Scenario 1: In an enterprise environment with 10,000 IT assets and Internet connectivity, no log aggregation/reporting/visualization system is in place. Logging is correctly configured on all individual workstations and servers but is not forwarded anywhere due to the lack of centralized logging infrastructure.

Cybercriminals are constantly looking to exploit an organization’s security vulnerabilities. While these individuals may be having different motives for these actions, they all pose a significant threat to the enterprise’s cybersecurity (Dey et al., 2018). Protecting an organization's network against modern threats recognizes the different vulnerabilities, which may compromise the networks and secure those flaws before malicious actors can exploit them. An organization with thousands of IT assets and devices can cause serious harm to the enterprise and device owners (Dey et al., 2018). The vulnerabilities include the device and its applications, compromised websites, wireless connections, users and service providers (Dey et al., 2018).

Based on this environment, the security risk level is very high since thousands of IT assets have internet connectivity in the organization. A compromised website can jeopardize users' data by being the source of drive-by downloads of malware and phishing attacks. If not securely encrypted, wireless networks often pass sensitive data that, when exposed, can affect users' lives and impact an organization's reputation. Wireless networks can also transmit and install malware on vulnerable devices. In order to prevent malicious individuals from exploiting all these IT assets, IT experts in the organization must install antimalware solutions on all the devices (Dey et al., 2018). Also, it is recommended to use encryption on the company’s networks to prevent cybercriminals' interception.

Scenario 2: In a closed, restricted network with no external connectivity, the sole IT asset is a Windows 10 workstation. This workstation does not use multi-factor authentication, but password complexity requirements are enforced as follows: password length - 8 characters and at least one special, uppercase, lowercase, and numeric character. Physical access to the workstation is strictly controlled and behind multiple layers of security. Multi-factor authentication is a DoD-mandated requirement.

Cybercriminals often seek to take advantage of any vulnerabilities existing within the operating system (OS) or the application software running on the victims' computer. These vulnerabilities allow worms and other viruses to penetrate the victim's machine and launch themselves. Vulnerabilities are effectively errors in the code within the operating system (Kinai et al., 2020). Since modern OS such as Windows 10 are very intricate and include much functionality, it is difficult for a vendor's development team to develop software free from errors. Unfortunately, thousands of cyber criminals readily devote a considerable amount of effort in attempts to benefit from these OS vulnerabilities. CodeRed, Sasser and Slammer are examples of worms known to exploit vulnerabilities in the Windows OS.

However, based on this IT environment, the level of security risk is low. Despite lacking multi-factor authentication (MFA), individuals using the closed, restricted network workstation have adopted password complexity requirements to prevent getting compromised. Moreover, physical access to the workstation is behind multiple layers of security and is strictly controlled, ensuring more security to the local network, which has no external security (Kinai et al., 2020). The organization should implement antivirus and antimalware programs to fortify the Windows OS environment further. These programs alert an organization's IT department on possible threats to a network. Vendors swiftly rectify Flaws found on OSs by developing a software patch. Therefore, the cybersecurity team in this organization must seek to install these patches to prevent cybersecurity risks (Mostovich et al., 2017).

Scenario 3: A moderately-sized network of 40 users does not have a documented and approved procedure in place for creating/deleting/modifying user accounts and adding/removing/modifying account privileges. This network has Internet connectivity, and most users have administrative rights on their local workstations. Based on the on-site review, it seems as though accounts are well-managed through Active Directory, and no unauthorized permissions/accounts were found. However, there was no documented procedure to ensure they were following relevant guidance.

Safeguarding user accounts and assisting counter the abuse of privileged accounts is imperative for any cyber-secure network. User accounts, especially those with special access prerogatives such as admin accounts, must only be allocated to authorized persons, controlled efficiently, and render a certain level of access to networks, applications, and devices (Mostovich et al., 2017). Access controls verify and approve people to get data that they are allowed to use and see. The vulnerabilities in this network are that the organization has no documented and approved procedure for creating or modifying user accounts and privileges, and most users have administrative rights on their local workstations.

Based on this organization’s IT setting, the level of security risk is very high due to the lack of access control features and unrestricted internet access. Authentication is a method used to verify individuals; however, authentication is not sufficient by itself to safeguard data (Schlegel & Amthor, 2020). Authorization is an extra layer needed to determine if a user could obtain the data or execute the attempted transactions. Also, any enterprise whose workforce connects to the web requires some form of access control. Many IT professionals recognize the importance of access control to an enterprise. However, to be fully effective, Schlegel & Amthor (2020) argue that access control needs to implement resolute strategies in a progressive IT world without conventional limitations.

OUTLINE:

Cyber Security Engineer Interview

Scenario 1:

1. Cybercriminals are constantly looking to exploit an organization’s security vulnerabilities
2. Based on this environment, the security risk level is very high since thousands of IT assets have internet connectivity in the organization.
3. It is recommended to use encryption on the company’s networks to prevent cybercriminals' interception.

Scenario 2:

4. Cybercriminals often seek to take advantage of any vulnerabilities existing within the operating system (OS) or the application software running on the victims' computer
5. However, based on this IT environment, the level of security risk is low.
6. The cybersecurity team in this organization must seek to install these patches to prevent cybersecurity risks.

Scenario 3:

7. Safeguarding user accounts and assisting counter the abuse of privileged accounts is imperative for any cyber-secure network.
8. Based on this organization’s IT setting, the level of security risk is very high due to the lack of access control features and unrestricted internet access.
9. However, to be fully effective, access control needs to implement resolute strategies in a progressive IT world without conventional limitations.