13 Quiz essay question:

Subject : Cybersecurity Threat Detection

Please complete this quiz question. Each answer must be your own word, no more than 3 paragraph. The test is open book and open note. Complete the work with no outside assistance. NO CITATION REQUIRED BECAUSE ANSWER MUST BE YOUR OWN WORD. NO PLAGIARISM TOLERATED! PLAGIARISM WILL BE CHECKED WITH TURNIT-IN.COM

1 – Your organization’s website wants to install a program to display the local weather and time. What threat could this program cause to the organization? What threat could it cause to website visitors? What controls could counter any threats?

2 – Explain in your words what a rootkits is, what harm it does, and why it is so difficult to remove?

3 – How can one remove a rootkit from a computer?

4 – Would you allow or disallow .exe (executable) files to move on your organization’s network?

5 – What is a zero day attack/exploit and how can your organization reduce its vulnerabilities to such attack?

6 – What are limits of testing a program for vulnerabilities?

7 – What are the limitations of anti-virus programs and security suites?

8 – What are the four dimensions of an insider threat and explain each?

9 – How can the cloud enhance your organizations cyber security?

10 – Explain what public and private keys are for cyber security?

11 - What is the C-I-A triad and define (you can use your own words) what is each aspect means?

 

12 - What are the three sequential terms of human mistakes in software development?

13 - What is so unique about the Stuxnet attack from an international relations perspective?

 

 

 

REQUIRED TEXTBOOK

 

Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach

Author: Pfleeger, P., Charles and Pfleeger, L., Shari

Publisher: Prentice Hall

Edition: Please Use Most Recent Edition

 

 

MATERIALS

The National Strategy to Secure Cybersecurity: (2003). PDF downloadable from: http://www.us-cert.gov/reading_room/Cybersecurity_strategy.pdf

Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise. Department of Homeland Security. (2011). PDF downloadable from: http://www.dhs.gov/xlibrary/assets/nppd/blueprint-for-a-secure-cyber-future.pdf

Cybersecurity Operations: What Senior Leaders Need to Know about Cybersecurity. William Waddell, David Smith, James Shufelt, Jeffrey Caton. (2011). Center for Strategic Leadership. PDF downloadable from: http://www.csl.army.mil/usacsl/publications/ CSLStudy_1_11_CompleteReportWithCovers.pdf

Effective Synchronization and Integration of Effects Through Cybersecurity for the Joint Warfighter. BG George J. Franz, III. (2012). PDF downloadable from: http://www.afcea.org/events/tnlf/east12/documents/4V3EffSynchIntEffthruCybrspcforJtWarfighter_forpublicrelease.pdf

Cyberwar as a Confidence Game. Martin C. Libicki. (2011). PDF downloadable from: http://www.au.af.mil/au/ssq/2011/spring/libicki.pdf

The Law of Cyber-Attack: Oona A, Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowland, William Perdue, Julia Spiegel. (2012). PDF downloadable from: http://www.law.yale.edu/documents/pdf/cglc/LawOfCyberAttack.pdf

Supplemental Reading

A few excellent online sources of current and basic information can be found at:

• http://msisac.cisecurity.org/resources/videos/free-training.cfm
• http://www.cddc.vt.edu/eeddll/tandlincyb.html
• http://ics.utsa.edu/ICSpdfverison.pdf 
• http://www.Cybersecuritylaw.org/

Cybersecurity students should be urged to read, on a regular basis, publications such as:

•  Cyber Security Digest (www.cybersecuritydigest.com.)
•  Cyber Security (http://ieeexplore.ieee.org/Xplore/home.jsp) may require membership in IEEE.
•  Digital Forensics Magazine (www.digitalforensicsmagazine.com)