Assignment: Prepare a 4-7 page (not including title) reflection paper on the short paper essays.

The paper should include:

• A brief summary of your course experience.
• Identify and explain relevant conceptual material (theories, concepts) from the course.
• How the course concept/idea/theory may or will change your future actions/activities.

Short Paper Essays For Reflection Paper:

Cryptology in the Workplace

1. What are some of the cryptology methods used in my work organizations? Need Assignment Help?

Cryptology is a vital component of keeping sensitive info secure in my organization. Common methods for encryption are AES (Advanced Encryption Standard), TLS (Transport Layer Security), and SHA-2 for hashing. Symmetric key algorithm AES is used to encrypt databases, stored files, and TLS to make browsing of web sites secure. In addition, there is public key cryptography implementation, in particular, RSA for secure user authentication and digital signature (Antunes et al., 2021).

2. What do you find to be an advantage and disadvantage?

One advantage of these methods is their efficiency and proven reliability. AES, for example, offers a high level of security with minimal performance degradation (Hwang et al., 2021). Additionally, it ultimately increases compliance in addition to guaranteeing data confidentiality and integrity through the integration of cryptographic protocols into business processes.

However, key management presentation remains a significant challenge. Operational disruptions and vulnerabilities can arise from bad keys handling that includes improper key rotation or key store. Often, inadequate user training by the actions of the users lead to policy violations that were unintended, including saving encrypted files to unsecured personal devices.

3. What are some things you think that may be lacking and or should be improved in the future?

Our cryptographic framework must evolve to meet future threats, such as quantum threats. Currently, emerging quantum computing capabilities could potentially break current encryption methods (Taherdoost, 2022). Therefore, we should strive to discover quantum-resistant algorithms to provide future proof security of data.

Additionally, better user training, more stringent endpoint encryption policies, and doing continuous evaluation of security baselines using models such as ISE^TM (Information Security Evaluation) will strengthen our posture (Ali et al., 2021).

References:

• Ali, R. F., Dominic, P. D. D., Ali, S. E. A., Rehman, M., & Sohail, A. (2021). Information security behavior and information security policy compliance: A systematic literature review for identifying the transformation process from noncompliance to compliance. Applied Sciences, 11(8), 3383.
• Hwang, I., Wakefield, R., Kim, S., & Kim, T. (2021). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 61(4), 345-356.
• Antunes, M., Maximiano, M., Gomes, R., & Pinto, D. (2021). Information security and cybersecurity management: A case study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 1(2), 219-238.
• Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards-a review and comprehensive overview. Electronics, 11(14), 2181.

Effective Strategies for Security Awareness and Accountability:

To achieve robust security awareness and accountability within an organization, it is important that leadership commitment, continuous education, clear policy enforcement, as well as engaging external expertise are done. This below are the synthesized strategies and recommendations of evidence based strategies as seen in this week readings.

Management Commitment and Culture Integration

There is visible and sustained management commitment to information security, which is a foundational strategy. According to Layton (2006), any security program requires executive sponsorship and involvement, as management establishes organizational values and resource allocation. All business processes should have security embedded into them, with leadership approving policies, sponsoring training, and ensuring security monitoring and assessment of controls is consistent (Corallo et al., 2022).

Comprehensive Security Awareness Programs

Organizational security awareness programs must be effective, must be organization wide, must be updated frequently, and must be tailored to ever changing threats. As Huang et al. (2021) state, Interactive and scenario based training increases user engagement and retention and cause measurable improvements in security behavior. All staff should have clear roles and responsibilities within the programs and programs should be led by designated individuals or teams.

Clear Accountability and Policy Enforcement

Explicit documentation of security responsibilities in job descriptions and more important, policies and guidelines strengthen accountability. The violation of a confidentiality agreement can also be punished with the help of disciplinary measures, however employees should keep in mind the consequences of violations. According to Taherdoost, (2022), this is supported by the fact that regular assessments and feedback mechanisms help identify gaps and allow for the timely intervention.

External Collaboration and Independent Review

Maintaining objectivity also requires engaging with external experts and running independent reviews to stay on top of current best practices and regulatory requirements. Huang et al. (2021) suggest periodic auditing and participation in professional groups for benchmarking and improving internal security measures.

Conclusion

Organizations should therefore prioritize leadership involvement, dynamic training, clear policies and external expertise to ensure users are aware and are kept accountable. In all, these strategies promote a security conscious culture and counter security risks associated with human factors.

References:

• Layton, T. P. (2006). Information Security: Design, Implementation, Measurement, and Compliance. Auerbach Publications, Chapters 7 & 8.
• Huang, J., Yan, L., Liu, S., Song, N., Zhang, Q., & Zhou, B. (2021). Dynamic control of orthogonal upconversion in migratory core-shell nanostructure toward information security. Advanced Functional Materials, 31(14), 2009796.
• Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, 103614.
• Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards-a review and comprehensive overview. Electronics, 11(14), 2181.

Common Failures and Mitigation in Access Control and Physical Security:

Access control and physical security are the basic safety measures for protecting of organizational data and assets, but audits usually uncovered them as weak points. Some of the common access control failures are poor password hygiene, no multi factor authentication (MFA), and too many giving away privileges to the users (Rawal et al., 2023). There are also significant threats that arise from the persistence of inactive accounts, especially ex-employees'. On the physical security side, most failures relate to a lack of surveillance systems, unsecured entry points and insufficient visitor management protocols (Al Nafea et al., 2021). Unprotected hardware like laptops and servers are also a huge risk.

To tackle these issues, organizations can use MFA along with strong password policies along with automatically expiring the password and locking all accounts. The principle of least privilege and regular access reviews maintain that a user obtains only the required permissions (Malatji et al., 2022). In addition to this, controlled access systems (card readers), security personnel and surveillance cameras should be used to reinforce physical security. A robust visitor management system and secured hardware storage also play key roles. To prevent human related security lapses, continuous employee training and awareness programs should be taken. (Nzeako, et al., 2024.)

Overall, the combination of administrative, technical, and physical controls by means of the security through layers model provides an organization with greater resilience to external and internal threat.

References:

• Rawal, B. S., Manogaran, G., & Peter, A. (2023). Cybersecurity and identity access management. Singapore: Springer.
• Nzeako, R. A. S. G., & Shittu, R. A. (2024). Leveraging AI for enhanced identity and access management in cloud-based systems to advance user authentication and access control. World Journal of Advanced Research and Reviews, 24(3), 1661-1674.
• Al Nafea, R., & Almaiah, M. A. (2021, July). Cyber security threats in cloud: Literature review. In 2021 international conference on information technology (ICIT) (pp. 779-786). IEEE.
• Malatji, M., Marnewick, A. L., & Von Solms, S. (2022). Cybersecurity capabilities for critical infrastructure resilience. Information & Computer Security, 30(2), 255-279

Business Continuity and Disaster Recovery:

Business continuity (BC) planning is designed to keep the essential parts of the business alive during a disruptive event and in its immediate aftermath. Some effective strategies are conducting a Business Impact Analysis (BIA), forming continuity teams, implementing alternate facilities (hot, warm, cold sites), securing supply chain, and having good communication channels. Testing, updates, and employee training on a regular basis is essential for the readiness and conformity with the changing business needs (Sauntry, 2013). The problem, however, is that we easily get tricked in to focusing too much on IT systems and not enough on human resources, supply chain dependencies and physical infrastructure. Another common blunder is not reviewing or testing the BC plan on a regular basis, rendering it outdated and impractical when it comes time to pull the trigger in real events (Antunes et al., 2021).

On the contrary, disaster recovery (DR) planning focuses on recovering IT systems, and data after a disruption. Routine data backups, cloud replication, redundant infrastructure, and Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are all common strategies (Taherdoost, 2022). One of the major pitfalls is placing their trust on unverified backups or outdated technology. Organizations sometimes underestimate the complexity and amount of time it will take to fully get systems back up if plans are not routinely tested (McLaughlin, 2013). Another problem is the lack of coordination between DR, and BC planning; often, they may duplicate efforts and miss critical gaps unless they are integrated.

Resilience, and successful recovery from that requires a responsive and supportive system with executive support and cross departmental collaboration at the table along with BC and DR.

References:

• Sauntry, J. (2013). Continuity of operations planning. In T. R. Peltier (Ed.), Information security fundamentals (2nd ed., pp. 153-194). Auerbach Publications.
• Antunes, M., Maximiano, M., Gomes, R., & Pinto, D. (2021). Information security and cybersecurity management: A case study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 1(2), 219-238.
• Taherdoost, H. (2022). Understanding cybersecurity frameworks and information security standards-a review and comprehensive overview. Electronics, 11(14), 2181.
• McLaughlin, K. (2013). Disaster recovery and business continuity planning. In T. R. Peltier (Ed.), Information security fundamentals (2nd ed., pp. 144-152). Auerbach Publications

Enhancing Enterprise Security Systems:

In a past position I implemented a group-wide IT asset management system that follows hardware, software, and usage statistics in departments. In regards to the assigned readings, this system had some of the central principles in common with physical and environmental security controls. They both focus on layered protection, ubiquitous access control, and auditability. Layton (2006) observes that physical perimeter controls, equipment security and access management are usually neglected although they have been found to be very useful. The same is true for the asset system I resorted to, which was not equipped with strong revision logs and highly granular permission settings, disclosing room for improvement.

One specified improvement chance involves the implementation of more gradation permission levels. As Peltier (2013) proposes for physical spaces, the access should be given on a need-to-know basis along with periodic review of authorization rights. The hierarchical approach of tiered access would have been helpful to prevent overexposure of sensitive resources in the asset system.

A good method of deploying systems in scale is the integration of hybrid infrastructures. This brings on-site solutions for sensitive data with cloud capacities for flexibility and remote access. Hwang (2021) asserts that key is consistent protection in line with the value of assets. Cloud systems have scalability advantages, while on-premises ones have control and compliance advantages.

Additionally, the implementation of service-oriented architecture (SOA) and the Zero Trust principles, makes secure and flexible systems. Ali (2021) favors modular integration and layered authentication as suited for developing enterprise ecosystem. This practice puts usability and security in equilibrium with modernization.

References:

• Ali, R. F., Dominic, P. D. D., Ali, S. E. A., Rehman, M., & Sohail, A. (2021). Information security behavior and information security policy compliance: A systematic literature review for identifying the transformation process from noncompliance to compliance. Applied Sciences, 11(8), 3383.
• Layton, T. P. (2006). Information Security: Design, Implementation, Measurement, and Compliance. Auerbach Publications.
• Peltier, T. R. (2013). Information Security Fundamentals (2nd ed.). Auerbach Publications.
• Hwang, I., Wakefield, R., Kim, S., & Kim, T. (2021). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 61(4), 345-356.