STAY SAFE
ONLINE
National Cyber
Awareness Poster
Contest Winner:
Sergio, Grade 11,
Virginia
2019 CIS Posters.indd 1 7/9/18 4:10 PM
BE A GOOD
DIGITAL CITIZEN
National Cyber
Awareness Poster
Contest Winner:
Stephanie, Grade 7,
North Carolina
2019 CIS Posters.indd 2 7/9/18 4:10 PM
BROWSE SAFELY
ONLINE
National Cyber
Awareness Poster
Contest Winner:
Danielle, Grade 11,
New York
2019 CIS Posters.indd 3 7/9/18 4:10 PM
DON’T TAKE
THE BAIT
National Cyber
Awareness Poster
Contest Winner:
Diya, Grade 7,
New Jersey
2019 CIS Posters.indd 4 7/9/18 4:10 PM
Running head: THE LEGALIZATION OF MARIJUANA
1
THE LEGALIZATION OF MARIJUANA
6
The Legalization of Marijuana
Northwest University Online
March 16, 2019
The Legalization of Marijuana
Marijuana, which has a scientific name of Cannabis Sativa, is a plant that has sparked mixed feelings not only in the United States but all over the world. Jamaica has been the oldest nation that has come out openly to legalize marijuana, and it has been preaching the same gospel to other parts of the world (Campbell, Twenge, & Carter, 2017). Different nations are now seeing the need
to legalize marijuana. However, irrespective of the fact that nations that advocate for marijuana legalization have provided facts that they believe should be followed,
there are opposing forces from different perspectives
, and they have sparked arguments
that continue to increase the heat on the debate of whether to legalize marijuana. The controversial debate on whether to legalize marijuana has been argued from two different perspectives and each of the perspectives will be focused on.
Argument for
In the United States, more than ten states have so far legalized marijuana. What is more fascinating is the fact that other states are following suit and there are headed in the same direction. The states that have legalized marijuana have legalized it based on recreation and medical use. It is therefore evident that the topic of legalizing marijuana has been medically
motivated (Campbell et al. 2017). Apart from the few states in the united states,
there are other countries that have come in the open to legalize marijuana. Some of the nations are Canada, Belize, Jamaica, Colombia, Ecuador, Peru, Uruguay, Cambodia, Laos, and Belgium.
The people who support the legalization of marijuana have given their reasons.
The first reason is the reduction of addiction and use of substandard marijuana. One of the reasons
why some people are affected by marijuana is because of the quality of the marijuana that they are exposed to. The fact that marijuana is illegal gives the peddlers an opportunity to sell substandard marijuana, and that affects the health of the smoker. If marijuana was legalized, there would
be an opportunity for the users to get information about the substance. As a result, the use of substandard substance would be frustrated. The legalization of marijuana would also pr.
1. STAY SAFE
ONLINE
National Cyber
Awareness Poster
Contest Winner:
Sergio, Grade 11,
Virginia
2019 CIS Posters.indd 1 7/9/18 4:10 PM
BE A GOOD
DIGITAL CITIZEN
National Cyber
Awareness Poster
Contest Winner:
Stephanie, Grade 7,
North Carolina
2019 CIS Posters.indd 2 7/9/18 4:10 PM
BROWSE SAFELY
ONLINE
National Cyber
2. Awareness Poster
Contest Winner:
Danielle, Grade 11,
New York
2019 CIS Posters.indd 3 7/9/18 4:10 PM
DON’T TAKE
THE BAIT
National Cyber
Awareness Poster
Contest Winner:
Diya, Grade 7,
New Jersey
2019 CIS Posters.indd 4 7/9/18 4:10 PM
Running head: THE LEGALIZATION OF MARIJUANA
1
THE LEGALIZATION OF MARIJUANA
6
The Legalization of Marijuana
Northwest University Online
March 16, 2019
The Legalization of Marijuana
3. Marijuana, which has a scientific name of Cannabis Sativa, is a
plant that has sparked mixed feelings not only in the United
States but all over the world. Jamaica has been the oldest nation
that has come out openly to legalize marijuana, and it has been
preaching the same gospel to other parts of the world
(Campbell, Twenge, & Carter, 2017). Different nations are now
seeing the need
to legalize marijuana. However, irrespective of the fact that
nations that advocate for marijuana legalization have provided
facts that they believe should be followed,
there are opposing forces from different perspectives
, and they have sparked arguments
that continue to increase the heat on the debate of whether to
legalize marijuana. The controversial debate on whether to
legalize marijuana has been argued from two different
perspectives and each of the perspectives will be focused on.
Argument for
In the United States, more than ten states have so far legalized
marijuana. What is more fascinating is the fact that other states
are following suit and there are headed in the same direction.
The states that have legalized marijuana have legalized it based
on recreation and medical use. It is therefore evident that the
topic of legalizing marijuana has been medically
motivated (Campbell et al. 2017). Apart from the few states in
the united states,
there are other countries that have come in the open to legalize
marijuana. Some of the nations are Canada, Belize, Jamaica,
Colombia, Ecuador, Peru, Uruguay, Cambodia, Laos, and
Belgium.
The people who support the legalization of marijuana have
given their reasons.
The first reason is the reduction of addiction and use of
4. substandard marijuana. One of the reasons
why some people are affected by marijuana is because of the
quality of the marijuana that they are exposed to. The fact that
marijuana is illegal gives the peddlers an opportunity to sell
substandard marijuana, and that affects the health of the
smoker. If marijuana was legalized, there would
be an opportunity for the users to get information about the
substance. As a result, the use of substandard substance would
be frustrated. The legalization of marijuana would also promote
the selling of high-quality marijuana because competitiveness
would be promoted (Paschall, Grube, & Biglan, 2017). When
there are different players in the industry who have been
allowed to compete against each other, they are likely to focus
on improving quality with the aim of winning more customers.
Addiction to marijuana is associated with the secrecy that is
promoted in its consumption. Human beings are naturally
curious, and that means that if they are restricted from engaging
in a specific act, they tend to engage in it more. Giving the
users the freedom would limit their consumption rate thus
affecting their addiction.
Argument against
Religious leaders and community leaders have been on the front
line when it comes to arguing against the legalization of
marijuana
. They argue from the basis of the effects that the substance has
on the users. Marijuana is addictive, and it also affects the
reasoning ability of the user. From a religious perspective, the
leader believes that a substance that affects the decision-making
process of a person should not be consumed (Monte, Zane, &
Heard, 2015). The abuse of marijuana has been evident in many
cases, and it increases the dependency cases. The argument
against the legalization of marijuana is based on facts as well,
and these facts have been seen through observations.
5. The bipartisan argument
Even though there are people who have taken a hard position on
whether marijuana should be legalized, there is a group of
people who believe that the whole issue should not take an
emotional turn and the argument should not be biased. The
bipartisan parties believe that if the implementation of any law
was to take place, it should take place not based on the
emotions but on scientific facts (Hall & Weier, 2017). It would,
therefore, be essential to call all stakeholders in this case and
try to investigate some of the effects that might come with the
legalization of marijuana (McGinty et al. 2016). The people
who take this perspective believe that the legalization of
marijuana should be based on the effects that it might have on
the members of the community.
It would not make sense to legalize a substance that can wipe
the whole young generation, and at the same time, it would be
unfair to stop the legalization of a substance that might have
more benefits than harm.
The sections of people who take the bipartisan position believe
that research would be essential in this case. The best way to
deal with an issue is by making sure that extensive research is
carried out with the primary aim of knowing the facts that are
associated with the issue at hand. The reason behind it is
because people who support the legalization have points which
they consider to be facts (Hall & Weier, 2017). The same case
applies to people who are against the legalization. When two
parties present two different arguments and provide points that
are factual to them, it becomes imperative to have a neutral
body that helps in knowing which side presents facts that cannot
be refuted, and which side presents mere assumptions.
6. Conclusion
The controversial topic of the legalization of marijuana
continues to attract attention internationally. However, nations
that feel it is right to legalize marijuana have done so. In some
nations, the arguments continue taking center stage, and it is not
clear on what will happen. Each side of the argument presents
points which are strong. Therefore, it means that there is still a
long way to go before all nations that want to legalize marijuana
can do so.
You have all your organizational pieces in place. Now you are
ready to build on the arguments/research and give us more
specifics. Consider revising and/or removing sentences that are
vague/repetitive, and replacing them with your own clear
analysis. One thing that will be helpful is including some direct
quotations. Great use of in-text citations as summaries – but
don’t be afraid to use direct quotation as well. Your empirical
studies will gives us numbers for the “facts” you briefly
mention.
Using a third side – the bipartisan argument – gives your essay
a unique/whole perspective that allows your argument to be
both global and local. Looking forward to your next draft!
References
Campbell, W., Twenge, J., & Carter, N. (2017). Support for
marijuana (cannabis) legalization:
untangling age, period, and cohort effects. Collabra:
Psychology, 3(1).
Hall, W., & Weier, M. (2017). Has marijuana legalization
increased marijuana use among US
youth? JAMA Pediatrics, 171(2), 116-118.
McGinty, E. E., Samples, H., Bandara, S. N., Saloner, B.,
Bachhuber, M. A., & Barry, C. L.
(2016). The emerging public discourse on state legalization of
7. marijuana for recreational
use in the US: Analysis of news media coverage, 2010–
2014. Preventive Medicine, 90,
114-120.
Monte, A. A., Zane, R. D., & Heard, K. J. (2015). The
implications of marijuana legalization in
Colorado. Jama, 313(3), 241-242.
Paschall, M. J., Grube, J. W., & Biglan, A. (2017). Medical
marijuana legalization and marijuana
use among youth in Oregon. The journal of primary
prevention, 38(3), 329-341.
�What sorts of needs? Consider giving an example here?
�What facts? Why should they be followed?
�And what are the opposing perspectives? Be specific.
�What are the arguments?
You don’t need to spell everything out in the introduction – that
is what you will be doing in the essay, after all. However,
allude to what you will be discussing.
Remember introductions and theses share in the job of serving
as a map for your readers. Intrigue and guide us.
�You just mentioned recreation, as well. Where does that play
in here?
8. �Capital.
�Analysis here – consider if there any connections between
these countries + the different states. Why these countries and
not others?
�Too vague.
Consider the job of a topic sentence.
� HYPERLINK
"https://owl.purdue.edu/engagement/ged_preparation/part_1_les
sons_1_4/index.html"
�https://owl.purdue.edu/engagement/ged_preparation/part_1_le
ssons_1_4/index.html�
�Repetition of “reason” – vary your language.
�As you are speaking to both sides of the argument – be careful
with language that deals in absolutes.
So, consider a statement with “could” or something similar.
�This feels like a new topic: addiction/consumption.
9. Engage with this further in a new paragraph. Doing this would
also be a good transition to where you are going next.
�Great topic sentence!
�What are the facts? What are the observations? Give us
specifics, and analyze why this is so.
�I like this additional side of the argument! Most are looking at
the users/addicts and the businesses/drug cartels. Instead you
are adding in the effect it has on the community at large. This
will be a true strength to your analysis.
�And what are those benefits?
Security Overview
CMGT/433 Cyber Security
Name
University of Phoenix
April 3, 2019
Dayton Soft Products
Executive Staff Presentation
Introduction
Good morning, and thank you for attending this important
presentation. We will begin momentarily. **PAUSE**
10. 1
Introduction
Introduction
Dayton Soft Products was established in 2001 and has recently
hired 55 new employees which brings our current onsite
employee count to 155. In addition to onsite employees, we also
employ over 743 offsite employees who reside in locations all
across the globe. The reason for our increased hiring trends is
as a direct result of our product line tripling over the last five
years. With this growth, our annual revenues have increased
from $73k in 2010 to over $3.3 million at the end of Financial
Year 2017. While this is exciting news, protecting our data and
information assets is paramount to long-term business
continuity. Therefore, this presentation represents an overview
of our new Cyber security Plan for Dayton Soft Products.
2
National Institute of Standards and Technology
cybersecurity makes reference to the protection of information
through detection, response and prevention of attacks (NIST,
2019).
National Initiative for Cyber Security Careers and Studies
ability, process, or activity through which communication and
information systems are protected against unauthorized use,
damage, exploitation or modification (NICCS, 2019).
Cybersecurity Defined
11. Cybersecurity Defined
In today’s society, data and information are considered valuable
assets. Protecting data is paramount to sustaining long-term
business continuity for most companies. Companies must
manage and control data to provide a secure environment that is
protected from cyber attack. Security goals are identified as
being accountability, integrity, availability, and confidentiality
of data and information assets. According to the “National
Institute of Standards and Technology” (NIST), cybersecurity
makes reference to the protection of information through
detection, response and prevention of attacks (Kahyaoglu &
Caliyurt, 2018). Another definition for Cybersecurity comes
from the “National Initiative for Cyber Security Careers and
Studies” (NICCS), who views Cybersecurity as an ability,
process, or activity through which communication and
information systems are protected against unauthorized use,
damage, exploitation or modification (NICCS, 2019). In simpler
terms cybersecurity can be viewed as the protection of data
from cyberspace.
3
Cybersecurity vs. Enterprise Security
Cyber security versus Enterprise Security – How do they differ?
Cyber security is different from Enterprise security in that it is
focused on protecting digital data from threats in cyberspace.
Enterprise security, on the other hand, protects all types of data
in general. Both cyber security and enterprise security work
together in protecting a company’s main asset, its data, from
12. destruction, modification, theft, recording, unauthorized use,
unauthorized access, inspection, and disclosure
(Secureworks.com, 2019). Cybersecurity can be seen as
protecting both enterprise and data from outside sources.
4
Dayton Soft Products
Cybersecurity Milestones Timeline
Timeline & Brief Explanation of Cyber Milestones
Timelines are very important when creating a solid Security
Plan. The Dayton Soft Products timeline, as shown on the
screen, illustrates individual milestones that describe elements
of a cybersecurity plan and identifies when and how these
elements will be implemented. According to Pfleeger &
Pfleeger (2015), the dates have been used to set milestones to
ensure the management keeps track of the implementation
progress (Timetable, p. 677). Milestones are an important part
of a timeline, within a Security plan, because it helps ensure
that security controls are implemented in a specific order,
usually, the critical threats take priority. (Excel
Spreadsheet/Chart attached).
5
Dayton Soft Products
Cybersecurity Milestones Brief Explanation
Brief Explanation of Cyber Milestones
The milestones identified on the screen represents an on-going
13. schedule to assist in remaining vigilant against cyber threats
and attacks. By reaching these milestones, Dayton Soft Products
can be assured they are protecting company data and
information assets. With the increase in the number of
employees on and off-site, these milestones are a critical part of
keeping our data secure. (Excel Spreadsheet/Chart attached).
6
Dayton Soft Products
Importance of Knowing Cyber Milestones
Importance of Knowing Cybersecurity Milestones
Understanding the difference between a project deadline and a
milestone is very important when managing a cybersecurity
project. A milestone shows that an important goal has been
reached and signals that the project can move forward. Many
times the project is stuck until a milestone is reached and can,
therefore, put a project behind, which can be detrimental to a
project, especially where cybersecurity is concerned. Cyber
milestones are very important for improving security for a
company because it signals the company is one step closer to
securing its digital data and protecting a viable asset.
Milestones do not make a project take longer, in and of
themselves, however not reaching one can impact the end date
of a cybersecurity project. For Dayton Soft Products current
environment, milestones let personnel know that there is still
work to do before the systems are secure. Milestones affect a
company's future environment because as each one is
accomplished, the company reaches a more secure threshold.
Additionally, milestones help enterprises determine client,
server, device, and network vulnerabilities coupled with
successful prediction of behavioral and human vulnerabilities.
14. 7
4 Strategies that Can Determine Current Security Environment
4 Strategies that could be Used to Determine Dayton Soft
Products Security Environment, the Impact of the Strategy, and
the Resources required.
Dayton Soft Products can use several strategies to determine the
status of their current security environment. The following
slides illustrate each strategy, along with the impact of the
strategy, and the resources required to implement the strategy.
The four strategies chosen for Dayton Soft Products include
Analysis and Assessment of Risk, Treatment for Risks, Risk
Mitigation, and Security Assurance and Auditing.
8
Current Security Environment
Risk Analysis
Risk Treatment
Security Awareness
Risk Management
15. Risk Analysis / Risk Assessment
Dayton Soft Products
Determine Current Security Environment – Strategy
#1LIKELIHOOD
Of
IMPACTSEVERITY OF IMPACTLow ImpactMinor
DamageModerate DamageMajor DamageCatastrophicHighly
UnlikelyUnlikelyPossibleProbableCertain
Dayton Soft Products Strategy #1 – Risk Assessment Impact
A Risk Analysis can be used to help determine Dayton Soft
Product’s current security environment. Potential scenarios are
examined and the likelihood of impact along with the severity
of impact are categorized to determine potential losses in the
event of a cyber attack. According to Pfleeger & Pfleeger
(2015), a Risk Analysis can be used by an organization to (1)
increase awareness, (2) create a linkage between management
objectives and security mission, (3) evaluate vulnerabilities,
assets, and controls, and (4) create a foundation for decision
making (“Arguments For and Against Risk Analysis”, p. 705).
Improved awareness occurs while discussing security issues
with peers or co-workers who have a general knowledge of
cyber attacks. Discussions help to educate them on ways that
security relates to individual job roles. Additionally, a Risk
Analysis can assist management in understanding the need to
spend money on security software and controls.
16. Resources Required
A Risk Analysis requires resources to identify and tag company
computers and equipment that the company may not be tracking.
Employee resources are necessary to go from machine to
machine to tag/document each piece of equipment. Tagging
equipment assists in putting a dollar value to the equipment that
can now be counted and tracked for depreciation purposes.
Vulnerabilities reside with unknown laptops or other equipment
that may be connected to the company network, that security
personnel may be unaware of existing on the network. Finally,
the most important part of a Risk Analysis, in my opinion, is the
betterment of decision making regarding upgrades and new
equipment purchases. A Risk Analysis can support this need and
assist in getting equipment purchase requests approved because
they support the request for approval. Risk Analysis’ should be
updated annually and serve as a living document.
Financial Impact
The only real downside to a Risk Analysis is that the financial
impact is only a guess.
9
Risk Treatment Plan
Dayton Soft Products
Determine Current Security Environment – Strategy #2
Communication with Stakeholders
Monitor and Review Risks and Controls
Dayton Soft Products Strategy #2 – Risk Treatment Impact
A Risk Treatment Plan is typically done once the Risk Analysis
is completed. Dayton Soft Products can utilize a Risk Treatment
Plan (RTP) to summarize risks identified in the Risk Analysis.
Also noted in the RTP are the risk responses and mitigation,
risk owners, and risk treatment target date. The RTP is a
17. document that describes employee roles and their
responsibilities as well as detailed actions that will need to be
done and the date to implement these actions in order to obtain
an acceptable level of risk for each occurrence. The impact that
the RTP will have on Dayton Soft Products is substantial since
they will now have a document to follow with detailed
instructions on how to respond to a cyber-related incident.
There are four main options in response to an attack including:
(1) tolerate/retain if the risk is too costly to treat or too small of
an impact to justify treating or modifying it, (2) terminate /
avoid if the decision to stop the cause of or activity that is
creating the risk, (3) transfer / share if the risk is something that
has been identified as a risk that a third party is contracted to
handle for the company, and (4) treat / modify the risk by
implementing specific controls to reduce impact to Dayton or
the likelihood that the incident will occur, if appropriate,
Resources Required
Resources required for a Risk Treatment Plan include security
personnel’s time and expertise. Financial impacts include
employee payroll, third-party fees, etc.
10
Establish Context
What are our objectives?
Identify Risks
Why, How, and When
19. Risk Management
Dayton Soft Products
Determine Current Security Environment – Strategy #3
Dayton Soft Products Strategy #3 – Risk Management Impact
Risk management encompasses the calculation of asset values in
relation to the potential harm that may be caused by risk. The
impact to Dayton Soft Products from a cyber attack includes the
amount of damage caused, cost of protecting data and systems,
countermeasures and controls, and loss of business if the risk
brings down the company's system. Financial impact in creating
a Risk Management Plan (RMP) includes costs of implementing
countermeasures to protect the company from potential threats.
The negative aspect of an RMP is the complexities involved in
attaching a value to an asset. Assets can be the time the network
is down, corrupted files, loss/leaking of data, and literally
thousands of other similar threats. It is best to gauge the
financial impact over a time period to get a more accurate
account of financial impacts to various threats. Risk infiltration
impacts Dayton Soft Products in many ways, including loss of
employee productivity, loss of sales, loss of customer trust, etc.
Resources Required
Professional security personnel is needed to calculate potential
losses. Also, the company will be impacted financially because
they will need the services of an Attorney due to legal liabilities
involved in some types of cyber attacks, such as identity theft
20. which may result from criminals stealing customer information.
11
Risk Management
Assess
Identify
Control
Review
Security Assurance & Auditing
Dayton Soft Products
Determine Current Security Environment – Strategy #4
CYBER
21. Dayton Soft Products Strategy #4 – Security Assurance &
Auditing Impact
Dayton Soft Products would greatly benefit by utilizing the
strategy of a Cybersecurity Assurance and Auditing Plan. This
plan is a great tool that assists in lowering risk potential by
putting into place standardized procedures, and testable criteria
for risks, weaknesses, and vulnerabilities. Dayton Soft Products
would benefit from a Security Assurance and Auditing Plan by
using it to identify and address known malware and viruses to
help in lowering exposure to exploitation. This plan can also
help enhance security awareness efforts and expand security
controls for the company.
12
Security
Technology
Intelligence
Training
22. Dayton Soft Products
Security Overview
REFERENCES
Reference Slide
CESG (2012). Assurance of ICT systems and services, Good
Practice Guide, No. 30, CESG Information Assurance Portal.
Retrieved from
www.ncsc.gov.uk/content/files/guidance_files/GPG%2030%20-
%20Assurance%20of%20ICT%20Systems%20and%20Services%
20-%20issue%202.1%20-%20Oct%2015%20-
%20NCSC%20Web.pdf
NIST.gov (2019). Glossary of key information security terms.
National Institute of Standards and Technology Interagency or
Internal Report, NISTIR 7298, Revision 2. Retrieved from
http://csrc.nist.gov/publications
NICCS.gov (2019). A Glossary of Common Cybersecurity
Terminology. Retrieved from https://niccs.us-cert.gov/about-
niccs/glossary
Pfleeger, C. P., Pfleeger, S. L., Margulies, J. (2015). Security in
computing (5th ed.). Saddle River, NJ: Pearson/Prentice Hall.
Secureworks.com (2019). Cybersecurity versus Network
23. Security versus Information Security. Retrieved from
https://www.secureworks.com/blog/cybersecurity-vs-network-
security-vs-information-security
Sezer Bozkus Kahyaoglu, Kiymet Caliyurt, (2018). Cyber
Security Assurance Process from the Internal Audit
Perspective. Managerial Auditing Journal, Vol. 33 Issue: 4,
pp.360-376. Retrieved from https://doi-
org.contentproxy.phoenix.edu/10.1108/MAJ-02-2018-1804
13
Dayton Soft Products
Project StartEstablish Cybersecurity TeamIdentify Critical
Digital Assets & SystemsImplement Communication
BarriersImplement Access Control for Portable and Mobile
Devices.Remote Access Testing for offsite employeesConduct
Training for Offsite EmployeesConduct Training for Onsite
EmployeesUpdate and document cyber security controls and
protocolsAssessment and Monitoring Full Cybersecurity Plan
ImplementationProject End1 Jan1 Feb1 Mar1 Apr1 May1 Jun1
Jul1 Aug1 Sep1 Oct1 Nov1 Dec
Project TimelineDayton Soft ProductsProject
MilestonesDateMilestoneDescriptionPositionBaseline1/1/19Proj
ect Start-2001/31/19Establish Cybersecurity TeamTeam
members chosen for the Cybersecurity Team may require
additional training to ensure adequate performance of
cybersecurity assessments and testing.1002/28/19Identify
Critical Digital Assets & SystemsThis includes offsite
communications, support systems, system components and
structures that if compromised would cause great harm to
Dayton Soft Products.-1003/31/19Implement Communication
BarriersThis protects critical systems from cyber attacks from
the Internet and company business systems by isolating them.
Prevents remote access to core business
systems.2504/30/19Implement Access Control for Portable and
Mobile Devices.Portable and mobile devices are used to transfer
24. digital data and can be used to spread malicious software to
company systems. This milestone includes updating firmware
and software on equipment.-1505/31/19Remote Access Testing
for offsite employeesThis protects business systems and the
company network by ensuring that appropriate access controls
are in place for offsite employees and vendors who are
accessing company systems from outside the
office.1506/30/19Conduct Training for Offsite
EmployeesTraining is paramount to provide cyber threat
awareness to offsite employees. -1507/31/19Conduct Training
for Onsite EmployeesTraining is paramount to provide cyber
threat awareness to onsite employees.1508/31/19Update and
document cyber security controls and protocolsKeeping Security
controls and protocols involved keeping procedures up-to-date,
which is a critical milestone, especially as new cyber threats are
identified and mitigation procedures are changed.-
2009/30/19Assessment and Monitoring Implementation of
ongoing assessment and monitoring activities.20012/1/19Full
Cybersecurity Plan ImplementationCybersecurity Plan is fully
implemented and all security controls and actions have been
completed.-15012/31/19Project End100
Position
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
25. [CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CATEGORY NAME]
Project Start Establish Cybersecurity Team Identify Critical
Digital Assets & Systems Implement Communication
Barriers Implement Access Control for Portable and Mobile
Devices. Remote Access Testing for offsite employees
Conduct Training for Offsite Employees Conduct Training
for Onsite Employees Update and document cyber security
controls and protocols Assessment and Monitoring Full
Cybersecurity Plan Implementation Project End -20 10 -
10 25 -15 15 -15 15 -20 20 -15 10 Date 43466
43496 43524 43555 43585 43616 43646
43677 43708 43738 43800 43830 0 0
0 0 0 0 0 0 0 0 0 0
Project Milestones
DateMilestoneDescriptionPosition
1/1/2019Project Start-20
1/31/2019Establish Cybersecurity Team
Team members chosen for the Cybersecurity Team may require
additional training to ensure adequate performance of
cybersecurity
assessments and testing.
26. 10
2/28/2019Identify Critical Digital Assets & Systems
This includes offsite communications, support systems, system
components and structures that if compromised would cause
great
harm to Dayton Soft Products.
-10
3/31/2019Implement Communication Barriers
This protects critical systems from cyber attacks from the
Internet and
company business systems by isolating them. Prevents remote
access
to core business systems.
25
4/30/2019
Implement Access Control for Portable and
Mobile Devices.
Portable and mobile devices are used to transfer digital data and
can
be used to spread malicious software to company systems. This
milestone includes updating firmware and software on
equipment.
-15
5/31/2019
Remote Access Testing for offsite
employees
This protects business systems and the company network by
ensuring
that appropriate access controls are in place for offsite
employees
and vendors who are accessing company systems from outside
the
office.
15
6/30/2019Conduct Training for Offsite Employees
Training is paramount to provide cyber threat awareness to
27. offsite
employees.
-15
7/31/2019Conduct Training for Onsite Employees
Training is paramount to provide cyber threat awareness to
onsite
employees.
15
8/31/2019
Update and document cyber security
controls and protocols
Keeping Security controls and protocols involved keeping
procedures
up-to-date, which is a critical milestone, especially as new
cyber
threats are identified and mitigation procedures are changed.
-20
9/30/2019Assessment and Monitoring Implementation of
ongoing assessment and monitoring activities.20
12/1/2019Full Cybersecurity Plan Implementation
Cybersecurity Plan is fully implemented and all security
controls and
actions have been completed.
-15
12/31/2019Project End10
Project TimelineDayton Soft ProductsProject
MilestonesDateMilestoneDescriptionPositionBaseline1/1/19Proj
ect Start-2001/31/19Establish Cybersecurity TeamTeam
members chosen for the Cybersecurity Team may require
additional training to ensure adequate performance of
cybersecurity assessments and testing.1002/28/19Identify
Critical Digital Assets & SystemsThis includes offsite
communications, support systems, system components and
structures that if compromised would cause great harm to
Dayton Soft Products.-1003/31/19Implement Communication
BarriersThis protects critical systems from cyber attacks from
28. the Internet and company business systems by isolating them.
Prevents remote access to core business
systems.2504/30/19Implement Access Control for Portable and
Mobile Devices.Portable and mobile devices are used to transfer
digital data and can be used to spread malicious software to
company systems. This milestone includes updating firmware
and software on equipment.-1505/31/19Remote Access Testing
for offsite employeesThis protects business systems and the
company network by ensuring that appropriate access controls
are in place for offsite employees and vendors who are
accessing company systems from outside the
office.1506/30/19Conduct Training for Offsite
EmployeesTraining is paramount to provide cyber threat
awareness to offsite employees. -1507/31/19Conduct Training
for Onsite EmployeesTraining is paramount to provide cyber
threat awareness to onsite employees.1508/31/19Update and
document cyber security controls and protocolsKeeping Security
controls and protocols involved keeping procedures up-to-date,
which is a critical milestone, especially as new cyber threats are
identified and mitigation procedures are changed.-
2009/30/19Assessment and Monitoring Implementation of
ongoing assessment and monitoring activities.20012/1/19Full
Cybersecurity Plan ImplementationCybersecurity Plan is fully
implemented and all security controls and actions have been
completed.-15012/31/19Project End100
Position
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
29. [CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CELLRANGE]
[CATEGORY NAME]
Project Start Establish Cybersecurity Team Identify Critical
Digital Assets & Systems Implement Communication
Barriers Implement Access Control for Portable and Mobile
Devices. Remote Access Testing for offsite employees
Conduct Training for Offsite Employees Conduct Training
for Onsite Employees Update and document cyber security
controls and protocols Assessment and Monitoring Full
Cybersecurity Plan Implementation Project End -20 10 -
10 25 -15 15 -15 15 -20 20 -15 10 Date 43466
43496 43524 43555 43585 43616 43646
43677 43708 43738 43800 43830 0 0
0 0 0 0 0 0 0 0 0 0
1
Prioritizing Threats
30. Prioritizing Threats 13
CMGT/433 Cyber Security
Prioritizing Threats – Dayton Soft Products
Name
University
April 3, 2019
Cyber Security Executive Summary
Introduction
The following Executive Summary illustrates items the team is
requesting additional information on, including types of
challenges and cybersecurity threats, how they impact the
organization, and how these threats should be addressed.
Prioritization of the top five risks is shown in table format
along with the impact these cyber threats could have on Dayton
Soft Products network and devices. Finally, the explanation of
the importance of detection and intrusion testing is reviewed,
along with challenges that mobile and cloud computing brings
to our organization.
Cyber Security Threat Categories
1. Mobile Device Security Threats
2. Web Application Security Threats
3. Internet of Things Security Risks
4. Cloud Security Risks
5. Network Security Threats
6. Email Security Threats
7. Social Media Security Risks
31. 8. Endpoint Security Risks
Common cybersecurity threats come from several categories,
including mobile threats, Internet of Things (IoT) risks, web
application threats, cloud threats, network threats, email
security threats, social media risks, and endpoint security risks
(Fortinet.com, 2019). Within these cyber threat categories,
some subcategories are identified below each main class. Below
is a table that lists the main cybersecurity threat categories and
common cyber threats for each main type, underneath them.
CATEGORIES
Mobile
Web Apps
Internet of Things (IoT)
Cloud
Network
Email
Social Media
Endpoint
Cyber Threat #1
Unsecured
Wi-Fi
Injection
Application Vulnerabilities
Data Loss
Virus/Trojan Horse
Malicious Links
Phishing Scams
Mobile threats (BYOD)
Cyber Threat #2
Data Leaks
Cross-Site Scripting
Unsecured wireless devices
Insider Threats
Rogue Software
Distributed Denial of Service (DDoS)
32. Malware
Compromised Routers
Cyber Threat #3
Broken Cryptography
Misconfigurations
BYOD unsecured devices
Denial of Service
Spyware and Adware
Ransom-ware
Malicious Links
Fax Machines & Printers
Table 1. Cyber Threat Categories and Sub-categories
The above challenges and their detailed impact statements are
prioritized below, beginning with Mobile Security threats.
Challenges
Impact on Dayton Soft Products
Mobile Security Threats
Unsecured Wi-Fi
Threats to the organization can occur when employees use
unsecured wi-fi in places such as airports, coffee shops, etc.
With 743 off-site employees place around the globe, training
and other security protocols must be rolled out to all employees.
Off-site employees are not the only ones at risk, onsite
employees travel and frequent coffee shops too.
Data Leaks
Applications downloaded to mobile phones can be the cause of
unintentional data leakage (Kaspersky.com, 2019). Some
applications contain risky-ware that sends data to servers
remotely that is used by cybercriminals for illegal actions.
Broken Cryptography
Broken cryptograph occurs when developers use poor
encryption algorithms containing vulnerabilities. This can lead
to hackers modifying the send/receive capabilities of the
application and send copies of text messages to other locations
33. without the users’ knowledge.
Web Application Threats
Injection
Hackers use this threat on a target interpreter to exploit its
syntax by attacking them through text (Owasp.org, 2019, Top 10
Injection). By understanding the syntax, the attackers can send
untrusted data to the target interpreter. This type of threat is
very common in legacy applications, such as SQL and XPath
queries.
Cross-Site Scripting
This type of threat involves hackers using scripts to hijack a
user’s session via the browser. It can redirect users, use
malware to hijack their browser, or even deface websites
(OWasp.org, 2019).
Misconfigurations
Misconfigurations can occur at all levels of the application
stack, from the web server to the application server. The hacker
exploits this threat by accessing unused pages, unpatched flaws,
default accounts, and unprotected files to obtain access to a
business system. This frequently occurs to machines that do not
have the latest security patches and the updates installed and
can result in the entire system being compromised.
Internet of Things (IoT) Security Threats
Application Vulnerabilities
The Internet of Things brings along with its massive
vulnerabilities and threats to Dayton Soft Product. Application
software is distributed for an exponential number of devices and
balancing security with flexibility can be a real challenge.
Unsecured Wireless Devices
The Internet of Things (IoT) apps can be installed on a wide
number of different device types, such as refrigerators,
automobiles, hospital equipment, and other business machines
and many of these device types do not have the capability of a
secure environment in which to monitor or scan for security
threats.
BYOD Unsecured Devices
34. BYOD is in this category because employees bringing personal
devices containing a multitude of unsecured applications is
normal in today's business environment. Often, companies do
not provide company-issued iPads, Smartphones, Tablets,
Laptops, etc., so the employee is expected to purchase and use
personal devices for business needs. Companies are making a
huge mistake by not providing secured devices for their
employees since the cost of infiltration can range in the millions
if the right hacker gets into the right app and steals company or
customer information.
Cloud Security Threats
Data Loss
This type of threat does not always come from an attack. Data
loss can occur when events such as an environmental or
weather-related issue occur, human error, or employees
accidentally deleting files. This threat can happen
unintentionally, and the best way for Dayton Soft Products to
mitigate damage is to keep up-to-date backups of all files in the
cloud environment.
Insider Threats
This type of attack comes from disgruntled employees or even
those who are just plain malicious. Insider threats can also
include employees of the hosted cloud server environment who
already has inside access to all data and information files.
Denial of Service (DoS) Attacks
DoS uses botnets usually purchased from the Dark Web using
cryptocurrency. When a DoS occurs in a cloud environment, it
gives the criminal(s) plenty of time to do major damage and
cover their tracks to avoid being caught.
Network Security Threats
Virus/Trojan Horse
According to Mello, (2014), the chances of a third of the
computers in the world being affected by a malicious ware are
very high. The impact to Dayton is that employees may not be
properly trained on how to identify email links that are
malicious code ready to take down the company's network. In
35. the case of the Trojan Horse, users willingly install software
from links by being tricked since the sender is most often
someone they know (the email is not really from that sender –
in fact, the sender more than likely has the virus and is unaware
that an email was sent out under their name).
Rogue Software
This type of threat comes in the form of a pop-up on an
employee's computer that alerts them in red letters that their
computer is infected, and they are offering software to save
their files, if they just click and install it. Unfortunately, this
still occurs today and the reason behind it is lack of company
training.
Spyware and Adware
Third-party software programs, usually free that contain some
spyware, adware, or bloatware that is meant to advertise
products and bog down an employee's computer, and
productivity for Dayton Soft Product. Adware track browsing
history and habits and give popups for things you may have
searched for previously. Users usually give authorization by not
unchecking a box during installation. This poses a serious threat
to employee productivity and employees should be prevented
from downloading any software by removing Admin privileges
from all company computers.
Email Security Threats
Malicious Links
Clicking on random links inside an email can be disastrous and
can cause the company’s entire network to crash. Some links
can install viruses on the computer and leak into the network
where it will replicate as a worm, continually destroying data,
files, or anything in its path.
Distributed Denial of Service (DDoS)
This type of attack occurs from many devices that are
compromised and many Internet connections to flood a target,
usually distributed via a botnet. The goal is to prevent a user
from utilizing critical services.
Ransomware
36. Ransomware can be distributed through software applications,
infected external storage devices, websites and are
compromised, remote desktop sessions, or even email
attachments. When this type of threat occurs, the ransomware
changed the user's login information and holds the computer and
the data therein, hostage, until the user pays a ransom using
cryptocurrency. The only way to get out of paying the ransom is
if the user has a good backup to restore the computer.
Social Media Threats
Phishing Scams
This type of threat involves trickery through fake websites, text
messages, email, phone calls, etc. The goal of the criminal is to
get the target to send them money, confidential information,
passwords/login information, or any other valuable commodity
by tricking them into thinking they are helping or being ordered
to do this by a superior.
Malware
Malware runs rampant on social media websites and works in
the background to take over social media profiles while the user
remains unaware that this is occurring. Dayton Soft Products
would do well to block employee access to social media
websites during working hours.
Malicious Links
Malicious links still work because people continue to click on
unknown links. This is risky because clicking on a malicious
link could download malware that hackers may use to take
control of the computer. This attack is vicious because the user
has no idea that they have opened the door to allow a hacker to
potentially control their machine and the company data on the
computer.
Endpoint Security Threats
Mobile threats (BYOD)
Endpoint security is usually controlled by installing software on
the endpoint, such as a gateway or server on a network. With
the rapid growth of employees at Dayton Soft Products, the
concern here is that the BYOD policies for employees do not
37. require personal devices to be submitted to IT to install
endpoint security software on them. Since employees will be
using these devices to connect to the company network, there is
a huge risk here.
Compromised Routers
Routers are also endpoints and are prone to attack by hackers
who attempt to compromise them to change settings. Once the
settings are changed, employees could easily be routed to
malicious websites that will steal company and personal data.
The hacker's goal is based on the financial gain if the attack is a
success. One of the main problems that create this vulnerability
is that Security personnel fail to change default passwords on
routers which give hackers an easier way in using web-based
scripts (TrendMicro.com, 2019).
Fax Machines & Printers
Fax machines and printers can easily be overlooked but are
endpoints. Since fax machines are rarely used in today's office,
they may be sitting in a corner gathering dust, but still
connected to the company network or unsecured Internet
connection, making them an ideal target for hackers.
Table 2. Cyberthreat categories and impact to Dayton soft
products
Top Five Threats
1. Mobile Device Security Threats
2. Web Application Security Threats
3. Cloud Security Risks
4. Network Security Threats
5. Endpoint Security Risks
Recommended Cybersecurity Category to Address for Dayton
Soft Products
The recommended category is network security threats. This is
because of the importance of securing all devices and avenues
that can lead to access to the company network.
Identify Challenges that Mobile and Cloud Computing Needs
bring to Dayton Soft Products
38. Challenges regarding mobile and cloud computing needs for our
organization are many. However, the benefits far outweigh the
risks. Some of these risks include geographic risks,
infrastructure risks, and platform risks. Geographically, the
company currently operates out of one data center, leaving all
types of challenges and risks for our organization. These risks
include Internet outages, fires, natural disasters, etc.
Additionally, having only one data center increases latency and
lag time resulting in poor performance of the network. By
moving to the cloud, we can experience a cost-effective way to
diversify geographically and have our data redundantly stored at
several data centers. Platform diversity includes cyber threats
that target our security protocols, applications, and operating
systems. Since cloud providers have their own sets of security
protocols, this decreased the likelihood that both our data center
and the cloud provider’s data center will succumb to the same
cyber-attack.
Security tools utilized by cloud providers can assist Dayton Soft
Products with email filtering, network monitoring, and DDoS
protection against cyber threats. Cloud providers can greatly
reduce our risk by getting malicious email links that our
employees cannot resist clicking on by filtering and removing
malicious attachments and spam. They can store these
attachments in a quarantined folder before deleting to give our
Cybersecurity Team a chance to review the attachments.
As discussed above, mobile challenges continue to be a threat as
new employees are hired and therefore use their unsecured
personal devices to access the company network. All devices
must be turned into the IT Department so that the Cybersecurity
Team can install the proper security tools.
Importance of Testing for Detection and Intrusion of Risks
Testing the vulnerability of a company's systems and network is
critical to securing our data, information, and overall systems.
Several specialized tests can be used including penetration tests,
intrusion tests, and vulnerability analysis. The penetration test
reveals a detailed analysis of system vulnerabilities that are
39. open to the hacker for exploitation. Ignoring results of any of
these tests can open our company up to severe harm and
financial liability. It is essential to detect and understand
threats before they occur to initiate maximum mitigation efforts
to lessen the impact to Dayton Soft Products. Finally,
conducting these tests is an IT Security best practice and
concludes that our systems are thoroughly resistance to
infiltration of cyber threats.
References
Eurotux.com (2019). Intrusion Tests and Vulnerability Analysis
Reduce IT Security Risks. Retrieved from
https://eurotux.com/intrusion-tests-and-vulnerability-analysis-
reduce-it-security-risks
Fortinet.com (2019). Web Application Security. Retrieved from
https://www.fortinet.com/solutions/enterprise-midsize-
business/webapplication-security.html
Mello, J.P. (2014). Report: Malware Poisons One-Third of
World's Computers. TechNewsWorld.com. Retrieved from
https://www.technewsworld.com/story/80707.html
OWasp.org (2019). Top 10 Cross-Site Scripting. Retrieved from
https://www.owasp.org/index.php/Top_10_2010-A2-Cross-
Site_Scripting_(XSS)
OWasp.org (2019). Top 10 Injection. Retrieved from
https://www.owasp.org/index.php/Top_10_2010-A1-Injection
TrendMicro.com (2019). 3 Overlooked Endpoints for Cyber
Attacks and How to Protect them. Retrieved from
https://blog.trendmicro.com/3-overlooked-endpoints-for-cyber-
attacks-and-how-to-protect-them/
Running head: ACTION PLAN 1
ACTION PLAN 2
40. Action Plan
Name
CMGT/433
Lecturer
University
Action Plan
Risk management is essential for an organization that aspires to
prevent losses resulting from the occurrence of a risk. It
involves risk management planning, identification, analysis,
monitoring, and control as well as having contingency plans.
Good risk management must be supported by a comprehensive
action plan that will aid in the prevention of risks from
occurring (Wang & Wang, 2018, p.712). The Dayton Soft
Products Company over the recent past has suffered losses
arising from attacks of its systems resulting in loss of vital
information. Adoption of two-factor authentication and
deployment of file integrity monitoring are the best risk
management strategies that the company should put in place to
secure its systems.
Two-factor Authentication
Ensuring that systems are accessed by an authorized party calls
for their configuration using different techniques. A two-factor
41. authentication technique aids in the confirming a user's claimed
identity by utilizing an aspect they know such as a password or
something they have such as a card (Pinheiro, Timoteo , de
Oliveira & Dias, 2016, p.125). The Dayton Soft Products
Company can utilize this technique in different ways through
the adoption of the factor components. The company should use
a knowledge factor such as the installation of passwords to all
its systems and letting the employees responsible with the
systems have the passwords which will grant them the
permission to access the systems’ data.
Secondly, the company should adopt the possession factor
component by issuing security tokens that must be inserted in
the systems before access is permitted. Thirdly, inherent factors
are personalized and very restrictive hence assuring the systems
of very high security. The company should get the fingerprints
or voice of the employees and integrate them into the system's
security options. This will allow the right individual to get
access to the secured data. Lastly, the company should adopt
location-based factor that incorporates the physical location of
the user in the security options. This factor allows users to
utilize a GPS signal to log into the systems and get access to the
required data (Wang & Wang, 2018, p.717).
The two-factor Authentication Action plan
Action item
Details
Persons responsible
Status
Due date
Prerequisites
Duration
Comments
Security education
Employees will be educated on ways of enhancing cybersecurity
Company security personnel
The security of the company is not stable
Start of April
42. -Cybersecurity articles
-Data on last incidences of insecurity
One month
The education will help the employees in upholding security at
a personal level
Installation of knowledge factor
All company systems and networks will be installed with
passwords
Company’s IT personnel
All systems do not have passwords increasing the risk of
unauthorized access.
Mid-April
Internet connectivity
One day
The passwords will allow access to the systems by the
authorized company employees.
Installation of the possession factor
All employees will have their fingerprints taken
Company’s communication and IT personnel
All system are neither configured with fingerprints nor with
other possession components
Mid-April
2019
Fingerprint capture devices
Three weeks
The fingerprints will allow access to the systems by the
authorized company employees.
Installation of inherent factors
Network signals will be installed with security apparatus
Communication and IT personnel
The network signals present but not configured with security
apparatus
May 2019
Network Signal cables
Two weeks
The signals will require passwords hence blocking unauthorized
43. access to data.
Evaluation of effectiveness
Assessment of the effectiveness of the 2FA in enhancing
security
Security and IT personnel
Will depend on the prevailing security level
Three months after installation of the security measures
Data on security issues reported
Two weeks
Evaluation will help in measuring the degree to which security
objectives have been met
Proposal for future actions
Assessing modifications to be done on the prevailing security
measures
All employees of the company
Will depend on the evaluation report
One week after evaluation
Evaluation report
One week
Will give more ideas on what should be done to enhance stable
security for the company
File Integrity monitoring action Plan
Setting policy
The regulations will be set to guide the FIM security strategy
Personnel in the records department
No proper mechanism set yet to control the transfer of files
Start of April
Data on the number of files in each department
One month
The policies will help in ensuring that authorized parties access
the data files.
Establishing a baseline
This will act as the reference point of controlling file transfer
Records and security personnel
No baseline used at the moment
Mid-April
44. 2019
-Data on the number of files in each department
-Data management skills
Two weeks
The baseline will act as the source of files and the absence of a
file will mean that file transfer has taken place.
Monitoring changes
Will check on the movement of files within the office
Record monitoring officers
Monitoring exists but not effective
Start of May 2019
Monitoring skills
One week
Monitoring will ensure that files are moved with authorized
persons for the right intentions.
Sending an alert
Vital in reporting incidences of improper data handling
Record officers
No warning signs available currently
Mid May 2019
Knowledge in warning systems
One week
Alerts will help in sensitizing employees of a possible data
security issue for an immediate action to be taken.
The two-factor Authentication Action plan
Education is aimed to impart employees with knowledge on
managing risks. In case of a problem, the training facilities
gather all the employees to give guidance on the immediate
actions to be taken. The training facilitators will set the
priorities in the education of employees from the HR
department. Every employee will be guided on individual
responsibilities during the training. To ensure the sustainability
of the education program, employees will be asked to attend
security training session’s ones in a month. Those who are
45. vulnerable to the risk such as the IT personnel will be guided
deeply on what is expected of them.
On the other hand, Knowledge, possession and inherent factor
are aimed at ensuring that all the people accessing the systems
have the passwords, fingerprints or security signal details. In
case of a problem, all the factors will be changed at the same
time. The IT personnel will set the priorities for the
management of the factors will be set by the IT personnel. A
contingency plan will involve having all the data within the
systems being backed up in other devices that will be stored in
locations away from the company’s premises. The systems
which are highly vulnerable like those with vital data will have
strong security configurations. The plan will be made
sustainable through regular changing of the security codes as
well as continued enlightenment of the employees on better
strategies of upholding the company's security. The strategy for
ongoing risk identification will entail establishing any
attempted entries using the wrong passwords and raising the
alarm. In the identification of the risk, employees will be
informed to be vigilant to a possible hacking followed by a
subsequent change of passwords, fingerprints and signal
security details. The steps for mitigating the risk will include
ensuring that the data is backed up and changing security
configurations. Lastly, the evaluation and proposal of future
actions will be aimed at establishing the degree to which the
security details installed are effective in meeting security needs
of the company as well as evaluating other possible mechanisms
that could be employed. In case of a problem, the evaluation
will be done to assess the ability of installed techniques in
securing the company's data.
File integrity monitoring Action Plan
The Dayton Soft Products Company should also employ File
integrity monitoring mechanism to secure its data. The strategy
involves examining files to establish when they change in
position, how they change, who changes them as well as what
can be done to restore them to their original locations (Wang,
46. He, Wang & Chu, 2015, p.433). FIM is appropriate in detecting
malware and also achieving security compliance within the
company. FIM involves five tasks that are aimed at attaining the
security of documents of an organization.
The first task involves setting policy by identifying the
documents that require close monitoring. A continue plan
should be made by having all records made in duplicate so that
files that require close monitoring have a stable backup. The
vulnerable files are selected based on the relevance of the
information they have. Risk should also be identified based on
the number of times the files are transferred. In making
policies, risk mitigation will be to allow only specific
individuals to be responsible for the movement of files as well
as reporting unwanted file transfer to the management.
Secondly, a baseline for the files should be established. A
reference point should be made to detect the transfer of files.
The strategy will be creating a warning system for any missing
file and taking steps of restoring the file to its position. The
plan upon identification of a problem is to change the baseline
criteria as it will prove irrelevant in detecting security issues
promptly. This means that other baseline strategies will be
proposed, evaluated and set up.
The third step will involve monitoring changes. This will
involve a comparison of the baseline data and the expected
targets. Negative variation will mean the change in policies as
well as the reference point of detecting the transfer of files. The
monitoring should be done regularly to ensure that all security
strategies set are followed and that any variation acted upon. To
enhance competency and continued monitoring, the employees
charged with the responsibility should be trained on appropriate
monitoring techniques as well as evaluating their monitoring
performance.
Furthermore, another task will involve sending an alert
concerning a missing file upon a claim of a missing file. To
ensure the reliability of this task, training is required on the
procedure for reporting any observed change in terms of file
47. location. Employees should be informed about who they should
report to as well as the data to be reported. Upon the
identification of such a risk, back up data should be well
secured as well as the security team taking the role of
investigating the whereabouts of the file. Interrogative
interviews should be conducted. For sustainability of the task,
all employees responsible should be fired to stop the vice from
spreading to other employees of the organization.
References
Pinheiro, A., Timoteo de Sousa, R., de Oliveira Albuquerque,
R., & Dias Canedo, E. (2016). Trust-based protocol for
permanent monitoring of file integrity in the cloud. Paper
presented at the 1-6. doi:10.1109/CISTI.2016.7521430
Wang, D., & Wang, P. (2018). Two birds with one stone: Two-
factor authentication with security beyond conventional bound.
IEEE Transactions on Dependable and Secure Computing,
15(4), 708-722. doi:10.1109/TDSC.2016.2605087
Wang, D., He, D., Wang, P., & Chu, C. (2015). Anonymous
two-factor authentication in distributed systems: Certain goals
are beyond attainment. IEEE Transactions on Dependable
and Secure Computing, 12(4), 428-442.
doi:10.1109/TDSC.2014.2355850
48. 05823 Topic: cyber security awareness campaign
Number of Pages: 2 (Double Spaced)
Number of sources: 1
Writing Style: APA
Type of document: Other (Not listed)
Academic Level:Undergraduate
Category: Computer Science
Language Style: English (U.S.)
Order Instructions: ATTACHED
As a final project requirement, the executive staff requested
recommendations to address the following:
Strategy for staff awareness
Strategy for ongoing security maintenance
The best way to get the message across is to have a solid
mission statement to share with the organization. You decide to
create an awareness campaign for the organization to address
the executive staff member's request. Your campaign consists of
the following three items:
Mission statement
Poster campaign
49. Message to organization via the intranet
Create an approximate 90-word security policy mission
statement for Dayton Soft Products.
Develop a poster campaign consisting of 3 posters for security
awareness to display in the workplace and to distribute
virtually. Each poster must include the security policy mission
statement. Highlight at least 5 legal and ethical issues across
the 3 posters. You may use any program to create your posters.
Write a message for the company's internal website to a diverse
workforce announcing the cybersecurity awareness material.
You will need to submit a draft of your announcement message
to the executive staff in the form of a Microsoft® Word
document.
Provide the following elements in your announcement message:
The reason the corporate security policy was established
Mission statement
Employees' role to meet the mission
Announce launch of the poster campaign
Large images of the three posters
Strategies and tools for ongoing monitoring and enforcement of
security policy