Posted: September 2nd, 2022

Tools in Cybersecurity

Tools in Cybersecurity

Topic 5: Article Analysis
An organization that is said to have reached the level of maturity has successfully managed to produce and maintain an approved product list. Mark Bernard, the author of the referenced article has established an elaborate concept of operations for how both software and hardware will be employed. Bernard also brings up the point on how standards-based testing can be a vital tool in achieving quality.
Manufacturers should have the ability to conduct cybersecurity testing during the release process and therefore consumers should expect more from them. With the knowledge that bugs and vulnerabilities related to security could be present, Microsoft took the responsibility of releasing software as a strategy to deal with cybersecurity, back in the ’90s.
The existence of poor practices within the computer applications led to the formation of an evaluation process referred to as Common Criteria. Being an independent evaluation process, common criteria builds confidence among users by ensuring the assessment of the security functionality of a particular product has been made. An Evaluation Assurance Level should be given followed by making the functionality available to the public to give room for the organization to test vulnerabilities and effectiveness.
My to go to measurement strategy would be a metrics system that would enable one to measure the hardware and software compliance in use within the architecture against products that have gained approval. The second measurement would involve hardware and software measure that is configured in accordance with the documentation of the organizational baseline. Compliance to the use of hardware and software as well as adherence to DISA configuration guidance are measures of evaluation for commands that have to go through a DISA Command Cyber Readiness Inspections within the DoD.
Process control charts are very useful for a number of reasons. They help to protect organization assets by monitoring a range of cybersecurity metrics hence enabling the achievement of set goals. In the case of anything going beyond the control limits, an alert requiring investigation is sent. Lastly, they help in showing trend lines making communication on detectable changes possible.
Topic 7: How Could RMF Process Help Public Sector CISOs Deal with these Risks?
How do cyber-attacks such as ransomware (e.g., WannaCry, Petya, NotPetya, etc.) increase the overall risk to the public sector?
In many cases, individuals are not affected when an attack is aimed at a company unless they had partnered with the company. On the other hand, every individual is affected by attacks targeted at the public sector that they use.
People in need of services that a public entity fails to issue permits for are negatively affected. Cyber-attacks targeted at a public sector are more lethal than those targeted at a company or an individual. Consider an attack on an electricity provider, wouldn’t everyone relying on the services be affected in real time when the provider can no longer provide power?
Name at least three risks that could be driven by ransomware attacks on public infrastructure. Describe how each risk translates into a kinetic effect of some sort.
Brand damage is one of the most damaging ransomware risks that any public entity can face. People are more inclined towards the expectation that the public agencies will do the right thing when it comes to the delivery services to the community. In case that expectation is not met, masses rise against the public sectors in demand for more efficient security measures.

Revenue loss is a risk that no entity or individual would like to face. Many of the services that have stiff competition are vulnerable to the risk. The ability to live in a different location that has better serves denies the former of taxes that would have been paid to it. Many public entities that have a record of not providing efficient protection of their people suffer the loss of investors and resident hence losing revenue.
Loss of confidence is a risk attained through breaches such as hacking of personal information. When an entity fails to assure individuals of the safety of their personal information, confidence is lost.
How could the RMF process help public sector CISOs deal with these risks?
The public sector can leverage the RMF process to enable it to perform a variety of functions. One of them is giving a structured approach to information security practices. The other function would be allowing assessment of the IT infrastructure and determining the organization’s level of maturity against the outline levels of control. In an attempt to improve their information security posture, the public sectors could obtain an understanding of underlying risks and take necessary actions. They should be aware of the nature of data they hold and how well they can secure it, and also ensure that their third-party vendors are taking appropriate data protection measures. Data flow diagrams could be very useful in determining the type of data within the systems, and how to function such as storage and processing can be made.
Topic 8: Tools and Techniques
From the presentation, I got interested in the Wayback Machine, NoScript, and OSForensic tools which I purpose to with time. I identified God Mode as a viable shortcut tool that I could utilize to easily access program tasks. Some patching tools such as Ninite were interesting but at the moment I do not have a use for it. Cree.py was appealing but I was disappointed after downloading since it only included Twitter, Instagram, Flicker, and GooglePlus plugins which do not really serve my needs.
PowerShell is the most effective tool that I have used so far for work. SysInternals, HexEdit, and Wireshark are also not badly off. There was an issue with configuring STIG with our systems at my workplace which resulted in the software team developing an automated STIG script using PowerShell. Within 10 minutes, the new development tool can STIG a complete environment making it more competitive than the SCAP tool developed by DISA. The STIG script is quite flexible in that, it can generate reports, take in new STIGs and is independent. To me, PowerShell is very outstanding and effective and I would suggest it to anyone in need.

Check Price Discount

Study Notes & Homework Samples: How effective has Texas been in reducing recidivism amon »The issues of geriatric care facilities