Submit (300 to 400 words) research post for each part. All sources must be cited properly using APA formatting (At least 2).
There is a startup company called Extreme Unlimited, and they are in the process of hiring new employees due to recent demand for their product. Extreme Unlimited boasts that it can secure any organization with its array of cybersecurity products. However, in their rush to hire, their HR department does not require new employees to go through security awareness training. They assume since they are hiring cybersecurity professionals this step is not required.
What risks do such assumptions pose? Moreover, what other risks might we speculate there are in the organization?
Assessing risk begins with baselining, establishing a current state to get to the desired state. Progress is measured by meeting milestones and objectives, i.e. a maturing process. For example, the capability maturity model has the following framework:
1) Initial – informal
2) Documented Strategy & Principles – formalizing
3) Adaptive Security Architecture – well defined
4) Security Organization & Roadmap – optimized
5) Baseline Security Standards – quantitatively controlled
Give examples of risk at the level of these categories and how each level mitigates risks from the previous level?
In today’s world, both government and the private sector are struggling to provide a secure, efficient, timely, and separate means of delivering essential services internationally. As a result, these critical national infrastructure systems remain at risk from potential attacks via the Internet.
It is the policy of the United States to prevent or minimize disruptions to the critical national information infrastructure in order to protect the public, the economy, government services, and the national security of the United States. The Federal Government is continually increasing capabilities to address cyber risk associated with critical networks and information systems.
Please explain how you would reduce potential vulnerabilities, protect against intrusion attempts, and better anticipate future threats?