2018 Institute Synch Read Below

2018 Institute Synch Read Below

Response #1 Need 250 word Response with one cited reference

The Internet, by design, is not inherently secure. It was originally built for open sharing and collaboration between academic institutions and governments. Since the 1960s, the Internet has grown into a massive entity of individual networks that are connected to each other across the globe. There is no “one owner” of the Internet, and no overall central governance or oversight.

Hacktivism is a term describing the activity of both hacking and activism and includes using computers or other connected system in cyberspace to protest or promote a political or human rights issue. A hacktivist’s motivation is to highlight an issue or cause, but it can also be to embarrass or cause reputation damage to their targets. Hacktivism can take many forms, including virtual “sit-ins”, email bombing, website or social media defacement, and virus and worm programs (Yar, 2006). Virtual sit-ins usually take the form of a denial-of-service attack, where the attacker floods the system with traffic in order to disrupt operations or take the system completely offline. Email bombing is similar to a denial-of-service attack, but instead the attacker floods an email system with a high volume of messages so that the email system stops working. Website or social media defacement includes replacing messaging or content. Virus or worm programs “infect” the system to cause damage or disruption.

In recent years, hacktivists have begun gaining unauthorized access to systems with the intent to steal and expose information from their targets. This is a criminal act in the United States under the Computer Fraud and Abuse Act of 1986, which prohibits unauthorized access to a computer or system. Most other hacktivist activity besides unauthorized access involves disruption to normal system activity, which due to the open and connected nature of the Internet can affect or disrupt other systems not related to the hacktivists’ target. Hacktivist activity should be discouraged because of the negative impact it can have on overall Internet availability and usage.

While the threat of actual physical damage from a cyberattack has not yet fully materialized, there have been some close calls. In 2016, Iran took responsibility for hacking into a New York dam through a vulnerability within one of its Windows XP machines (Voltz and Finkle 2016). Fortunately, the dam’s systems were powered off for system maintenance at the time of the attack, so the attackers were not able to gain control of the flood gates.

The open architecture of the Internet means it can be exploited by terrorist organizations for publicity, recruitment, information gathering or financing. The Islamic State (ISIS) has used the Internet to establish a digital presence using social media platforms such as Twitter and Facebook, and peer-to-peer messaging apps like Snapchat and Telegram to reach a global audience (Koerner, 2016). In 2015, ISIS also took control of the U.S. Central Command (CENTCOM) YouTube and Twitter accounts, and posted pro-ISIS content (Lennon, 2015).Since there is no one governing body controlling use of the Internet, it is often the responsibility of the Internet Service Provider (ISP) or one of the major Internet platform providers such as Google or Facebook to curtail or prohibit access to the Internet to terrorists groups by corporate policy or customer terms of use.

References

Koerner, B. (2016, April). Why ISIS Is Winning the Social Media War . Retrieved from Wired: https://www.wired.com/2016/03/isis-winning-social-media-war-heres-beat/

Lennon, M. (2015, January 12). Pro-ISIS Hackers Compromise U.S. CENTCOM Twitter, YouTube Accounts. Retrieved December 8, 2016, from http://www.securityweek.com/pro-isis-hackers-compromise-us-centcom-twitter-youtube-accounts

Voltz, D., & Finkle, J. (2016, March 25). U.S. indicts Iranians for hacking dozens of banks, New York dam. Retrieved December 8, 2016, from http://www.reuters.com/article/us-usa-iran-cyber-idUSKCN0WQ1JF

Yar, M. (2006). Cybercrime and Society.London: Sage Publications.

Response #3 Need 500 word Response with Two cited references

Discussion Questions: How does the Internet facilitate piracy? How might we explain the high levels of involvement in such practices by young people? Whose interests does the criminalization of copying serve? Is there a case for decriminalizing piracy?

Response #4 Need 500 word Response with Two cited references

Select a current or emerging technology with security applications and provide a minimum of two pros and two cons for the technology you selected. The question is broad-based and can include technologies such as drones, artificial intelligence, bio-engineering, biometrics, etc.

Response #5 Need 250 word Response with One cited reference

The discussion of convergence between cyber and physical security has been happening for quite a while. However, it has only been in the past few years that those discussion have begun to get some traction due to the increased use and capabilities of technology. Combining these security disciplines offers a more holistic approach to security in general. In order to effectively achieve this, there are three main steps that would need to be completed.

The first step would be to create a comprehensive security strategy. According to the Change Management Best Practice Guide, there should be several key components that are included in this strategy. Those components are: “vision and goals, stakeholders, resources, time-specific milestones, communications tools and strategy, metrics, roles and responsibilities, and results from change readiness” (USAID, 2015). This plan should not be initiated when the change starts and then upon completion forgotten about. It needs to be a continuously implemented strategy. The plan is developed to ensure the company is on the correct path as it moves forward and does not leave anything behind or skipped. Additionally, this document that outlines the strategy needs to be as clear as possible so every individual understands their role.

In order to make this a successful process,engage stakeholders early. It is very easy to say a change needs to happen and implement it while not seeing the individual’s it effects or providing any follow through. The individuals that are involved, which in this case would be the cyber and physical security team at the very least, need to be engaged early on to see their thoughts. They can provide potential ideas and solutions because they are the ones who work the daily duties and understand what will work and what won’t. We have all likely worked with the “good idea fairies” that think their plan will work but, haven’t worked the job in a while and truly have no idea. It is frustrating when you are the one facing that and it leads you to be a change resistor. If leadership included all individuals effected by combining these two domains, they could provide the insight that will make it successful.

Lastly, and potentially most important,communicate at every level and every step. Any type of change can be difficult and takes some time to get used to and work the kinks out. One of the major factors that can make that process even more difficult is not having proper communication and then no one knows what is supposed to be happening. “Communication sets a tone of transparency and openness. Proper communication can serve a myriad of functions including: conveying the vision and goals, sharing information, eliciting participation, providing feedback” (USAID, 2015). Communication should be done throughout the entire process to ensure there is as smooth of a transition as there can be. Communication can also provide lessons learned which will mitigate many failed plans that could attempt to be implemented. As long as communication is flowing through all channels and everyone is on the same page, it should lead to a successful convergence.

Crandall, R. (n.d.) Understanding the Chaos Behind Chaos Theory. Retrieved from: http://apus.intelluslearning.com/v3/course-widget/…

Slater, D. (2005). Physical and IT Security Convergence: The Basics. Retrieved from: https://www.csoonline.com/article/2117824/physical…

USAID. (2015). Change Management Best Practices Guide. Retrieved from: https://www.usaid.gov/sites/default/files/document…

Response #6 Need 250 word Response with One cited reference

As more and more of our lives and business is conducted online the threat of cyber-attack grows year by year. Such is the threat that most organizations have had to establish cyber or IT security departments in order to combat this threat. As technology advances so too do the threats to the systems and data of organizations worldwide. While physical and cyber security are two distinct disciplines, there is still bleed-over in desired outcome and often in practice as well. Matthews (2016) discusses that physical intrusions can lead to cybersecurity issues through the installation of viruses or surreptitious emplacement of items such as keyboard “sniffers”. The author also states that some cyber-attacks can have physical security issues and as such it is imperative that the two disciplines of IT and physical security not remain so distinct from one another (Matthews, 2016). In an effort to merge the two disciplines under the guidance of one CSO I think that it is important to establish a hierarchy, establish goals, and institute synch meetings.

Establish a Hierarchy

In merging two disparate working groups it is necessary to establish a hierarchical reporting structure. I would propose that the CSO be at the top of the pyramid with the physical and cyber security managers/directors reporting directly to him/her. This not only consolidates the senior management position, but also reiterates the peer relationship that is expected of the physical and cyber security leads. Beneath them they have their teams who report to them, but the buck stops more or less with the CSO. Combining the two disciplines under a single senior manager seeks to improve both efficiency and effectiveness and can hopefully lead to reduced redundancies within security measures and protocol (Kaplan, 2002).

Establish Goals

Physical and cyber security professionals already share a common, overarching goal of securing a company’s assets (Lalonde, 2018). The goal for a CSO is to delineate further and more minute goals for the two groups to accomplish both individually and as a team. These combined goals will help to not only serve the security purposes of the organization, but also to help the combined team recognize their shared goals and objectives. The CSO can further this cohesion by ensuring that organizational policy makes use of the combined nature of the security apparatus and nurtures a comprehensive security approach (Lalonde, 2018).

Institute Synch Meetings

As old habits tend to die hard, it is possible for physical and cyber security professionals to continue to work as wholly separate entities even once a convergence of the two departments has taken place. While understandable, that mindset can cripple a combined team. My suggestion to combat this occurrence is for the CSO to institute synch meetings that include members of both teams. This synchronization will not only help with relationship building, but also foster a working relationship where informational sharing and assistance will take place. The CSO may also choose to create smaller combined teams to tackle individual problems that may arise. These small-group projects may also help in the advancement of the security team’s goals.

Reference

Kaplan, S. (2002). Combining IT and physical security: Taming the two-headed beast. CSO. Retrieved from https://www.csoonline.com/article/2113229/combining-it-and-physical-security–taming-the-two-headed-beast.html.

Lalonde, M. (2018). Combining strengths: Cyber and physical security convergence.The Conference Board of Canada. Retrieved from https://www.researchgate.net/publication/328964445_Combining_Strengths_Cyber_and_Physical_Security_Convergence.

Matthews, W. (2016). Why DHS is merging cyber and physical security. Retrieved fromhttps://www.govtechworks.com/why-dhs-is-merging-cyber-and-physical-security/.

Response #7 Need 250 word Response with One cited reference to the teacher posed question

(Teacher Question to my response below)

Good write-up! What are some practical strategies of convergence that you would take?

(My Response)

Cyber and physical security have been tangled since the beginning when the first security systems were disabled. The convergence of both cyber and physical security systems isn’t a new deal but a developing threat. Due to the technological advancement, more security options have been sought amid in the coverage of new are technologically improved crimes. Cybersecurity has therefore, led to the development and operation of the virtualized security systems. For instance, modern lounges have adopted the HVAC system through which all the access control systems are network-enabled and accessible. Therefore this concludes that a single security breach cannot be able to compromise the entire physical infrastructure of the building. The convergence of security systems is significant and useful since flaws exist in the system due to failure to adhere to the maintenance and protection guides. When both the cyber and physical security systems are connected they operate more effectively since the physical security systems have been augmented with advancement in the smart feature which includes the biometric scanning for a physical address and also the use of the two-factor authentication through the network (George, 2019). The cyber solutions tend to give physical security systems access to great features which also increase the chances and the risk of the system being compromised. However, if these systems are not adequately protected, the risks may disappear, leaving behind only the merits or benefits.

CEOs and CSOs in the recent past have been accused of incompetence, lack of understanding of the modest impacts of the firm’s overall risk structure. Therefore as a CSO of the cyber and physical security convergence team, one should follow the following steps in ensuring that the systems work effectively in serving the people whom it was dedicated to serving. These steps include;

The new model strategy– It offers a new model of understanding and the mitigation of the threat to the environment. One of the primary duties includes the development and the implementation of strategies to understand the nature and the probability on the eruption of security risk events and alleviation to the business’s specific vulnerabilities. The CSO, therefore, seeks to demonstrate the mitigation methodology and planning on the convergence of the two domains.

Integration of governance– To cub the future landscape of threats, the CSOs and CEOs should realize that the alliance between the cyber and physical security systems is critical to the safeguarding of the company’s overall reputation and operations. Though skeptics may seek to claim that the integration will not have a place in the corporate businesses concurring with this ideology will, therefore, neglect the convergence of the two security domains (Grover, & Garimella, 2019). Therefore, firms and organizations to fully agree how to adopt this model, the CSOs should face the overcoming challenges and stand along with tangible evidence that seeks to confuse the firms that convergence of the two domains is there to enable the firms to achieve their goals and they should look beyond.

The bottom line-This is a pragmatic strategy in the evolving threat environment as it includes a holistic approach towards the integration of the cyber and physical security domains. The implementation of these new methods of governance supports corporate security management which will collectively prepare the firms into addressing the multitude of emerging future threats. Therefore the CSO seeks to play a strategic role in ensuring that the risk management plans and the leverage should not only utilize the convergence framework but also reducing the firm’s exposure to risks.

References

Grover, J., & Garimella, R. M. (2019). Concurrency and Synchronization in Structured Cyber-Physical Systems. In Cyber-Physical Systems: Architecture, Security, and Application (pp. 73-99). Springer, Cham.

George, A. M. (2019). The National Security Implications of Cyberbiosecurity. Frontiers in Bioengineering and Biotechnology, 7, 51.