model or framework, they are not perfect or complete.

Response #2 (Hudson): The National Institute of Standards and Technology (NIST) works in many ways to ensure the highest standard for safety and constantly improve and work to be better. NIST constantly works to create and follow standards that work to ensure the highest level of safety to protect federal networks. One thing that NIST does to help with security is engage with stakeholders and the public very often to make sure that they have systems that work to address the main problems and help to improve security measures. NIST has different activities and techniques within the realm of cybersecurity that are focused on specific needs and can make a positive difference. NIST listed specific priorities that include, “cryptography, emerging technologies, enhanced risk management, identity and

access management, cybersecurity measurements, privacy, trustworthy networks, trustworthy

platforms, and education, training, and workforce development” (NIST Cybersecurity, 2022). Some standards that NIST has help with their overall function and success such as being open and transparent, being collaborative, being practical, and most importantly forward-thinking to stay ahead of the issue. NIST does a great job of working with everyone in both the private and public sector to ensure optimal success (NIST Cybersecurity, 2022). Upon evaluating the Enhanced Risk Management Model, a basic overview recommended that stakeholders create Integrated Cybersecurity and Enterprise Risk Management, NIST Cybersecurity Framework, Risk Management Framework, Privacy Framework, and Cybersecurity Supply Chain Risk Management (NIST Cybersecurity, 2022). In my opinion I think that these models are very practical and work very well. Although there is constant need for improving NIST does a great job of maintaining constant improvements and keeping systems, techniques, and standards up to date with the needs of all levels. These models play a crucial role when it comes to assisting organizations in both the public and private sector and help to increase their level of cybersecurity and risk management. These models give a very structured and secure not to mention safe way of managing cybersecurity risks. These models work together in a great way to improve the safety of infrastructure and remain on top of cybersecurity threats. With the implement of constant improvement and upgrading while at the same time providing risk management there is a very strong security wall set in place.

References:

NIST Cybersecurity & Privacy Program Extended Fact Sheet. (2022, July). https://www.nist.gov/system/files/documents/2022/07/21/Extended%20Cybersecurity%20Vitals%20Fact%20Sheet.pdf

Must be 100 words each

Instructor response does NOT have to be 100 words

See Rubric for details

PeerResponseHSE400Wk4.docx

PeerResponseHSE350Wk4.docx

PeerResponseHSE400Wk4.docx

PeerResponseHSE350Wk4.docx

PeerResponseHSE400Wk4.docx