Module 1: Course Overview and Driving Need

Module 1: Course Overview and Driving Need
Course Overview
You will be getting basic understanding of Risk Management Framework (RMF) as it pertains to the system development lifecycle (SDLC)
You will get guidance on how to use this understanding during development, assessment, and continuous monitoring of information systems
We will discuss the RMF in terms of its 6 phases … which will help you develop full understanding of how one phase influences and leads to the next
The RMF provides a structured process that allow organizations to comply with a number of laws, regulations, and policies
For federal systems this includes compliance with Federal Information Security Management Act (FISMA)
For nonfederal systems, organizations are adopting these practices as best practices
RMF is basically a structured approach for developing secure systems, validating, and ultimately authorizing those systems to operate in a production environment
Key CONCEPT = by following RMF, senior officials within an organization accept the risks to the overall organization due to operation of the information system
This was not always the case … Securing information and information systems has evolved in becoming an Organizational Need
This change was driven by FISMA and the National Institute for Standards (NIST) develops the guides to enable an organization to follow RMF

Go over Course Syllabus

Driving Need
Many organizations face the task of implementing data protection and data security measures to meet a wide range of requirements
What are the requirements?
Ever increasing number of sophisticated tools available for free download RESULTS IN a broad technical expertise is no longer required to locate and exploit a vulnerable system
Videos


Forbes Technology Council
By 2020 there will be 200 billion connected things (Cars, Planes, Homes, Cities, etc…)
Norwich University Research (http://graduate.norwich.edu/resources-msisa/infographics-msisa/why-the-us-needs-more-cyber-security-professionals/):
77% of the serious cyber attacks that occurred in 2014 happened in US
Over 552 million identities were stolen
It costs on average 11.6 million dollars per cyber crime
66% of all websites were vulnerable (Heartbleed)
Just google Cyber security attacks 2016
http://www.heritage.org/defense/report/cyber-attacks-us-companies-2016
Information Security Job (Bureau of Labor Statistics)
209,000 cybersecurity jobs went unfilled in 2016

CNA reported “…roughly 80% of the largest firms in the United States have experienced a malicious breach.” (https://blog.barkly.com/law-firm-cybersecurity-2018-attack)
In 2016 … over 10,000 network intrusion attempts were detected per day across just 200 law firms
Why are Law Firms under attack, as an example industry:
They house valuable, confidential data
They have money
They are not prepared
It’s not Just the Big Firms … those are just the ones that get reported
Example: Moses Afonso Ryan, a 10-attorney firm in Rhode Island was hit with ransomware
They paid the $25,000 bounty but after the deadline … leaving their systems encrypted
The incident left all 10 attorneys unable to bill for a single hour for 3 months, the firm reported they lost $700,000 in business
DLA Piper’s DC Office … June 2017
3,600 attorneys and support staff across 40 countries on lockdown for 3 weeks
Total impact – unknown but estimated at over 3 million
Information Assurance (IA) – the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes
It covers data that is stored, being processed, being transmitted, and whether threatened by intent or accident  the information needs to be secured
Information and accompanying systems are ensured relative to “CIA”:
Confidential
Integrity
Available
IA defines and applies a collection of policies, standards, methodologies, services, and mechanisms to maintain the confidentiality, integrity, and availability of information within an organizations information system
Grown to become a critical component of an organization’s information systems management strategy
Ensure that data and systems integrity, confidentiality, and availability are protected and available to support the mission
Threats to systems and data come in many forms ranging from malware infecting a system, loss of a laptop with sensitive information, unauthorized privileged access by a disgruntled employee to a sophisticated cyber attack on critical systems by a malicious foreign source or cyber terrorist organization
Cyber Security encompasses the technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access
Ensuring cyber security requires coordination throughout an information system’s life (network, application, operational, continuity, disaster recovery, development, etc..)
Why name the class Information Assurance and Cyber Security?
to be as inclusive as possible
What does Information Assurance mean to you?
What does cyber security mean to you?
In some domains it is still called computer security

 

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"

Loading...
error: Content is protected !!
WhatsApp Chat with us on WhatsApp