Organizations of all sizes should be concerned with the security and confidentiality of their electronic data. Cyber crimes affect individuals and companies alike. However, companies typically have more financial and other assets that can be compromised by various cyber crimes. Establishing an organization-wide information security program is a great start to mitigating cyber-related crimes and attacks. This process typically commences with an honest evaluation of the organization’s vulnerabilities and potential threats. For this assignment, you will read a brief scenario and develop a 6- to 8-page report answering the required questions.
Scenario
A contractor for the US military builds proprietary communication devices and peripherals, which allow soldiers in combat to communicate with command officers and personnel. These devices are used to transmit sensitive information regarding military deployments and battle plans. Once delivered, the devices will make contact with the US military global communications network. In order to comply with the military’s security requirements, the contractor must conduct a security risk analysis of its internal networks and information systems for intrusion detection and cyber-crime prevention. Note that the contractor is performing a security risk assessment of its own network and system and not of the military network. After all, a breach of security of the contractor’s computer systems could compromise confidential and sensitive military information. You have been asked to head up the project team that will ultimately perform this security assessment and analysis.
Tasks:
Create a 6- to 8-page report on the following aspects:
-
- Distinguish what techniques should be used to start the investigation. For example, identify who should be interviewed first, determine what type of log files to review, and/or identify methods that should be used to preserve the integrity of the evidence.
- Identify at least ten potential threats, at least ten vulnerabilities, and at least ten risks (a minimum of thirty). For each item, provide rationale to your selections and any assumptions you made.
- Choose which type of risk-analysis methodology should be used (quantitative, qualitative, or any other methodology). Justify your decision.
- Out of all the potential risks that you previously identified, select the top three that are of most concern to the organization. Justify your reasoning.
- Outline and explain at least two (in total) applicable federal, state, or other related legislations that could help reduce potential risks and prevent cyber-crime activities.
Note: You may consider referring to these two websites for guidance on federal legislation and standards:
Your final product will be in a Microsoft Word document approximately 6–8 pages in length and utilize at least three scholarly or professional sources (beyond your textbook) in your research. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources; and display accurate spelling, grammar, and punctuation.