Education and Cyber Security Awareness Essay

Introduction

Employees should be educated to prevent and avoid suspicious activities on their systems such as being vigilant when browsing, limiting activities when using public Wi-Fi networks that are insecure or by using a virtual private network et cetera. Also, by educating staff on what to look for in a system will increase the ability of the company to recognize cybercrime early and prevent them. Nonetheless, training should start at the organization's top, working down (Fischer, 2014). Therefore, it is recommended to appoint an ambassador for cybersecurity in each organization's department to assist in detection and response of incidences for potential cybersecurity risks and threats. The activity helps to expand the efficiency of any IT security team while ensuring there is a responsible person in an organization who is accountable for maintaining and implementing the cybersecurity measures.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Leveraging Trusted Resources

Maintaining, building, updating and scaling an online information source on how users of all levels of sophistication can improve and establish their protection profiles in cyberspace is imperative. Leveraging capabilities, for example, those in the United Kingdom with "Get Safe Online," to implement a sustained, and comprehensive national awareness and education campaign is a fundamental component of successful cybersecurity programs (Kurtz, 2015).

Using Strong Passwords and Keeping Privileged Accounts Protected

A social password's average age currently is years, and the social media does not alert anyone on how old their passwords are, how weak it is nor the good time for changing it. It is one's responsibility to change the password more often for the account's safety. Also, if one has many passwords and accounts, an enterprise password might be used and privileged account vault to make it secure and easy to manage (National Institute of Standards and Technology, 2001). Using one password multiple times can advance persistent threats, that is, using privileged accounts is the difference between a simple perimeter breach and malicious activities, major data losses, financial fraud or ransomware.

Not allowing users to execute or install unapproved applications to stop ransomware and malware at the endpoint.

Risks can be posed in a system if malware or ransomware is allowed to propagate and infect into its organization. For instance, when a user using a privileged account is opening documents, reading emails, clicking on numerous links or plugging a USB device into the system, they can unknowingly install malicious or infectious tools. The action enables an attacker to gain access of the computer quickly and begin to attack from within the perimeter or encrypt sensitive data and the system, then request payment in return to unlock them (Fischer, 2014).

Primary Agencies Responsible in Preparing For, Responding and Recovering From a Cyber-Attack

The Department of justice, through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force, are the agencies responsible for coordinating the responses to cyber threats. The FBI communicates with stakeholders at an affected company and with the law enforcement in collecting intelligence and evidence, stop the cyber threats and start an information sharing process with the Homeland Security Department (Fischer, 2014). When a major cyber attack occurs, the FBI, along with response teams, local and tribal governments, state, members of the industry, non-government organization and other federal agencies respond as the Cyber Unified Coordination Group. Also, when a large organization suffers a major cyber attack, the FBI works with the company to understand the incident's scope and its impact on critical infrastructure (National Institute of Standards and Technology, 2001).

The Department of Homeland Security is also an agency responsible for the response of cyberattack. The interconnectivity of critical systems, the sheer volume of information and large vulnerabilities in network security must be addressed by the Department of Homeland Security. The DHS ensures these activities are all met by keeping the lights on as critical infrastructure is always the main target for cyber attacks. It also stems from the loss of data in large organizations because hackers might use the ill-gotten information or data to steal the identity of unsuspecting people and sell it to terrorists (Kurtz, 2015).

Critical Infrastructure Sector

Critical infrastructure is an area that provides the essential services that underpin a company or an organization and serve as the backbone of the organization's economy, health, and security. Therefore, the chosen critical infrastructure sector is the energy sector (Fischer, 2014).

Efforts and Cooperation Needed to Prepare, Respond, Recover and Mitigate Cyber-Attacks

As the energy sector has become increasingly complex and more globalized in its software components' reliance, the risk of the supply chain has evolved and expanded. Therefore, the efforts and cooperation needed include: Applying existing frameworks across the energy sector. The energy sectors companies can leverage existing frameworks, especially the NERC-CIP standard and the energy sector's cybersecurity capability maturity model as blueprints for enhancing security across the department of energy, as well as third-party suppliers (Kurtz, 2015). Also, the sector incentivizing trusted practices of Information Technology to curb unintended taint in the energy sector. They can do this by increasing awareness and adoption of effective practices and avoiding the ineffective, through use of buying power and reduction of regulatory burden. Vulnerability coordination, sharing, and monitoring are also needed. The energy sector, industry organizations and Department of Homeland Security can increase the awareness and the understanding of software vulnerabilities that exist across the energy sector to the asymmetry of information among companies affected by the same issue (National Institute of Standards and Technology, 2001).

References

Fischer, E. A. (2014, Dec 12), Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation. Congressional Research Service. Retrieved from: http://www.higheredcompliance.org/resources/CRS-RPT_R42114_2014-12-12.pdf

Kurtz, P. (2015, May 19). Congress Wants Companies Facing Cyberattacks to Share Data, and It's Not a Moment Too Soon. Retrieved from: http://qz.com/407215/congress-wants-companies-facing-cyber-attacks-to-share-data-and-its-not-a-moment-too-soon/

National Institute of Standards and Technology (2001). NIST Special Publication 800-33 - Underlying Technical Models for Information Technology Security. Retrieved from: http://csrc.nist.gov/publications/nistpubs/800-33/sp800-33.pdf