Assignment: Learning and Reflecting about IT Cyber Security
Background Summary
During the past five weeks, we studied an overview of information security for IT managers. The goal of the course was to prepare you, as an IT professional, to become aware of the cyber security challenges in a world where continuously emerging threats, ever-present attacks, and the success of criminals illustrate weaknesses in current information technologies. This should also help you become aware of the role of an information security management practitioner who secures the systems and networks. The important lesson, however, is that EVERY IT PROFESSIONAL has a responsibility to be aware, to secure, and to protect the employees and data / information of a company of all potential security threats.
Purpose of the Assignment
Rather than take a traditional true false / multiple-choice test covering topics about specific security threats, this exam is designed to have you review and use critical thinking to answer three short essay questions.
Learning to write a "reflective" short essay is important because it helps you increase the value of your learning experience, it encourages you to take meaning from your own research and apply it to what you are learning, and it helps you relate new learnings and experiences to your prior knowledge.
Assignment Hint
Think about each question first. Then, list some bullet points off the top of your head. Research the question to find specific information to support your thoughts and your answers. Spend some time outlining your answer to be sure you have included everything you want to say. Include why you think and feel that way as well (justification). Then use the outline to write your thoughts in complete sentences and paragraphs. Do not submit your rough notes or outline, only submit your final written short essay for each question. Each short essay answer should be a minimum of 150 - 200 words. Remember, this assignment is worth 25 points (8-9 points per question.)
(Note: The previous four paragraphs are 318 words.)
There are no right answers. Good answers are your thoughts, your research, and how well you express what you have to say.
Short Essays:
1. Two of the "Student Learning Outcomes" in the course Syllabus included:
i. Understand the trends, impacts, and effective security controls for the following types of threats:
- Web Application Attacks (#3)
- Point-of-Sale Intrusions (#4)
- Insider & Privilege Misuse (#5)
- Miscellaneous Errors (#6)
- Physical Theft & Loss (#7)
- Crimeware (#8)
- Payment Card Skimmers (#9)
- Cyber-Espionage (#10)
- Denial of Service Attacks (#11)
ii. Compare the types of security attacks which affect the 17 Critical Infrastructure Sectors.
As a student, did the ITEC 493, IT Security for Managers, course accomplish these two Student Learning Outcomes (STOs)? Describe your feelings. Choose one security threat and one critical infrastructure sector that you studied over the semester as an example (counts as one question for grading purposes).
a. What did you learn about this threat and sector that was new to you?
b. How might you use this information in your future IT professional career?
2. During this summer, we studied the Verizon Data Breach Investigation (DBIR) reports (2019, 2018, 2017). We used the DBIRs throughout the course to find examples of actual security intrusions and threats plus the necessary security controls, which should be implemented to avoid or, at least, mitigate the security threats and attacks. Under BLACKBOARD / Module 3, I just posted another source of security best practice tools: DISA's (Defense Information Systems Agency's) STIGS' (security technical implementation guides') role in cybersecurity. Please review this information and prepare answers to the following two questions from the Quick Start Introduction & Demonstration Video (34:21 mins), (counts as one question for grading purposes). The answers to these questions are in the first two minutes of the video.
a. What is the difference between a STIG "Guide" and a STIG "tool?"
b. List three different members of the "User Community" and explain how you, as an IT Professional" might use the DISA STIGs even if you are not working in the Defense Sector?
3. During this semester, we used Small Group Virtual Discussions (SGVDs) to learn about nine different security threats. Small groups allowed you to discuss the threat examples and controls with only 7-8 other students instead of the entire class of 22 students. Separate SGVDs allowed you to concentrate each discussion on one security threat. Rather than discuss what you learned in these discussions, please take the time to reflect on the assignments and write the pros and cons of this type of learning method. What did you like or dislike? Any recommendations for future classes?
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.