Course: Emerging Threats and Countermeasures
This discussion topic is to be reflective and will be using your own words and not a compilation of direct citations from other papers or sources. You can use citations in your posts, but this discussion exercise should be about what you have learned through your viewpoint and not a re-hash of any particular article, topic, or the book.
Items to include in the initial thread:
- “Interesting Assignments” – What were some of the more interesting assignments to you?
- “Interesting Readings” – What reading or readings did you find the most interesting and why? “Interesting Readings”
- “Perspective” – How has this course changed your perspective?
- “Course Feedback” – What topics or activities would you add to the course, or should we focus on some areas more than others?
Completed Assignments in this Course
Discussion = describe and discuss ways, if any, we can safely share security data. Are there precautions we can take, technical solutions we can use, e.g., like using the CIA triad, or should we just not share these kinds of data? Feel free to argue for and against, just make sure to back up your statements with scholarly support.
Discussion = Internet-related crime occurs every minute. Cybercriminals steal millions of dollars with near impunity. For everyone that is captured nearly 10,000 or not captured. For every one successful prosecuted in a court of law, 100 get off without punishment or with a warning. Why is it so difficult to prosecute cybercriminals?
Research Paper = Contingency Planning
Discussion = Malicious individuals have discovered several methods to attack and defeat cryptosystems. It’s important that understand the threats posed by cryptographic attacks to minimize the risks to your network systems.
Research Paper = Threat Modeling = A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:
Discussion = Many business environments have both visible and invisible physical security controls. You see them at the post office, at the corner store, and in certain areas of your own computing environment. They are so pervasive that some people choose where they live based on their presence, as in gated access communities or secure apartment complexes. Alison is a security analyst for a major technology corporation that specializes in data management. This company includes an in house security staff (guards, administrators, and so on) that is capable of handling physical security breaches. Brad experienced an intrusion—into his personal vehicle in the company parking lot. He asks Alison whether she observed or recorded anyone breaking into and entering his vehicle, but this is a personal item and not a company possession, and she has no control or regulation over damage to employee assets. This is understandably unnerving for Brad, but he understands that she’s protecting the business and not his belongings.
Research Paper = For this assignment, review the article:
Abomhara, M., & Koien, G.M. (2015). Cyber security and the internet of things: Vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security, 4, 65-88. Doi: 10.13052/jcsm2245-1439.414 and evaluate it in 3 pages (800 words), using your own words, by addressing the following:
What did the authors investigate, and in general how did they do so?
Identify the hypothesis or question being tested
Summarize the overall article.
Identify the conclusions of the authors
Indicate whether or not you think the data support their conclusions/hypothesis
Consider alternative explanations for the results
Provide any additional comments pertaining to other approaches to testing their hypothesis (logical follow-up studies to build on, confirm or refute the conclusions)
The relevance or importance of the study
The appropriateness of the experimental design
Discussion = What are the various technologies employed by wireless devices to maximize their use of the available radio frequencies Also discuss methods used to secure 802.11 wireless networking in your initial thread.
Research Paper = Considering the importance of data in organization, it is absolutely essential to secure the data present in the database. What are the strategic and technical security measures for good database security? Be sure to discuss at least one security model to properly develop databases for organizational security. Create a diagram of a security model for your research paper.
Discussion = There are a variety of ways that a cyber-attack can cause economic damage. In many cases, attackers try to “penetrate” systems in order to steal technology or other sensitive information. When do you think an attack can be classified as cyber terrorism?
Research Paper = Penetration testing is a simulated cyberattack against a computer or network that checks for exploitable vulnerabilities. Pen tests can involve attempting to breach application systems, APIs, servers, inputs, and code injection attacks to reveal vulnerabilities. In a well-written, highly-detailed research paper, discuss the following: What is penetration testing, Testing Stages, Testing Methods, Testing, web applications and firewalls.
Discussion = Web server auditing can go a long way in enforcing tighter security and ensuring business continuity. The power of log data is tremendous. Web server logs record valuable information pertaining to usage, errors, and other important security events. Using a specialized auditing tool can be extremely helpful during the audit of web servers. In your discussion this week, please discuss the methods of identifying weak web server configurations and how to mitigate them for a secure web server. Possible concepts to include are SSL certificates, HTTPS usage, attack surface, SQL injection, vulnerability migration, and least privilege. In at least one of your peer responses, provide an overview of how to audit the web server’s security and implement best practices.
Research Paper = Develop a disaster recovery plan for an organization. There are many different templates available online for you to use as reference and guidance. Your plan should cover the following sections (these sections detail the elements in a DR plan in the sequence defined by industry compliance standards ISO 27031 and ISO 24762):
Textbook attached for reference.