Description
Communication and Network Security
Network security depends on the extent to which the network architecture and design mitigates risk. Cybersecurity practitioners need to have an understanding of the Open Systems Interconnection (OSI) Model and the Transmission Control Protocol/Internet Protocol (TCP/IP). These multilayer protocols within the OSI Model and TCP/IP conceptually represent different functionality within the network architecture and tend to be vendor-neutral to support compatibility and standardization. These models serve as guides and are generalized to support numerous applications and use cases.
Figure 3
The Open Systems Interconnection (OSI) Model
As business models evolve and advances in technology occur, security standards and implementation also need to change dynamically. Security management principles are applied iteratively with the security practitioner maintaining continued awareness of the latest threats and vulnerabilities. Security attacks committed by nefarious actors also become more evolved in technique and target, having implications for reviewing and renewing security protocols and policies within an organization regularly. The ubiquitous nature of the Internet, the prevalence of data sharing, and the need to remain competitive in a global economy serve to drive advances in criminal cybersecurity behavior to thwart detection and the need to remain vigilant in the cybersecurity industry.
Intrusion detection systems (IDS) are used to limit the number of false positives (flagging network activity suspicious when the traffic is normal) and limit the number of true positives of undesirable network traffic that are missed in the process. An important fact must be considered. Lowering thresholds for recognizing traffic patterns can allow the suspicious activity to go unrecognized. Network security personnel spend time tuning the system to learn the traffic patterns in the network. In doing this, a normal pattern can be established and then compared to a difference in pattern, presumed to be suspect when detected until proven otherwise. The ultimate goal of the security personnel is to achieve balance cost-effectively and securely.
Security Awareness
Organizations employ a variety of individuals who hold different roles. All employees must recognize that people are often considered the weakest link within an organization. Offering a security awareness training program is a useful tool for educating employees about the risk of accidentally or intentionally engaging in behavior that can threaten the security of information systems. Each functional area in the organization is critical to the business being able to accomplish its mission and goals. Having an integrated plan for security awareness and training permits the employees to assess the level of security knowledge, identify gaps in understanding, and provide remediation through the creation of policy and procedure. An organizational culture that maintains security awareness understands that not having a cyber defense is the supreme example of vulnerability. Attackers know that some organizations lack security awareness or consistency in implementing and maintaining adequate security protocols. Culturally, the organization must engage in normal practice as though the worse case security breach scenario is possible.
Weekly Resources and Assignments
Review the resources from the Course Resources link, located in the top navigation bar, to prepare for this weeks assignments. The resources may include textbook reading assignments, journal articles, websites, links to tools or software, videos, handouts, rubrics, etc.
Week 4 – Assignment: Design a Security Awareness and Training Program
Assignment
Due March 13 at 11:59 PM
Using the NIST Cybersecurity Framework and the organizational knowledge gained in the prior assignments, apply the Protect function to design a Security Awareness and Training Program. Specifically, the training should educate all staff on the need to secure network components to ensure network security for all hardware, software, and business functions that could be impacted.
The training program should include the following from the IT Security Learning Continuum:
- Education describe the level of education and professional development that is needed for staff who manage cybersecurity operations in the organization.
- Training describe each competency area of focus and the intended user audience.
- Awareness describe each topic to be included in each awareness session or material for distribution.
- Using the link to the NIST SP 800-50 document found in weekly resources as a guide, specifically Section 3 “Designing an Awareness and Training Program”, select Model 1, Model 2, or Model 3 to structure your program, and then, justify why this model is best aligned with the needs of the organization.
- Describe how the program supports relevant governance, risk, and compliance strategies and policies for improving information security within the organization.
- Justifications for each recommendation should be supported by the NIST CSF and other industry-accepted standards.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistsp…
COMMUNICATION AND NETWORK SECURITYNetwork security depends on the extent to which the network architecture and design mitigates risk. Cybersecurity practitioners need to have an understanding of the Open Systems Interconnection (OSI) Model and the Transmission Control Protocol/Internet Protocol (TCP/IP). These multilayer protocols within the OSI Model and TCP/IP conceptually represent different functionality within the network architecture and tend to be vendor-neutral to support compatibility and standardization. These models serve as guides and are generalized to support numerous applications and use cases.Figure 3The Open Systems Interconnection (OSI) ModelAs business models evolve and advances in technology occur, security standards and implementation also need to change dynamically. Security management principles are applied iteratively with the security practitioner maintaining continued awareness of the latest threats and vulnerabilities. Security attacks committed by nefarious actors also become more evolved in technique and target, having implications for reviewing and renewing security protocols and policies within an organization regularly. The ubiquitous nature of the Internet, the prevalence of data sharing, and the need to remain competitive in a global economy serve to drive advances in criminal cybersecurity behavior to thwart detection and the need to remain vigilant in the cybersecurity industry.Intrusion detection systems (IDS) are used to limit the number of false positives (flagging network activity suspicious when the traffic is normal) and limit the number of true positives of undesirable network traffic that are missed in the process. An important fact must be considered. Lowering thresholds for recognizing traffic patterns can allow the suspicious activity to go unrecognized. Network security personnel spend time tuning the system to learn the traffic patterns in the network. In doing this, a normal pattern can be established and then compared to a difference in pattern, presumed to be suspect when detected until proven otherwise. The ultimate goal of the security personnel is to achieve balance cost-effectively and securely.Security AwarenessOrganizations employ a variety of individuals who hold different roles. All employees must recognize that people are often considered the weakest link within an organization. Offering a security awareness training program is a useful tool for educating employees about the risk of accidentally or intentionally engaging in behavior that can threaten the security of information systems. Each functional area in the organization is critical to the business being able to accomplish its mission and goals. Having an integrated plan for security awareness and training permits the employees to assess the level of security knowledge, identify gaps in understanding, and provide remediation through the creation of policy and procedure. An organizational culture that maintains security awareness understands that not having a cyber defense is the supreme example of vulnerability. Attackers know that some organizations lack security awareness or consistency in implementing and maintaining adequate security protocols. Culturally, the organization must engage in normal practice as though the worse case security breach scenario is possible.WEEKLY RESOURCES AND ASSIGNMENTSReview the resources from the Course Resources link, located in the top navigation bar, to prepare for this weeks assignments. The resources may include textbook reading assignments, journal articles, websites, links to tools or software, videos, handouts, rubrics, etc.Week 4 – Assignment: Design a Security Awareness and Training ProgramAssignment Due March 13 at 11:59 PMUsing the NIST Cybersecurity Framework and the organizational knowledge gained in the prior assignments, apply the Protect function to design a Security Awareness and Training Program. Specifically, the training should educate all staff on the need to secure network components to ensure network security for all hardware, software, and business functions that could be impacted.The training program should include the following from the IT Security Learning Continuum:Education describe the level of education and professional development that is needed for staff who manage cybersecurity operations in the organization.Training describe each competency area of focus and the intended user audience.Awareness describe each topic to be included in each awareness session or material for distribution.Using the link to the NIST SP 800-50 document found in weekly resources as a guide, specifically Section 3 “Designing an Awareness and Training Program”, select Model 1, Model 2, or Model 3 to structure your program, and then, justify why this model is best aligned with the needs of the organization.Describe how the program supports relevant governance, risk, and compliance strategies and policies for improving information security within the organization.Justifications for each recommendation should be supported by the NIST CSF and other industry-accepted standards.Length: 5 to 6-page paperReferences: Use the weekly resources to support your assignment.The completed assignment should address all of the assignment requirements, exhibit evidence of concept knowledge, and demonstrate thoughtful consideration of the content presented in the course. The writing should integrate scholarly resources, reflect academic expectations and current APA standards, and adhere to Northcentral University’s Academic Integrity Policy.this is all week 4
Week 4 – Assignment: Design a Security Awareness and Training Program Previous Next InstructionsUsing the NIST Cybersecurity Framework and the organizational knowledge gained in the prior assignments, apply the Protect function to design a Security Awareness and Training Program. Specifically, the training should educate all staff on the need to secure network components to ensure network security for all hardware, software, and business functions that could be impacted.The training program should include the following from the IT Security Learning Continuum:Education describe the level of education and professional development that is needed for staff who manage cybersecurity operations in the organization.Training describe each competency area of focus and the intended user audience.Awareness describe each topic to be included in each awareness session or material for distribution.Using the link to the NIST SP 800-50 document found in weekly resources as a guide, specifically Section 3 “Designing an Awareness and Training Program”, select Model 1, Model 2, or Model 3 to structure your program, and then, justify why this model is best aligned with the needs of the organization.Describe how the program supports relevant governance, risk, and compliance strategies and policies for improving information security within the organization.Justifications for each recommendation should be supported by the NIST CSF and other industry-accepted standards.Length: 5 to 6-page paperReferences: Use the weekly resources to support your assignment.The completed assignment should address all of the assignment requirements, exhibit evidence of concept knowledge, and demonstrate thoughtful consideration of the content presented in the course. The writing should integrate scholarly resources, reflect academic expectations and current APA standards, and adhere to Northcentral University’s Academic Integrity Policy.When applicable, conduct a Turnitin pre-check and then upload your completed assignment and click the Submit to Dropbox button.
thiis is what is on the linkWeek 4 – Assignment: Design a Security Awareness and Training ProgramPrevious Next InstructionsUsing the NIST Cybersecurity Framework and the organizational knowledge gained in the prior assignments, apply the Protect function to design a Security Awareness and Training Program. Specifically, the training should educate all staff on the need to secure network components to ensure network security for all hardware, software, and business functions that could be impacted.The training program should include the following from the IT Security Learning Continuum:Education describe the level of education and professional development that is needed for staff who manage cybersecurity operations in the organization.Training describe each competency area of focus and the intended user audience.Awareness describe each topic to be included in each awareness session or material for distribution.Using the link to the NIST SP 800-50 document found in weekly resources as a guide, specifically Section 3 “Designing an Awareness and Training Program”, select Model 1, Model 2, or Model 3 to structure your program, and then, justify why this model is best aligned with the needs of the organization.Describe how the program supports relevant governance, risk, and compliance strategies and policies for improving information security within the organization.Justifications for each recommendation should be supported by the NIST CSF and other industry-accepted standards.Length: 5 to 6-page paperReferences: Use the weekly resources to support your assignment.The completed assignment should address all of the assignment requirements, exhibit evidence of concept knowledge, and demonstrate thoughtful consideration of the content presented in the course. The writing should integrate scholarly resources, reflect academic expectations and current APA standards, and adhere to Northcentral University’s Academic Integrity Policy.When applicable, conduct a Turnitin pre-check and then upload your completed assignment and click the Submit to Dropbox button.