Students will be required to create 1 new thread, and provide substantive comments on at least 3 threads created by other students. Make sure to explain and backup your responses with facts and exampl

Prudhvi

Question 1

To become an assessor one need to have two things, one is Occupational Competence and another one is Assessor Qualification. Occupational Competence would mainly come from the experience of working in relevant job roles. Assessor qualification means you must already be qualified in the area you want to assess (Pan & Zhang, 2020). Now the things an Assessor needs to understand before he or she can perform an Assessment are they should have certain skills and expertise so that they can compete with their competitors. An assessor should be a certified trainer, he or she should a good personality, and he or she should be an expert at communicating with their colleagues. Both of them should have a proper verbal and written communication. He or she should have good technical skills. They should have leadership qualities and planning ability (Shin & Lowry, 2020). They should have clear and good knowledge about the assessment that they are going to perform and they should also know their role in the assessment they are performing. Before conducting an assessment an assessor is trained well so that he or she can perform well in their particular job. The remarks given by an assessor to his colleagues, students, or candidates should be very specific and to the point.

Question 2

A threat agent is a person or a group of people that has the ability to misuse fragility or carry out other destructive activities. A threat agent does the illegal use of assets, for example-identifies theft, forming a setup of porn distributing network on a comprised server; and reveals the delicate data (Shostack, 2014). There are many motivations and usually, they are connected with the nature of threat agents. Any threat agent with the curiosity to research and give a trial of things is expected to go in an extreme way in order to fulfill this need, a successful threat attack enhances the confidence of a threat agent or actor to carry on his activities further in coming future. Nation-states, terrorists, competitors and organized crime, thieves, and hackers are the main examples of threat agents. Modern risk assessment methods identify that there is an urge to execute a threat assessment and to identify the threats that are faced by a system and the agents who are carrying out their activities. Collecting IOS data and examining them is a challenge on its own, but identifying the threat actors and analyzing their activities is totally a different task.

References:

Pan, S. L., & Zhang, S. (2020). From fighting COVID-19 pandemic to tackling sustainable development goals: An opportunity for responsible information systems research. International Journal of Information Management, 55, 102196.

Shin, B., & Lowry, P. B. (2020). A review and theoretical explanation of the ‘Cyberthreat-Intelligence (CTI) capability’that needs to be fostered in information security practitioners and how this can be accomplished. Computers & Security, 92, 101761.

Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.

Srinivas

Question 1

An Assessor is an individual who evaluates the value, importance, or quality of a particular subject. An assessor needs to understand that being an assessor one needs to possess some specific skills and expectations to compete among the other competitors. The skills are as follow being an assessor, the quality of expressing one’s thoughts, to communicate with colleagues or candidates is important. This helps to build trust and also makes the candidate feel programmatic about the unification and the assessment is impartial. An assessor should acquire a required caliber of knowledge and skill in his own department, and the knowledge should be of a higher level than the given assessment (Bar-Tal, 2020). The assessor must have a certificate of training he or she has taken to expertise in his or her subject of assessing. As an assessor ‘a person must have the proper knowledge of his or her role required to perform as an assessor. All the candidates must have all the details about their qualifications, specified knowledge, requirements, and timing of the assessment. Additionally, proper guidance is to be provided to the candidates to execute the assessment in a proper way.

Question 2

With the rise of such threat incidents we need to clarify the threats they pose to businesses and also consumers. The three most common terms classified while discussing cyber risks are vulnerabilities, exploits, and threats. Threat agents have different missions, techniques; different skills, and different possessions. They are all created in their own unique way. They have their own risk profile and can go to an extended length of success. There is a type of attacker that migrates from one system to another very quickly, in search of easy targets. On the other hand, they wait to attack carefully on a single system (Rizvi et al., 2020). There are inanimate threats also. Three attributes are as follows: Intelligence, Adaptively, Creativity. Threat agents are a threat to the high tech secured information and cyber data. Many devices are these that are connected to the web more than they were ever before. This is an alarm to an attacker because they are experts in making use of printers and cameras which were never created to defend advanced activities (Shostack, 2014). It leads the companies and firms to re-think that they have secured their networks that they have kept.

References:

Bar-Tal, D. (2020). Creating fear and insecurity for political goals. International Perspectives in Psychology: Research, Practice, Consultation, 9(1), 5.

Rizvi, S., Orr, R.J., Cox, A., Ashokkumar, P. and Rizvi, M.R., 2020. Identifying the attack surface for IoT network. Internet of Things, 9, p.100162.

Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.

Jlulius

What does an assessor need to understand before she or he can perform an assessment?

                What is an assessor and what do they do?  An assessor “evaluates the quality of a person or thing” (Lexico, 2021, para. 1), which could lead to a security assessor being an individual who evaluates the security quality of an organization.  How does an assessor working in IT or more specifically in security approach an assessment?  Before an assessor can perform an assessment, he or she must first understand an organization’s security policy and how the current security infrastructure enforces the security policy by seeking out the individuals that use, administer, and maintain it.  Having a clear idea of how the security infrastructure works and the people involved within it is crucial to understand the very fabric of an organization and its ultimate business and IT goals.   Talking to leadership from both the technical and business ends of an organization about the risks they can take and the risks they cannot take, or the technical security they currently have and desire (Schoenfield, Brook S.E., 2015) will enable an assessor to further understand the logic and goals of an organization and the boundaries an assessor is able to work within while performing an assessment.  The assessor needs to prioritize understanding the people of an organization and the roles they undertake because it is the people that makeup the foundation to any organization and can ultimately make or break the security of a business or for that matter make or break a business.

How active is each threat agent?  How might a successful attack serve a particular threat agent’s goal?

                A threat agent is an “individual, organization, or group that is capable and motivated to promulgate an attack of one sort or another” (Schoenfield, Brook S.E., p. 35), which can take the form as cyber criminals, industrial spies, and hacktivists.  A cyber criminal’s goal is monetary gain and nothing more.  A cyber criminal tends to use other’s work to achieve their goals and is not interested in putting too much leg work to get the job done.  If a job becomes too complicated for a cyber criminal to finish, they will move on to the next easier job that will pay them just as much or more.  A cyber criminal is after easy money from individuals who are not technical savvy that will fall for easy attacks like phishing attacks.  An industrial spy is out to gain valuable information about its target and cause disorder to it from the information gained if a successful attack is performed.  An industrial spy is highly active and can be an insider that searches waste baskets, copies files and hard drives or perform advanced persistent threats (APTs) to its target internal network (Rouse & Wigmore, 2012) all to get the job done.  An industrial spy is up to the task for any type of job no matter the difficulty and will see it through to the end while keeping a low profile.  A hacktivist is like an industrial spy in that they both seek out information and disorder but the main difference between the two is a hacktivist seeks notoriety about their work and wants to advertise wrong doings of the person or entity they attack.  A hacktivist will use methods like social engineering to attack their targets and can have the same level of intensity to achieve their goal as an industrial spy making them very formidable and dangerous malicious actors.

Lexico. (2021). Assessor. Retrieved from https://www.lexico.com/definition/assessor

Rouse, M., & Wigmore, I. (2012, October). Industrial Espionage. Retrieved from https://whatis.techtarget.com/definition/industrial-espionage#:~:text=Industrial%20espionage%20is%20the%20covert,or%20information%20about%20business%20plans.

Schoenfield, B. S. (2015). Securing Systems: Applied Security Architecture and Threat Models. Boca Raton: CRC Press.