Reference no: EM13690745

Topic 1: Advanced and Persistent Threats

One of the biggest risks that companies face is advanced persistent threats. Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat.

What policies can help manage the insider threat for an organization's supply-chain companies, or the organization's off-shore contractors?


Integrate the concept of separation of duties into your discussion.

Topic 2: Mandiant Report

On Feb. 19, 2013 Mandiant released a report alleging that a specific Chinese military unit is behind one of the largest cyber espionage and attack campaigns aimed at American infrastructure and corporations. Public understanding of Advanced Persistent Threats (APT) is weak, attribution remains difficult, and cyberattacks are often dismissed as criminal or peripheral to national security. This carefully-researched report is significant because it convincingly and publicly assigns attribution for ongoing cyber espionage to groups supported by China. By publishing, Mandiant hopes that -

(a) this report will lead to increased understanding and coordinated action in countering APT network breaches; and

(b) its resulting exposure and discussion may thwart APT activities.

Discuss whether Mandiant's two desired outcomes above are likely to occur.

Topic 3: EMP and Solar Weather

While the daily news contains a wealth of information about vulnerabilities, threats, and hackers, there are still several national cybersecurity concerns about which little is known by the general public. Electromagnetic pulse (EMP) is described by several experts as a low-probability, high-effect event. First, read the journal article by Dan Dickerson: "No Defense: America's Growing Vulnerability to an EMP Attack." Another low-probability, high-effect threat are "Coronal Mass Ejections, more commonly known as Solar Flares. Our own sun goes through an eleven-year Sun Spot cycle, with the next maximum Solar Flare activity predicted to occur between 2013-2014. An "EMP" spike, or either a "Coronal Mass Ejection" magnetic field, can each disrupt or permanently disable power lines and computer circuitry. They can each fry transformers or overheat transistors. When an EMP event, or a Solar Flare, involves enough high energy, the resulting damage to electronic equipment may be so severe that a re-boot or re-start may not be possible. The equipment is trashed. The DOD, and possibly other countries are currently studying design for new energy weapons that can direct EMP against enemy computers.

After reading the EMP article, discuss with your classmates your opinion about the likelihood of an EMP attack by an adversary, or the likelihood of a Solar Flare that could permanently damage much of our sensitive electronic infrastructure equipment.

Answer these questions:

(1) to what degree should US policy makers should be concerned about a high-effect, low-probability EMP attack, or a powerful Solar Weather event?
(2) describe measures that may mitigate damage to the US power grid; and
(3) measures individuals can take to mitigate the consequences to their personal electronic equipment.


Topic 4: Penetration Testing & Vulnerability Assessments

As new technology becomes adopted by organizations, standards must also adapt to meet the change. What new standards should be adopted for penetration testing to assess vulnerability for mobile devices in the growing BYOD (Bring Your Own Device to work) environment?