Question One: Explain cyber threats, analysis, discovery, and solutions as they correlate to cyberspace as a war-fighting domain.
Due to the growing usage of cyberspace as a platform for cyberwarfare, organizations increasingly become vulnerable to the threat of attacks. A threat refers to any harmful action that utilizes the opportunity, created by weaknesses in the security of a system (Shackelford, Proia, Martell, & Craig, 2015). In a network, threats arise from malicious acts from either internal or external sources. Threats mainly originate from human beings who target an organization and its system. Their intention is to harm or disrupt a system, which occurs in the context of cyberspace as a war-fighting domain, whereby some agents, such as terrorists, may want to disrupt services in an organization.
Due to the presence of various cyberspace threats, organizations need to perform a cyber threat analysis due to the high risk of attacks. The analysis of threats implies the process that matches a firm’s internal and external vulnerabilities against real-world cyber-attacks (Shackelford et al., 2015). Such an analysis acts as a proactive measure against the threat of attacks as it helps maximize the protective ability of the organization’s systems. Analysis leads to threat discovery, which implies the identification of the attack path or the vulnerabilities that attackers can exploit to gain access to the firm’s network with the intention of causing damage or disruption to these networks. Therefore, this discovery lays a foundation for remedial measures.
Having discovered threats, organizations need to develop appropriate solutions that will allow them to address their vulnerability to attack. A solution means a professional computer-engineered service, architecture, or critical technology that enhances the security of a firm (Shackelford et al., 2015). Enhancing security implies sealing the technical loopholes or vulnerabilities that have been identified in the system. Consequently, the solution makes it hard for intruders to gain access into an organization’s system. In this regard, the firm is able to keep intruders away from its systems, which ensures the safety of organizational data.
Question Two: Cyber risk management strategies are everyone’s responsibility. List six steps of a cyber risk management strategy.
A risk management strategy has six steps, or phases, each of which is equally important in managing security in an organization. The first phase involves a series of actions, for example, the establishment of a committee or a team that presupposes the selection of people who represent all stakeholders in a firm. These professionals have a great understanding of the business value of data, systems, processes, and services in a firm. Next, the team is informed about policy, legal, regulatory, security privacy, and other operational requirements (Chabinsky, 2016). The third step is the identification of security and business assumptions and constraints. For instance, the latter are deadlines, budget approvals, and legal mandates, while assumptions are organizational judgment on whether the majority of employees are law-abiding or loyal. Such a judgement needs periodic reviews. Fourthly, the committee must communicate the cyber risk decisions in a simple and clear language. The committee must broadcast the risk priorities, tolerance, and governance. The management must also adopt a formal risk tolerance statement that highlights the major risk categories, which shows the organization’s appetite for forgoing opportunities or accepting harm. Consequently, strategy is built during this phase.
After all steps have been covered, the committee implements the cyber risk management strategy. Cyber risk management must be perceived as an element of the enterprise risk management. The management must ensure that the general framework that an organization uses for the identification, prioritization, acceptance, and communication of risks is the same at the enterprise level and the management of information technology systems (Chabinsky, 2016). Furthermore, there is the management, measurement, review, and modification of the strategy. The implication here is that any security strategy might have deficiencies, which will require a periodic revision. In this regard, the major aim here is to make the strategy work while assessing it and improving its weaknesses.
Read also: Cybersecurity and PayPal
Question Three: Is the study of cyber threats, analysis, discovery, and solutions limited by any domestic or global jurisdictions? Explain.
Domestic and global jurisdictions have a great influence on the study of cyber threats, analysis, discovery, and solutions. Jurisdictional fragmentation, which has led to the division of the world into various national territories, does not agree with the global nature of cyberspace (Iasiello, 2014). Jurisdiction relates to the national sovereignty, which is an exclusive responsibility of a state over its territory and citizens, based on the idea of sovereignty. This situation locks out the extra-jurisdictional involvements of other parties or states in such aspects. Sovereign equality of states is the provision of the rules of customary international public law; therefore, no state can claim sovereignty over cyberspace, which means none of them has the ability to perform its study or introduce effective regulations regarding its use. At the same time, countries may give their residents different levels of freedom, which making it difficult to have a uniform classification of threat across the world (Iasiello, 2014). Concerning the issues of jurisdiction, it is clear that the cooperation between countries in the study of cyber security issues is necessary.
National jurisdictions make it hard to assert any jurisdiction over conduct that may originate anywhere in the world. The phenomenon of cyberspace is not subject to traditional rules that operate in geographical location setting. In this regard, a cybercrime that originates from country A and causes harm in country B may have jurisdictional constraints due to the sovereignty issues between the two countries. The cooperation of the two countries might be needed in the study as well as response to actions that involve cyber threats due to their cross-border nature (Iasiello, 2014). The study of cyber threats may involve forensic operations that might require the involvement of detectives. Such a scenario presupposes the existence of a trans-border mechanism, such as mutual legal assistance or cooperation between scholars, which is not so easy due to jurisdiction constraints. Therefore, due to jurisdictions, the study of cyber threats that involve one or more countries is hampered.