Explain how confidentiality can be achieved in the Workstation Domain with security controls and security countermeasures.
Category: Computer science
The purpose of the Microsoft® Windows Security
What is the purpose of the Microsoft® Windows Security Configuration and Analysis snap-in?
Explain.
Updating the Windows Security
How would you go about updating the Windows Security Options File? Explain how this option can help mitigate risk in the Workstation Domain.
A computer system information.
Consider jobs that require a solid understanding of basic computing, computer storage, and processing speeds as part of an information technology degree. Put yourself in the position of the hiring manager and think about what you would expect as competent responses from an applicant:
Briefly explain the four main parts of a computer system information.
Provide an example of each.
Managing data efficiently requires having sufficient processing speed, paired with the appropriate amount of memory and storage space. Briefly explain what you would recommend for an IT professional to have for their laptop’s memory, storage, and processor.
The Need For Cryptography
What is the reasoning behind the need for cryptography within an organization? First, explain why cryptography is needed based on the potential vulnerabilities present in the absence of an encrypted network. Next, consider the following exercise:
Find a short hidden message in the list of words below.
carrot fiasco nephew spring rabbit
sonata tailor bureau legacy corona
travel bikini object happen soften
picnic option waited effigy adverb
report accuse animal shriek esteem
oyster
Hint: First and last.
Evaluate this code sequence and attempt to decode this string of characters.
The World Wide Web Consortium (W3C)
The World Wide Web Consortium (W3C) is an organization that promotes standardization of things like Hypertext Markup Language (HTML). There have been multiple versions of HTML that developers and browsers have had to learn and adapt to over the years. Discuss the advantages and disadvantages of standardization.
Cloud service models
Select one of these major cloud service models: IaaS, SaaS, or PaaS.
Describe key issues when configuring and operating security for your selected cloud service model.
Be sure to support your response with examples based on your research and experience.
Provide a full citation and reference
“Large-scale denial-of-service (DoS) attacks”
For this discussion, I selected the malicious activity of denial-of-service (DoS) attacks. A DoS attack is a method of disrupting the functionality of an organization’s network or system (Morris, 2021). This is executed to prevent normal users from accessing the resources of that network, which places the network in a position where services are unavailable. A recent example of a large-scale DoS attack would be the attack targeting Amazon Web Services (AWS) in 2020. In this attack, advisories targeted a user through connectionless lightweight directory access protocol reflection (Nicholson, 2023). Essentially, leveraging external servers to significantly increase the amount of data being transmitted to the target’s IP address; upwards of 70 times (Nicholson, 2023). This specific attack greatly impacted AWS, as an example noting that the largest cloud provider can be attacked and rendered nonoperational, as this attack lasted for 72 hours.
The scalable solution is a specific countermeasure AWS put into place to counter DoS attacks. In configuring your virtual infrastructure to be scalable, your resources can expand when the demand increases and consolidate when the demand decreases. This is done dynamically, making for a proactive way of ensuring DoS attacks have a smaller window to target. An additional countermeasure would be configuring a web application firewall for cloud resources. This would enable a mechanism to monitor “good” versus “bad” traffic, thus limiting your attack surface. Overall, the ultimate countermeasure is planning and being proactive with expected behavior. If organizations can conduct analysis and establish what the baseline of traffic looks like, they will be able to get ahead of suspicious behavior and limit the potential for DoS attacks.
References:
Morris, E. (2021) Dos vs. ddos: Which attack is more dangerous and why?, Cybrary. Available at: https://www.cybrary.it/blog/dos-vs-ddos-which-attack-is-more-dangerous-and-why (Accessed: 15 May 2023).
The National Cybersecurity Strategy
The National Cybersecurity Strategy March 2023 provides a comprehensive and coordinated plan to address the growing threats to the United States’ digital ecosystem. It aims to shift the burden of cybersecurity away from individuals, small businesses, and local governments and onto the organizations that are most capable of reducing risks for everyone. The strategy seeks to build and enhance collaboration around five pillars: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals. Its implementation will protect investments in rebuilding America’s infrastructure, developing clean energy, and reshoring America’s technology and manufacturing base.
For this assignment, you are required to analyze the National Cybersecurity Strategy March 2023 and write a 4-page paper, double-spaced, with a focus on one of the five pillars of the strategy.
Cybersecurity
Cybersecurity is a fast-growing field of IT concerned with reducing the risk of an organization experiencing hacking or a data breach. In an annual survey by Enterprise Strategy Group with IT professionals in organizations across the globe, 45 percent of organizations said that they had a “problematic shortage” of cybersecurity skills in 2016, up from 42 percent in 2015 (Oltsik, 2019). Commercial, governmental, and nongovernmental organizations employ cybersecurity professionals. The fastest increases in demand for cybersecurity workers are in industries managing increasing volumes of consumer data such as finance, health care, and retail. However, the use of the term cybersecurity is more prevalent in government job descriptions.
Reference
Oltsik, J. (2019, January 10). The cybersecurity skills shortage is getting worse. [Blog post]. ESG. Retrieved from https://www.esg-global.com/blog/the-cybersecurity-skills-shortage-is-getting-worse
In your discussion, include the following considerations:
Research the government agencies listed for cybersecurity focus. What is the intent of the agencies and core of their mission? How successful have they been in supporting cybersecurity? Is this intention woven into their mission statement and vision?
Familiarize yourself with the varieties and subtle differences in cybersecurity professions and describe your impressions. Are there new titles? More current? What are the differences and similarities (if any)? What skills, talents, or characteristics are needed to succeed in the professions you are examining?
Review information for cyber analysts and other titles in related areas. Which positions appeal to you? Why? Do you have experience in this field? What did you find interesting? What skills, certifications, or experience are needed to succeed in that position?