Subject: Emerging Threats and Countermeasures (need 2 copies of answers)Question 1: Write a 500 word essay (APA format & 2 latest scholarly journal article references 2016 on words) Attacks on our nat

1 Copyright © 2012, Elsevier Inc. All Rights Reser ved Chapter 5 Commonality Cyber Attacks Protecting National Infrastructure, 1 st ed. 2 • Certain security attributes must be present in all aspects and areas of national infrastructure to ensure maximum resilience against attack • Best practices, standards, and audits establish a low - water mark for all relevant organizations • Audits must be both meaningful and measurable – Often the most measurable things aren’t all that meaningful Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Introduction 3 • Common security -related best practices/standards – Federal Information Security Management Act (FISMA) – Health Insurance Portability and Accountability Act (HIPAA) – Payment Card Industry Data Security Standard (PCI DSS ) – ETSI Cyber Security Technical Committee (TC -CYBER) – ISO/IEC 27000 Standard family (ISO27K ) • ISO 27001 – Security management systems • ISO 27002 – Code of practice for InfoSec controls – COBIT - Control Objectives for Information and related Technology – NIST Cybersecurity Framework Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Introduction 4 Fig. 5.1 – Illustrative security audits for two organizations Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality 5 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.2 – Relationship between meaningful and measurable requirements 6 • The primary motivation for proper infrastructure protection should be success based and economic – Not the audit score • Security of critical components relies on – Step #1: Standard audit – Step #2: World -class focus • Sometimes security audit standards and best practices proven through experience are in conflict Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Meaningful Best Practices for Infrastructure Protection 7 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.3 – Methodology to achieve world - class infrastructure protection practices 8 • Four basic security policy considerations are recommended – Enforceable: Policies without enforcement are not valuable – Small: Keep it simple and current – Online: Policy info needs to be online and searchable – Inclusive: Good policy requires analysis in order to include computing and networking elements in the local nat’l infrastructure environment Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Locally Relevant and Appropriate Security Policy 9 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.4 – Decision process for security policy analysis 10 • Create an organizational culture of security protection • Culture of security is one where standard operating procedures provide a secure environment • Ideal environment marries creativity and interest in new technologies with caution and a healthy aversion to risk Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Culture of Security Protection 11 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.5 – Spectrum of organizational culture of security options 12 • Organizations should be explicitly committed to infrastructure simplification • Common problems found in design and operation of national infrastructure – Lack of generalization – Clouding the obvious – Stream -of -consciousness design – Nonuniformity Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Infrastructure Simplification 13 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.6 – Sample cluttered engineering chart 14 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.7 – Simplified engineering chart 15 • How to simplify a national infrastructure environment – Reduce its size – Generalize concepts – Clean interfaces – Highlight patterns – Reduce clutter Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Infrastructure Simplification 16 • Key decision -makers need certification and education programs • Hundred percent end -user awareness is impractical; instead focus on improving security competence of decision -makers – Senior Managers – Designers and developers – Administrators – Security team members • Create low -cost, high -return activities to certify and educate end users Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Certification and Education 17 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Fig. 5.8 – Return on investment (ROI) trends for security education 18 • Create and establish career paths and reward structures for security professionals • These elements should be present in national infrastructure environments – Attractive salaries – Career paths – Senior managers Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Career Path and Reward Structure 19 • Companies and agencies being considered for national infrastructure work should be required to demonstrate past practice in live security incidents • Companies and agencies must do a better job of managing their inventory of live incidents Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Responsible Past Security Practice 20 • Companies and agencies being considered for national infrastructure work should provide evidence of the following past practices – Past damage – Past prevention – Past response Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality Responsible Past Security Practice 21 • A national commonality plan involves balancing the following concerns – Plethora of existing standards – Low -water mark versus world class – Existing commissions and boards Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 5 – Commonality National Commonality Program