Question:
As a cybersecurity specialist, a significant part of your time is spent on identifying vulnerabilities to informational assets in an organisation and making recommendations to mitigate those identified vulnerabilities and threats. In real-world contexts, you may also encounter ethical dilemmas in cybersecurity practices.
The management has not invested much in cybersecurity. No firewall or intrusion detection/prevention system is in place, and the operating systems they use on both the servers andthe computers for staff have not been upgraded for many years. The IT department in GM isunderfunded and understaffed. Therefore, there is no dedicated team to monitor network traffic orto perform periodic maintenance to IT systems. GM does not implement any access control. Staff may install any software on their computer at work.
There is no effort to develop staff’s awareness on cybersecurity and there are no training sessions to educate staff on cybersecurity.
This assessment, through three parts and submissions, develops your skills in identifying andcommunicating threats and vulnerabilities to informational assets, making recommendations to the identified threats and vulnerabilities to cybersecurity and understanding the ethical ‘best practices’ to address ethically difficult issues in cybersecurity practice.
- identifying the informational assets that need to be protected and build a business case for management to justify investment in cybersecurity
- identifying and discussing at least five (5) vulnerabilities that exist in the company’s IT infrastructure and operation
- for each vulnerability, discuss potential threats, possible attacks and the consequence for the business.