Answered step by step
Verified Expert Solution
Question
1 Approved Answer
The recommended chapters provide an excellent overview of the main and most effective cyber-security methods, such as firewalls or access-controls (rights management). With the discussion
The recommended chapters provide an excellent overview of the main and most effective cyber-security methods, such as firewalls or access-controls (rights management). With the discussion of these elements, you will gain knowledge of practical issues related to these measures and will be enabled to create security plans. Knowledge of essential and sophisticated cyber-security methods is a prerequisite for any kind of work for a cyber-security career and for any cyber security assessment.\par Reference: Vacca, J. R. (Ed.). (2014). Cyber security and IT infrastructure protection. Syngress. {{\field{\*\fldinst{HYPERLINK https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=1377640&ppg=258 }}{\fldrslt{https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=1377640&ppg=258\ul0\cf0}}}}\f0\fs22\par \par \par Chapter 10 {{\field{\*\fldinst{HYPERLINK https://www-igi-global-com.torrens.idm.oclc.org/gateway/chapter/full-text-html/114377 }}{\fldrslt{https://www-igi-global-com.torrens.idm.oclc.org/gateway/chapter/full-text-html/114377\ul0\cf0}}}}\f0\fs22 (26 pages).\par Chapter 15 {{\field{\*\fldinst{HYPERLINK https://www-igi-global-com.torrens.idm.oclc.org/gateway/chapter/full-text-html/114383 }}{\fldrslt{https://www-igi-global-com.torrens.idm.oclc.org/gateway/chapter/full-text-html/114383\ul0\cf0}}}}\f0\fs22 (23 pages).\par These two chapters discuss problems, threats and security methods for public cloud systems (Chapter 15) and obfuscated malware (Chapter 10). You may also wish to read other chapters, as they provide additional useful information (i.e., for Modules 6 and 7).\par \par \par The public cloud advertises itself as a more secure form of computing because the operators of that cloud have much more experience in regard to building and maintaining security measures. In addition, because they provide this service to multiple customers, synergy effects can increase the available security resources without increasing the price. However, securing the public cloud is not only a task for the operator, the customer has to work on the task too. Chapter 15 provides valuable tips on what to consider and how to manage the problem. Chapter 10 illustrates that even though some cyber-security measures (in this case, virus scanner) are regarded as state-of-the-art, they most likely will not solve a problem completely. Attackers know security models and the modus operandi of virus scanners very well and find ways to avoid detection. Chapter 10 discusses such methods and describes a way to increase the security while accounting for the strategies used by attackers.\par \par Reference: Vinod, P., Rakesh, P. R., & Alphy, G. (2014). Similarity Measure for Obfuscated Malware Analysis. In A. Kayem, & C. Meinel (Ed.), Information Security in Diverse Computing Environments (pp. 180-205). IGI Global. {{\field{\*\fldinst{HYPERLINK https://doi.org/10.4018/978-1-4666-6158-5.ch010 }}{\fldrslt{https://doi.org/10.4018/978-1-4666-6158-5.ch010\ul0\cf0}}}}\f0\fs22\par \par readings icon\par GDPR and Cyber Security for Business Information Systems\par Read Part 2 and Part 3 (142 pages in total; most important pages: 129\f1\endash 136 and 198\endash 206).\par This book describes the legal definition of the European Privacy Law General Data Protection Regulation (GDPR) that came into effect in May 2018. This law only applies to the processing of privacy data (i.e., anything that can identify a person); however, it can be seen as a standard for information security for all kinds of information.\par The selected chapters discuss several areas that need to be considered when creating cyber-security measures. They also describe the appropriate international standards for cyber security that, when followed, represent the best practices for cyber security. To stay up-to-date with cyber-security threats, anyone working with cyber-security teams must be aware of these standards, which range from practical physical methods to software design principles. The GDPR was the first law that introduced the \lquote secure-by-design quote principle as a basic system architectural idea. Following this principle and this book, you will not only create good cyber-security systems, but will also be able to help enterprises become GDPR compliant should they wish to work with European customers.\par Reference: Gobeo, A., Fowler, C. & Buchanan, W. (2018). GDPR and cyber security for business information systems. River. {{\field{\*\fldinst{HYPERLINK https://torrens.idm.oclc.org/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=1874788&site=ehost-live }}{\fldrslt{https://torrens.idm.oclc.org/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=1874788&site=ehost-live\ul0\cf0}}}}\f1\fs22\par \par \par Read Chapters 3, 5, 6 and 7.\par \par \par This book is a good, general resource for designing secure systems. Chapter 3 (23 pages) will help you to understand how to deal with threats, how to classify them and how to get more information about emerging threats. Chapters 5 to 7 (73 pages) are a condensed and thorough discussion of risk management, risk assessment and vulnerability assessment. By learning these concepts and ideas, you will gain a deeper understanding of how cyber security works, which will help you to better formulate requirements for secure systems.\par \par \par Reference: Vellani, K. H. (2007). Strategic security management: A risk assessment guide for decision makers. Butterworth-Heinemann. {{\field{\*\fldinst{HYPERLINK https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=282098&ppg=51 }}{\fldrslt{https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=282098&ppg=51\ul0\cf0}}}}\f1\fs22\par \par readings icon\par Cyber-Security Risk Assessment\par This 17-page article outlines strategies of how to perform a cyber-security risk analysis. It provides helpful tips on how to classify the potential damage and the probability that a risk will materialise. The article is based on the international standards ISO 27001, 27005 and 31000, which can be considered the relevant standards for the field of cyber security. The article also explains the alternatives available for risk management. Reading this article will help you undertake your risk assessment, which will be an essential task in your career and Assessment 2.\par \par \par Reference: Briceag, V. & Bragaru, T. (2021). Cyber-security risk assessment. Economica, 1(115), 123\endash 139. {{\field{\*\fldinst{HYPERLINK https://irek.ase.md/xmlui/bitstream/handle/123456789.1/14/Briceag_V_Bragaru_T_%20ec_2021_1.pdf?sequence=3 }}{\fldrslt{https://irek.ase.md/xmlui/bitstream/handle/123456789.1/14/Briceag_V_Bragaru_T_%20ec_2021_1.pdf?sequence=3\ul0\cf0}}}}\f1\fs22\par \par readings icon\par Information Security: Policy, Processes and Practises\par The two chapters in this book (54 pages) detail how a threat-vulnerability-asset matrix is created (see Figure 1 above). They also detail the process of working with the matrix and the possible valuation of assets (to protect). Chapter 5 explores how to manage the risks that were found following the process detailed in Chapter 4. It explains the concept of the portfolio approach in managing risks and explains that four strategies of risk management are generally available. Even though we will add a fifth approach in this module, this resource provides a quite comprehensive approach to risk management that will always be useful in cyber-security work.\par \par \par Reference: Straub, D. W., Goodman, S. E. & Baskerville, R. (2008). Information security: policy, processes, and practices. M.E. Sharpe. {{\field{\*\fldinst{HYPERLINK https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=435197&ppg=79 }}{\fldrslt{https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=435197&ppg=79\ul0\cf0}}}}\f1\fs22\par \par readings icon\par Cyber Security and IT Infrastructure Protection\par Re-read Chapter 5 (18 pages).\par \par \par This chapter discusses risk management in the context of disaster-recovery planning. Essentially, you should see a successful attack as a type of disaster. You will learn that any risk assessment also involves conducting a business impact analysis and matching cyber-security methods to identified risks. This reading will provide you with a more hands-on approach to risk assessment so that you understand the process in a more practical way. As mentioned previously, the correct risk assessment will be the basis for any security design project.\par \par \par Reference: Vacca, J. R. (Ed.). (2014). Cyber security and IT infrastructure protection. Syngress. {{\field{\*\fldinst{HYPERLINK https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=1377640&ppg=160 }}{\fldrslt{https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=1377640&ppg=160\ul0\cf0}}}}\f1\fs22\par \par Additional Learning Resources:\par If you would like to learn more about the topics covered in this module, here are some additional resources. These resources will contribute to a deeper understanding of the topics covered. However, these resources are not essential to complete this module or the assessments associated with this subject.\par \par readings icon\par Cyber Risks for Business Professionals: A Management Guide\par Read Chapter 5.\par \par \par This book is entirely about risks, risk assessment and risk-mitigation strategies. It does not focus much on the technology; rather, it focuses on the administrative and governing side of risk management.\par \par Part 1 informs you how to identify risks and defines the three major risks that exist for a company. Please note that risks in the scope of this book are mostly cyber-security risks, but a range of risks that could compromise the vitality of a company (e.g., legal risks) may be considered where relevant.\par Part 2 deals with methods and strategies for working with risks and assessing individual risk profiles. Chapter 6 is especially important, as it discusses the risk-assessment process.\par Part 3 discusses various risk solutions and defines three different solution types (i.e., technology, compliance and operational solutions).\par This book provides a very good overview of the whole risk-management system, its methods and possible solutions. Everyone in charge of cyber-security architecture should have this as a basic resource on how to manage things, and even as a user, it will help you to understand the bigger picture.\par \par \par Reference: Kendrick, R. (2010). Cyber risks for business professionals: A management guide. IT Governance. {{\field{\*\fldinst{HYPERLINK https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?docID=647937&ppg=86 }}{\fldrslt{https://ebookcentral-proquest-com.torrens.idm.oclc.org/lib/think/reader.action?
Attachments:
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started