CMP 610 Step 1: Review the Assigned Organization All four projects for this course will be completed from the vantage point of a specific industry and an organization assigned to you by the instructor

CMP 610 Step 1: Review the Assigned Organization

All four projects for this course will be completed from the vantage point of a specific industry and an organization assigned to you by the instructor. If you do not know your assigned organization, contact your instructor immediately. If you want to use another organization than the one assigned you or one not listed, contact your instructor as well.

Familiarize yourself with the organization and breach your instructor has assigned by reviewing the details at https://www.databreaches.net/. The descriptions include an overview and key information about the organization on the internet, as well as information about a breach or attempted breach. For the purposes of this course, you will assume this organization is your employer.

You may wish to briefly research your assigned organization to gather additional information about the organization and its security posture.

Career Connections

The breach you have been assigned is a matter of historical fact. Your scholarly research into this matter can and should inform your approach to cybersecurity management. Your ability to fluently converse on past cyber breaches is one way of demonstrating to potential employers that you have the necessary knowledge, skills, and abilities to be a valuable addition to their team. Take notes as you read about this breach—feel free to search for other major breaches—and pay attention to the mistakes that were made that and what actions were taken afterward. As a part of the interview process, you might be asked to apply this knowledge to a new situation.

You will use this information throughout the project as you work to develop a security plan for your organization.

In the next step, you will compile a cybersecurity overview.

In Step 1, you familiarized yourself with your assigned organization. Now, it is time to write a cybersecurity overview. Write a three-page background summary that includes a general overview of cybersecurity and a section on enterprise cybersecurity.

Include the following items in the general overview of cybersecurity:

• Compare and contrast cybersecurity and computer security.
• Discuss data flows across networks. As part of this discussion, it may help to review the following topics: binary digits, nontextual data, ASCII, hexadecimal, computer networks, network devices and cables, and network protocols.
• Discuss basic cybersecurity concepts and vulnerabilities, including flaws that can exist in software. As part of this discussion, it may help to review the following topics: systems, utilities, and application software, software, interaction of software, and creating a program.
• Discuss common cybersecurity attacks. Helpful topics include protocols, web sessions, and security issues, servers and firewalls, a closer look at the World Wide Web and web markup language, cyberattacks, and attack vectors.
• Discuss penetration testing.
• Discuss how to employ network forensic analysis tools (NFAT) to identify software communications vulnerabilities.

Include the following items in the enterprise cybersecurity section:

• List and discuss the major concepts of enterprise cybersecurity, including confidentiality, integrity, and availability (CIA)
• Discuss the principles that underlie the development of an enterprise cybersecurity policy framework and implementation plan.
• List the major types of cybersecurity threats that a modern enterprise might face.

You will attach this cybersecurity background summary to the security assessment in a later project step.