Vulnerabilities Threats and Risks
Organizations must implement countermeasures to protect information and data that are vulnerable to cyber attacks. As new security threats are introduced, these countermeasures must be evaluated and improved. In this project, you will investigate common types of cyberattacks and possible solutions, evaluate the costs of implementing identified countermeasures, and communicate the recommended solution to a nontechnical audience. Upon completion, you will present to management the most likely attack vectors against your organization and suggest solutions ranked by cost and effectiveness. You will also suggest how the mix of identified state and non-state actors should affect policy maker decisions and policy development for critical infrastructure protection. This is the final of four sequential projects. There are 15 steps in this project. Begin by reviewing the project scenario, then proceed to Step 1.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
- 5.2: Examine architectural methodologies used in the design and development of information systems.
- 6.2: Create an information security program and strategy, and maintain alignment of the two.
- 7.2: Evaluate international cybersecurity policy.
- 7.3: Evaluate enterprise cybersecurity policy.
- 8.2: Evaluate specific cybersecurity threats and the combination of technologies and policies that can counter them.
Step 1: Define Vulnerabilities, Threats, and Risks
Vulnerabilities, threats, and risks are important to understand in order to evaluate and ultimately improve security posture by mitigating risks. Your organization’s security posture will determine its cybersecurity policies. Assessing risk is key in this process. Define vulnerability, threat, and risk. Consider their relationship to one another and how they relate to the security of networks and data. You will use this information to complete your vulnerability assessment and to develop the educational brochure for your workforce. (Review Programming, Systems Software, Application Softwareand Software Interaction if you do not already have a working understanding of these topics.)
Step 2: Identify Examples of Vulnerabilities, Threats, and Risks
In Step 1, you familiarized yourself with the concepts of vulnerability, threat, and risk. You now understand their relationship to one another and how they relate to security. In this step, you are going to identify at least two examples of a vulnerability, two examples of a threat, and two examples of a risk in each of the following categories:
- people (human factors)
You should identify a minimum of eighteen examples. This will assist you in conducting the vulnerability assessment and developing the educational brochure. (Review Basic Elements of Communication and Computer Networks if you do not already have a working understanding of these topics.)
Step 3: Identify Current Vulnerabilities and Threats
After defining and identifying examples of vulnerabilities, threats, and risks in Steps 1 and 2, you should understand the basic concepts of vulnerabilities and threats as they apply to general cybersecurity. However, vulnerabilities and threats are dynamic: They can evolve with changes in technologies, changes in adversary capabilities or intentions, or changes in human behaviors and organizational policies. It is important to understand current vulnerabilities and threats and their applicability to the larger community as well as to your organization (e.g., critical infrastructure protection), so that you can make informed recommendations on how/whether to mitigate them. Identify current known vulnerabilities and threats that could impact your organization. The vulnerabilities and threats that you identify will be necessary for your final presentation. (Review
List a minimum of two current known vulnerabilities and threats involving the following:
- people (human factors)