Close

OCU C)ISSO D Discussion Lesson 11

Viewing 2 reply threads
  • Author
    Posts
    • #65754
      Jessica Jagerson
      Keymaster

      There are many CyberSecurity issues.  Of the top 15, choose 3 to explain in detail.  In these explanations, discuss how these are important to a security officer and company.

    • #85255
      Marcena Davis
      Participant

      Week 3 Lesson 11:
      There are many CyberSecurity issues. Of the top 15, choose 3 to explain in detail. In these explanations, discuss how these are important to a security officer and company.

      Three of the top 15 cybersecurity issues that are crucial for security officers and companies to address are ransomware attacks, phishing scams, and insider threats.

      1. Ransomware attacks: Ransomware is a type of malware that encrypts a victim’s files and demands payment in exchange for the decryption key. These attacks can be devastating for businesses, causing downtime, data loss, and reputational damage. Security officers must implement a robust backup strategy, train employees on how to identify and report suspicious emails or websites, and regularly update security software to prevent ransomware attacks.

      2. Phishing scams: Phishing is a technique used by cybercriminals to trick individuals into revealing sensitive information such as login credentials or financial data. These attacks can occur via email, social media, or other communication channels. Security officers must educate employees on how to identify and report phishing attempts, implement strong access controls and authentication protocols, and use advanced threat detection solutions to prevent phishing attacks.

      3. Insider threats: Insider threats are risks posed by employees or other authorized users who intentionally or unintentionally compromise the security of a company’s systems and data. These threats can include theft of confidential information, sabotage, or accidental data leaks. Security officers must implement strict access controls, monitor user activity, and conduct regular employee training to prevent insider threats.

      These three cybersecurity issues are important for security officers and companies to address as they can cause significant harm to businesses if not adequately managed. By implementing best practices such as network segmentation, access controls, backup devices, and regular testing, security officers can reduce the risk of cyber-attacks and protect their organization’s assets.

      • #85395
        Kelly Crooks
        Participant

        Marcena, of the three cybersecurity threats you listed, I have been a victim of two of them. Years ago my wife and I were looking for online jobs to do from home. We thought we had found one and we downloaded the information it said to download. It was a malware virus. They stole all of our banking and financial data, took $900 out of our savings account, and continued to try to take money out. They demanded we pay an additional $2500 to get our information back. We filed a police report and changed all of our banking information. I learned a very important and expensive lesson that time about ransomware.

        The same basic thing happened about six years ago with the phishing scam. My wife clicked and opened an email she got, thinking it was legit. Fortunately, at that time we had some security protocols in place on our computer and even though she opened the email, they weren’t able to steal any of our information.

        I agree that employee education is important to stop a lot of the cyber attacks that happen. Everything is done online any more theater that is banking, emails, financial transactions, shopping, or booking a hotel room. Cybercriminals don’t care about your privacy they just want your data and sometimes money.

    • #85357
      Kelly Crooks
      Participant

      The first cybersecurity threat I choose is password theft. Password theft was the number two threat on the list I found. Password theft is so common because people tend to use simple passwords so they can remember them. Users use the same password for multiple sites making it easy to access their data. Third parties manage to steal or guess your password. There are several ways to prevent password theft. One uses a stronger password that consists of numbers, letters, and special characters. Another way is by not having your username and password automatically stored on a device. I know this makes it easier when logging into a site but if the device is lost, stolen, or compromised the intruder has free reign of your information. You can implement the use of two-step verification or use a biometric reader. Making sure that passwords are safe and secure and not easily accessible are especially important to company and security officer because some companies have hundreds of users and they all have access to the companies’ data. Making sure that data stays safe is vital, especially because so much data is stored on devices or in the cloud. It is a security officer’s job to keep that data safe and make sure the right protocols are in place.

      The second attack I choose is the Trojan Virus. This kind of cyberattack happens by disguising malware as legitimate software. One of the most common ways the Trojan Virus was implemented into a computer or network was by displaying an “Alert” on the screen when you visited a website. The “Alert” recommended scanning your computer for harmful viruses. When you performed the scan the malware was delivered through that scan. As a security officer making sure that people are trained and informed on how to recognize these kinds of scams and malware can save the company time, money, and the loss of data. By being able to recognize it as a virus or scam you can avoid any harmful outcomes of the data or the company. Having the correct security protocols and training in place will help to deter these kinds of attacks.

      The third type of attack I choose is the Drive-By Attack. This kind of cyber attack happens when malicious code is delivered onto a system or device. This kind of attack requires no action by the end user. There is no need to install anything or click on a link. The harm is done automatically because it is done through the code. Making sure you have the correct firewall, and other security software on your device will help to avoid this kind of attack. Since there is no action required by the end user, knowing how to recognize and defend against this kind of attack is important for both the company and the security officer because this kind of attack makes it easy to steal data and information. The proper training and protocols in place will help to defend against this kind of attack. Also avoiding questionable or compromised websites will help.

      • #85387
        Marcena Davis
        Participant

        Hey Kelly! It’s great to read your insights on the first cybersecurity threat, password theft. I totally get it; I have a bad habit of reusing passwords too. It’s so easy to use simple passwords that are easy to remember, but as you said, this makes it easier for third parties to steal or guess our passwords. Implementing stronger passwords that include numbers, letters, and special characters is definitely a good idea to prevent password theft. Another great way to keep our passwords safe is to avoid having them automatically stored on our devices. I definitely do this! I know it’s convenient, but if our devices are lost or stolen, the intruder will have easy access to our sensitive information.

        As you mentioned, it’s especially important for security officers to ensure that passwords are secure and not easily accessible, especially in companies where there are hundreds of users with access to the company’s data. Data security is of utmost importance in this digital age, and security officers play a vital role in keeping that data safe and implementing the right protocols.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email information@mile2.com .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.

 

Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  

 

Accreditations

We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense

USAF

The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission