ISSC 642 Central Texas College Killing with Keyboards Discussion and Responses

This is a two part questions. First I will need the discussion question answer which will be below in bold, 300 words APA format. For those response I will need two responses of at least 175 words each.

Please look at the killing with keyboards file then answer the following questions in the context of the best practice concepts covered in chapter 11 and the security professional proficiencies covered in chapter 13. Identify what is at risk here, 5 possible threats and 5 vulnerabilities in this scenario. Analyze measures that could be taken to reduce the risks.

Part two

Student one:

I hope all is well and you are excited to be moving into week 5 of this course. This week, we are able to use our readings and apply it to a training I have seen a few times now. This is a great example of how a bunch of information can be pulled together to get a better picture.

After reviewing “Killing with Keyboards” we are asked to answer these questions:

What is at risk here?

Identify 5 possible threats, and 5 vulnerabilities in this scenario

Discuss measures that could be taken to reduce the risks.

The risk in this situation is not only one but could be many. The first and one that stands out to me the most is lives of the family. Along with family, there are also risk of others. Moving down on my own priority list is risk of leaking sensitive information hurting the organization but also the individual with possible loss of position and clearance. This scenario is an example of aggregation. They put a bunch of what looks like basic information together making it deemed to be a higher classification such as name, family, organization, address, phone numbers, and so on.

Vulnerabilities               

1. The Internet is an open-source tool that anyone can use for potential harmful tasks.
2. Not being aware of your surroundings at all times.
3. Social media and Blog Sites can use fake or anonymous accounts. Example of possible social engineering
4. Disclosure of too much information. Aggregation of unclassified information to produce a classification of secret material.
5. Utilizing same username and password in many places. This is due to brute force attacks and a single point of failure.

Threats

1. Users on Social Media and Blog Sites. Due to being able to be anonymous, all users pose a threat to the information you share.
2. Foreign Government. In this situation, a foreign government is a threat exploiting persistent attack.
3. The individual is a threat as well. By disclosing information and talking about sensitive topics, he is a threat to the organization.
4. Public Wi-Fi is a threat because you never know the type of security that it has implemented. Also once you have a password or access, a hacker can begin monitoring all traffic on that network.
5. Individual met at the unclassified conference is a threat. This individual is a threat to himself, family, information, and the organization.

Preventative Measures

1. Completed information security training whether that be annual, semi-annual, or quarterly.
2. Review all information posted on social media. This needs to be done by all individuals no matter the type of work conducted or the organization you work for.  Keeping yourself safe is more important than sharing on social media.
3. Review all information posted about position, project, and more. Best practice is to just not post anything about work. This is mainly focused at blog sites due to the threat they can have.
4. Do not discuss work with strangers and report to security if they are asking to detail of questions
5. Understand that because of a clearance everything you do and say become information that someone wants.
6. Before going on a trip, get security briefings on what to do in different situations you may be faced with

I look forward to reading all your comments and hope you have a great rest of your week.

Reference

Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond intrusion detection. Boston, MA: Addison-Wesley.

Segal, C. (n.d.). 8 Cyber Security Best Practices For Your Small To Medium-Size Business. Retrieved March 31, 2020, from https://www.coxblue.com/8-cyber-security-best-prac…

Top 10 Secure Computing Tips. (n.d.). Retrieved March 31, 2020, from https://security.berkeley.edu/resources/best-pract…

Student two:

This presentation was awesome. I have tried many times in explaining to my family, being in the military myself with knowledge, numerous times about posting crumbs on the internet. I will be showing this presentation with the hope that this helps it sink in a it. I will also be showing it to my soldiers. What is at risk here? There are s couple of things that are at risk. The upmost important factor that was at risk was the family. That picture was terrifying. Secondly, the lives of our servicemen and women. Third, the information that was supposed to be confidential. What were some possible threats? One, a foreign government training child to search the internet for vital information. Two, social media. The individual himself was a threat. Three, He was complacent. Four, He talked about classified information with an unknown person. Five, the man at the conference was the final threat. He even had pictures of his family to show Chris if he didn’t get the information organically.  What are some vulnerabilities in this scenario? One, let’s start with the individual himself. He was complacent, which makes hm vulnerability to threats. Two, he was lonely at the conference and just wanted someone to talk to and saw a fellow with like interest. Three, social media is always a vulnerability. Four, free Wi-Fi. Five, just the internet itself can make you vulnerability. As in the presentation, everything is one there posted from other sources and then can be compiled to make a profile, big data. Some of these risks can be reduce by be aware of what you are posting on social media and what others are posting about you or with you in social media. Taking the security briefings more seriously and quit thinking they are a joke or outdated. Talk to your security personal about what precautions to take when out of town, like at a conference. It is ok to talk to new people but not ok to talk about classified information even if they brought it up first.