University of Maryland, University CollegeCCJS 390CCJS 390 Final Project Briefing Project Final

Document Content and Description Below

Running Head: CYBER SECURITY BRIEFING 1 CCJS 390 6380 Cyber Crime and Security (2192) Final Project: Briefing Project March 10, 2019 CCS International Cyber Security Briefing CYBER SECURITY BRIEF... ING Cyber Security Defined Advances in technology have provided criminals with an additional means to exploit the vulnerabilities of their victims. The Internet is just another tool they use to steal information and money. Regarding businesses, however, these cybercriminals have the capabilities to disrupt, destroy, or threaten the delivery of essential services. Fortunately, CCS International has the capability to provide your organization with a defensive strategy to combat these criminals. We can do this through the implementation of a cyber security program. Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction (University Maryland University College, 2015). Key Components A successful cyber security program fully encompasses all levels within an organization. Our risk management and accountability program ensure that security becomes part of the everyday business, not just an afterthought. Additionally, implementation of our information assurance policy framework solidifies the security program. The cyber security framework used by CCS International includes the policies and processes that will form a secure, high-assurance foundation for the technological safety of your organization. The five key components make up the foundation of our security program are:  Information Security and Risk Management  Secure System Configuration Management  Anti-Malware  Network Security  Security Monitoring (McAfee, 2013). Information Security and Risk Management 2 CYBER SECURITY BRIEFING Our Information Security and Risk Management regime will regulate all users and equipment that are susceptible to cyber-attack. These regulations will govern the following components:  Home and mobile worker  Acceptable use of government systems  Malware prevention  Privileged account management  Removable media (McAfee, 2013). Lastly, to ensure that all employees are aware of regulations set in place through an interest in cyber security, our regime implements many programs. These programs include:  Training, certification, and awareness program for users, operators, and security specialists  Secure configuration development and patch management  Incident management program that includes monitoring and incident response processes  Penetration testing to assess security processes and control readiness (McAfee, 2013). Secure System Configuration Management Strategy Employing baseline secure configurations of system architecture is an essential component of cyber risk management (McAfee, 2013). However, secure configurations are not static elements. They must be continually reviewed to keep up with threat conditions, new business functionality, or policy requirements. One of the most important functions in this process is selecting the additional security controls that will harden the system against a variety of threat vectors. The baseline security controls must include the capabilities to restrict removable media devices, conduct regular antivirus scans, and implement data-at-rest encryption (McAfee, 2013). Anti-Malware Strategy Malware is the tool of choice for any cyber attacker. By using malware, a criminal has many potential routes into the network of an organization. However, most organizations 3 CYBER SECURITY BRIEFING mistakenly equate the benefits of anti-malware programs with those of anti-virus. As malware has become increasingly sophisticated and the attack surface increasingly diverse, a successful anti-malware strategy must include a dynamic capability to prevent, detect, and respond (McAfee, 2013). By following these guidelines, our cyber security program is able to limit the impact of malware as a possible means of attack [Show More]

Last updated: 1 year ago

Preview 1 out of 24 pages