Responses should be a minimum of 250 words and include direct questions. You may challenge, support or supplement another student’s answer using the terms, concepts and theories from the required readings. Also, do not be afraid to respectfully disagree where you feel appropriate; as this should be part of your analysis process at this academic level.
Forum posts are graded on timeliness, relevance, knowledge of the weekly readings, and the quality of original ideas. Sources utilized to support answers are to be cited in accordance with the APA writing style by providing a general parenthetical citation (reference the author, year and page number) within your post, as well as an adjoining reference list.
Respond to Mike:
The issues that major companies and government agencies will be facing as cyber attacks persist and become more sophisticated is being able to build in better resiliency by learning from prior events. An international study conducted by IBM Security by the Ponemon Institute found that the majority of corporations did not possess a resiliency response plan, and if they did have an incident response plan it was not integrated into the full spectrum of their businesses or organizations. “Nearly half of the 2800 respondents reported that their incident response plan is either informal/ad hoc or completely non-existent” (Pinkham and Kane, 2018). Given the current climate of continued cyber-related incidents it is first and foremost the responsibilities of the vendors and owners of businesses to protect their client’s data, and that also means the U.S. Government databases as well. The well-known Office of Personnel Management (OPM) breach in 2015 affected more than 4 million peoples Personally identifiable information (PII).
Private industry will have the task at hand in ensuring that all of their systems, large to individual, are included into the resiliency response plan. The incident response plans have to be inclusive across the full spectrum of the cyber enterprise. Obtaining cyber skilled employees is a major obstacle in ensuring cyber resiliency, as well as obtaining cyber employees who have more than a few years of experience in computer and cyber technology. The IBM report almost mirrors the Department of Homeland Security’s (DHS) report in recognizing “technology refresh cycles are too long, proprietary cold outlives its developer and vendors aren’t always designing with security in mind” (DHS, 2018). These limitations leave severe holes within the cyber security framework that are allowed to be exploited by criminal organizations and transnational crime networks.
Private companies need to institute protections based on the cyber security threat landscape whose threats are not necessarily from outside sources. Insider threats, intentional or not, are a real source of concern for most companies, corporations or government sector operations. Data disclosures to un-cleared or un-vetted people, compromises to email through cyber phishing that are not necessarily targeting individuals, but it seems that even after multiple courses of instruction people can not keep from clicking on spam messages promising them millions of dollars from Kenya, that opens the door for malicious codes to be implanted into a cyber system.
Some issues that have been of concern is the operating systems in which businesses and government utilizes that will also allow for the construction of a cyber resilient system. The U.S. Government has invested heavily in Windows based software and hardware systems since 1998, in an attempt to purchase massive amounts of commercial off the shelf equipment. Software not inclusive to the defense and intelligence industry is bad enough for the security of the nation, and it is just as bad for the corporations, banking and critical infrastructure in the event an adversary or criminal element wishes to conduct a breach of the software. Microsoft’s software, some of it manufactured in, greatly weakened the security of the military computers. “Moreover, in one telling incident, the U.S.S. Yorktown, a Ticonderoga-class cruiser, became inoperable after the Windows NT system administering its computers crashed” (Etzioni, 2011).
Government officials have known for years of security flaws in the open-source operating systems that allow for companies and agencies to install various security features according to their individual resiliency plans, however there are various alternatives to more secure operating systems such as Linux and Macintosh. A cybersecurity expert for the Center of Strategic and International Studies, James Lewis reflected, the nation’s digital networks are easily breached by competitors and opponents, and “the market has failed to secure cyberspace. a ten-year experiment in faith-based cybersecurity has proven this beyond question” (Etzioni, 2011). It is vital that private industry be aware of the vulnerabilities in their cyber systems and ensures a full integration across the full spectrum of their industry and strives to retain the services of personnel who have the proper training in cyber security and system maintenance to be able to react quickly to any cyber incident. Organizations can conduct a free Cyber Resilience Review (CCR) to determine where their industry stands and implement better security solutions.
Department of Homeland Security, (2018). 2018 Public-Private Analytic Exchange Program. Cyber resilience and response. Retrieved from https://www.dhs.gov/sites/default/files/publications/2018_AEP_Cyber_ Resilience_and_Response.pdf
Etzioni, A. (2011). Cybersecurity in the private sector. Issues in Science and Technology. Retrieved from https://issues.org/etzioni-2/
KPMG, (2018). Building cyber resilience in asset management. KPMG. Retrieved from https://assets.kpmg/content/dam/kpmg/uk/pdf/2018/0…
Pinkham, J. and Kane, K. (2018). IBM Study: Responding to cybersecurity incidents still a major challenge for businesses. IBM Security Solutions. Retrieved from https://www-03.ibm.com/press/us/en /pressrelease/ 53800.wss