Question

WEEK 2 DISCUSSION

ANSWER ANY TWO OF THE FOLLOWING IN 2-3 PARAGRAPHS OF EACH QUESTION.

1: The Report of the Task Force on Private Security states, “There is virtually no aspect of society that is not in one way or another affected by private security.” Is that still true today? Why or why not.

2: Discuss the different security concerns for different industries and why there is a difference between them.

3: What's the NIST Cybersecurity Workforce framework and why is it valuable?

Answer 1

2. Discuss the different security concerns for different industries and why there is a difference between them.

ANSWER:

1. Banking and Finance

The banking and finance industry is undoubtedly an ideal target for hackers. After all, organizations in this industry have all the valuable information attackers yearn for – from client identities and bank account numbers to home addresses and private financial information.The industry is responding with various initiatives to regain control of the financial cyberspace, which includes promoting greater accountability and awareness, improving communication for easier collaboration with the government and ultimately recruiting and developing a better team of cyber-talent. However, emphasis should also be placed on the continual education of security professionals as cybersecurity threats continue to evolve at an alarming rate.

2. Healthcare

Healthcare is yet another information-intensive industry and a prime target for hackers. Hospitals have access to electronic healthcare records, containing large amounts of information, from names and addresses of patients to their physical condition and financial details.

3. Online Retail

As retail organizations move their products and services online, they open themselves up to cyber-attacks. The industry is mainly vulnerable due to a traditionally high employee turnover and widely distributed attack surface, leading to more opportunities for hackers.

4. Education

Educational institutions, universities in particular, are targeted by hackers for the valuable academic research they produce, as well as to use the network infrastructure to launch attacks against other targets. The College of Engineering was the target of two sophisticated cyber-attacks in 2015, compromising records of up to 18,000 people.

The different Industry is having different security concerns because industry have different requirements for their needs. Every one wants to secure their data, since every industry works on different services. For example Amazon Cloud Services works on secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow where as American Bank help to make financial lives better through the power of every connection
since both the industry have their own database that's why security is important.

3. What's the NIST Cybersecurity Workforce framework and why is it valuable ?

ANSWER:

NIST Cybersecurity Workforce framework

The National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education, Cybersecurity Workforce Framework (known as the NICE Framework), is a reference resource for describing and sharing information about cybersecurity work. This framework standardizes the knowledge, skills, and abilities needed to complete tasks and work in particular roles. It is composed of three components: Categories, Specialty Areas, and Work Roles.

The NICE Framework is arranged using a top-down approach where each of seven Categories are comprised of Specialty Areas (33 total) which are then broken down into Work Roles (52 total). The seven Categories represent common cybersecurity workforce functions. These are:

• Analyze – reviews and evaluates incoming cybersecurity information to determine its usefulness for intelligence
• Collect and Operate – provides denial and deception operations as well as the collection of cybersecurity information that may be used to develop intelligence
• Investigate – investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence
• Operate and Maintain – provides the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security
• Oversee and Govern – provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work
• Protect and Defend – identifies, analyzes, and mitigates threats to internal IT systems and/or networks
• Securely Provision – conceptualizes, designs, procures, and/or builds secure IT systems, with responsibility for aspects of
• system and/or network development

NIST Cybersecurity Workforce framework is valuable because it is an important high-level tool for organisations trying to improve how it identifies, recruits, develops, and retains cybersecurity talent by enabling them to better define their cybersecurity workforce and identifying gaps in staffing. As a reference tool, it help describe the interdisciplinary nature of cybersecurity and leveraging it can help organizations fulfill all of the different skillsets needed for a successful cybersecurity program. It also provides language for organizations to utilize when creating position descriptions consistent with industry language. The NICE Framework identifies KSAs for training, certification, and education providers to develop curriculum around current employees.

PS: Feel free to ask any doubts in comment section and don't forget to give rating to the question