CPO442 Cybersecurity Principles and Organisational Practice Report 2 Sample
Assessment Task
For the purpose of this assessment, you and your group members will act as a cybersecurity team. Your team can select and handle one of the major cybersecurity case scenarios listed in Appendix 1. Alternatively, your team can elect to choose one of the latest cybersecurity case examples listed by the Australian Cyber Security Centre (ACSC) at https://www.cyber.gov.au/about-us/view-all- content/alerts-and-advisories (ACSC, n.d.).
In this assessment, you are to write a report addressed to the chief executive officer (CEO) of the relevant case example of your choice in which you set out your security recommendations. Your report should seek to ensure that the company will not be susceptible to the same cybersecurity threats in the future by providing proper enterprise-grade security governance, training and risk control.
Effective cybersecurity is often misunderstood and undervalued by most CEOs in the corporate world, who do not recognize its importance and may view it as having little or no business value. Knowing how to work in a team and develop written reports that can be understood by non-technical people and persuading them to make critical changes is an important skill to take into your future workplace.
Instructions
To complete this assessment, you must write a 1,000-word (+/–10%) case report that discusses human and cybersecurity principles. Your report should be addressed to the CEO of the organisation for which your team works. The objectives of the report are to ensure that your team receives the funding necessary to provide employees with adequate cybersecurity training and that the company invests in company-wide cybersecurity governance standards that also address the human factors in cybersecurity.
In completing this assessment, you should:
• Review all the learning resources for Modules 4–7 before writing the report.
• Ensure that your report contains information about the topics listed below and is aimed at people with limited technical knowledge.
• Ensure that your report includes relevant diagrams that showcase statistics related to the increase in human exploitation attacks or any other suitable statistics.
By using diagrams, the information presented in the report will be more accessible and visually appealing to readers, which will help them understand and retain the information more effectively.Your report must address:
• The importance of consulting with users and conducting a business process impact evaluation before implementing cybersecurity methods. Examine at least five cybersecurity methods (technical, organisational or both) in presenting your argument.
• Examine whether increasing password complexity would increase security. Justify your response in the report and discuss if and what type of awareness program and training for users is required to create secure but not too complex passwords.
• Include selected topics in security solutions, including the separation of privileges, minimum security allowances, security group policing, biometrics, digital identity, artificial intelligence– driven security solutions and blockchain-driven security assurance.
• Discuss how best the security policies should be communicated/trained and reinforced. Use appropriate statistics about attacks on users (e.g., phishing attacks and social engineering) to emphasise your arguments.
• Detail at least three topics that will be covered in cybersecurity awareness training and recommend at least three subjects to feature in awareness campaigns.
• Be written so that the CEO understands the necessity of the awareness training program and fundamental security governance solutions.
Referencing
It is essential that you use current APA style to cite and reference
Solution
1. Five Cybersecurity Methods
User consultation and evaluation of the business process impact are crucial in the process of implementing cybersecurity methods before incidents like the one that occurred in SCC.
? Access Controls: Taking the opinions of end-users is important to identify who has authority over which data and information so that the admin can implement the role-based access controls (RBAC). This approach restricts access to sensitive data based on user roles, which guarantees one cannot access any unauthorized data, that they do not have access to.
? Data Encryption: Involving users in the evaluation process ensures that encryption methods are applied where necessary, such as encrypting student records to protect them from unauthorized access during transmission or storage.
? Network Monitoring: User consultancy is the appropriate factor that allows the designated implementation of monitoring tools so that it can easily see unusual/abnormal activities (Habeeb, et al., 2019). This method involves deploying intrusion detection systems (IDS) and intrusion prevention systems (IPS) to monitor network traffic for signs of cyber threats for university assignment help.
? Vulnerability Management: With users’ participation, SCC will be able to tackle the most critical vulnerabilities in the system and software by fixing them which will lead to the stability and reliability of the system. Conducting regular vulnerability assessments and patch management ensures that identified vulnerabilities are addressed promptly, reducing the risk of exploitation.
? Data Breach Response Plan: Stakeholders must be involved in the development of a plan to make it consistent with the business processes and regulations of SCC. This plan should outline procedures for detecting, containing, and mitigating data breaches to minimize their impact.
2. Relation between Password Complexity and Increase Security
Enhancement of security is doable by strengthening password complexity which makes it hard for attackers to guess or break the passwords. However, it’s essential to strike a balance between security and usability, especially considering the potential drawbacks of overly complex passwords. The case is of the SCC has approximately private data of 300 students leaks out because of poor passwords leading to an emergency of data security as a result of which a solution is equipped with more complex passwords (Troeth, 2020). Password that has a combination of uppercase letters, lowercase letters, numbers and special characters in the mix are highly strong and increase the level of security. However, when passwords become too complicated, the user experience is negatively affected, leading to password fatigue, such as habit of writing down passwords or using unsafe passwords. Therefore, SCC should complement password complexity with user awareness programs and training sessions. This approach will therefore cover the principles of a proper password practice, what constitutes the guidelines of a strong password to be used along with the best practices on password hygiene and the dangers associated with password reuse and sharing among others. Furthermore, SCC will impart training on the use of password manager applications with the ability to generate and store complex passwords to make users’ experience in password management simpler and more secure at the same time.
3. Selected Topics in Security Solutions
Ensuring the implementation of the mentioned security solutions is critical for the school’s cybersecurity posture in the aftermath of the Strathmore Secondary College (SCC) incident.
? Separation of Privileges: SCC must apply RBAC, a role-based access control tool, to limit access to private student data. The aim is to reduce the risk that unauthorized users will be able to gain access to sensitive records. For example, there could be a contrast between administrators having elevated privileges and teachers or students having lower privileges.
? Minimum Security Allowances: The rule of least privilege makes a maintainer that only its leanest permissions which may be required for their work are available for users (Glöckler, et al., 2023). This undermines the point of weakness and limits the magnitude of any security incident.
? Security Group Policing: Evaluating and updating the security groups and policies of the SCC regularly will ensure the directive is up to date. Through this process, SCC will be able to keep confidential information away from the unauthorized disclosure or modification of student records.
? Biometrics: Biometric systems, such as fingerprint or face recognition scans, have become an extra-security layer, which is known to be stronger than the password system used previously.Biometrics introduce a more secure and convenient way of authentication, decreasing the requirement for weak passwords.
? Artificial Intelligence–Driven Security Solutions: Through the use of AI-driven security systems, SCC can spot and take appropriate action against existing cyber threats assisted by automatic mechanism of AI in real-time (Zeadally et al., 2020). AI algorithms usually process huge piles of data for the purpose of finding patterns that point to malicious actions and can thus take preventive action early.
? Blockchain-Driven Security Assurance: Using blockchain technology in data collecting and inserting as well as alterations gives SCC solutions of a secure and transparent approach in data recording.SCC can attain this by deploying blockchain’s distributed ledger which will not only increase the security but also ensure the authenticity and traceability of student records.
References
Glöckler, J., Sedlmeir, J., Frank, M., & Fridgen, G. (2023). A systematic review of identity and access management requirements in enterprises and potential contributions of self-sovereign identity. Business & Information Systems Engineering, 1-20. Retrieved from https://link.springer.com/article/10.1007/s12599-023-00830-x , [Retrieved on: 09.04.2024]
Habeeb, R. A. A., Nasaruddin, F., Gani, A., Hashem, I. A. T., Ahmed, E., & Imran, M. (2019). Real-time big data processing for anomaly detection: A survey. International Journal of Information Management, 45, 289-307. Retrieved from https://core.ac.uk/download/pdf/544394658.pdf , [Retrieved on: 09.04.2024]
Troeth, S. (2020). Legislation on data breaches in schools. Independent Education, 50(1), 30-31. Retrieved from: https://search.informit.org/doi/pdf/10.3316/ielapa.085227229161459 , [Retrieved on: 09.04.2024]
Zeadally, S., Adi, E., Baig, Z., & Khan, I. A. (2020). Harnessing artificial intelligence capabilities to improve cybersecurity. Ieee Access, 8, 23817-23837. Retrieved from https://ieeexplore.ieee.org/iel7/6287639/6514899/08963730.pdf , [Retrieved on: 09.04.2024]
Would you like to schedule a callback?
Send us a message and we will get back to you
Highlights
Earn While You Learn With Us
Confidentiality Agreement
Money Back Guarantee
Live Expert Sessions
550+ Ph.D Experts
21 Step Quality Check
100% Quality
24*7 Live Help
On Time Delivery
Plagiarism-Free
81 Isla Avenue Glenroy, Mel, VIC, 3046 AU
