Author Archives: StasyHsieh

Introduction This article introduces the idea of collective action to improve cybersecurity at the industry level, focusing on how organizations that provide internet services to third parties cooperate to enhance security. 1. The Role of Internet Service Providers in Cybersecurity: • Organizations that supply internet services are critical players in the cybersecurity ecosystem. These include platform providers like Microsoft, Apple, Facebook, and Google, as wellContinue reading “Cybersecurity and the Supply Side: Industry Self-regulatory Efforts”

Introduction This article delves into four key American laws that directly affect the management of an organization’s information security resources. These laws are essential for cybersecurity managers to understand, as they dictate compliance procedures and safeguard requirements for handling sensitive information, depending on the sector in which an organization operates. The laws covered are FISMA, Sarbanes-Oxley (SOX), HIPAA, and GDPR, withContinue reading “Compliance with Information Laws: Organizational Security Policies”

Introduction This article continues exploring network defense tools and covers strategies for defending against distributed denial of service (DDoS) attacks, utilizing the Domain Name System (DNS) for security, and leveraging cloud services to improve security functions. The lesson provides insight into both defensive techniques and the integration of security into cloud and web-based services. 1. Distributed Denial of Service (DDoS) Attacks: • DDoSContinue reading “Tools for Network Defense 2: Organizational Security Policies”

Introduction This article focuses on the technical tools used to defend an organization’s networks and information resources. The lesson covers firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and network segmentation as critical elements of network defense. The goal is to familiarize learners with the key concepts and functionalities of these tools to prepare them for more specialized training or practicalContinue reading “Tools for Network Defense 1: Organizational Security Policies”

Introduction This article provides an in-depth overview of the NIST Cybersecurity Framework. It highlights the structure of the framework, its components, and how organizations can use it to assess and improve their cybersecurity maturity. The NIST framework is emphasized because it is freely available and widely adopted, incorporating references to many other cybersecurity standards and frameworks.Continue reading “The NIST Cybersecurity Framework: Organizational Security Policies”

Introduction This article introduces the concept of security policies at the organizational level and explains how they differ from public policy. The focus is on preparing learners for developing a security policy for an organization. Key Points: 1. Definition of a Security Policy: • A policy articulates goals and objectives that guide decision-making and behavior in an organization. • Policies typically take the form ofContinue reading “What are Security Policies? Organizational Security Policies”

Introduction This article provides an introduction to five major information security policy frameworks that are commonly used by organizations to guide their cybersecurity strategies. These frameworks, developed by professional associations and standard organizations, help organizations create robust security policies and optimize the management of cybersecurity risks. 1. COBIT (Control Objectives for Information and Related Technologies): • Developed by:Continue reading “Security Policy Frameworks: Organizational Security Policies”

Introduction This article explores cybersecurity insurance and its role in managing cyber risks. The discussion covers how insurance can incentivize companies to improve their cybersecurity, the evolution of cyber insurance, and challenges facing the market. Key Topics: 1. Cybersecurity Insurance as Risk Management: • Insurance is a form of risk management that organizations can use to buffer against cyber risks.Continue reading “Cybersecurity Insurance: Organizational Security Policies”

Introduction This article focuses on cybersecurity risk analysis, explaining how organizations can assess and mitigate risks. It begins by discussing the probabilistic nature of risk, emphasizing that no system is completely secure. Risk is a function of two components: impact (the damage caused by an event) and likelihood (the probability of the event occurring). Key Concepts: 1. Risk Grid: • The lessonContinue reading “Cybersecurity risk analysis: Cybersecurity in the Organization”

1. Introduction The article focuses on cybersecurity at the organizational level by analyzing two significant cyber attacks: the Equifax breach and the SolarWinds attack. 1. Equifax Breach (2017): • A vulnerability in Apache Struts 2 allowed remote attackers to execute arbitrary code on the servers, which compromised the data of 145 million individuals, including SocialContinue reading “Case Studies: Cybersecurity in the Organisation”