1. After a cyber attack, the organizational decision making and re.docx

1. After a cyber attack, the organizational decision making and
response to the attack is critical to getting the organization
through the incident and back to normal business after the
attack. Please review and discuss the actions management
should take prior to a cyber attack. Include in your discussion
an overview of crisis management and the role it plays in
recovery.
2. Business continuity plans (BCP) describe processes and
procedures that an organization activates for any threat or issue
that may prevent the organization from carrying on normal
business. Examples include cybersecurity attacks, fire, flood,
and other business disruption causes. Describe and discuss the
main components of a BCP.
3. In traditional warfare, attacking communications and
command and control functions are integral to victory.
Attacking the systems that are the conduit of those critical
functions are equally integral to victory. Discuss three offensive
cyber attack technologies and when they should be deployed.
4. Within the US Government, no single department or agency
has the ultimate responsibility for securing or responding
against cyber attacks. Discuss an approach to building a
coordination and collaboration comprehensive strategy across
the federal government to reduce cyber security attacks.
UMUC, 2014. ( CSEC670)
http://tychousa1.umuc.edu/CSEC670/1206/csec670_04/assets/cs
ec670_04.pdf
UMUC
Cybersecurity Capstone

CSEC670
© UMUC 2012 Page 1 of 38
Contents
Topic 1: Scenario
...............................................................................................
.............................. 2
Scenario: The Christmas Fiasco
...............................................................................................
... 2
Topic 2: Module Introduction
...............................................................................................
............ 4
Topic 3: Decision Making in Response to Cyberattacks
................................................................. 5
The Decision-Making Process
...............................................................................................
...... 5
Determining the Appropriate Response
....................................................................................... 6
Crisis Management
...............................................................................................
....................... 7
The Elements of a Business Continuity Plan
............................................................................. 10
The Business Continuity Planning Process
............................................................................... 12
The Business Impact Analysis
...............................................................................................
.... 16
Activity: You Decide!
...............................................................................................

................... 20
Topic 4: Offensive Cyberattack Technologies
............................................................................... 23
Offensive Cyberattack Technologies
......................................................................................... 23
Topic 5: Organizations: Roles and Responsibilities
...................................................................... 26
Federal Government Roles and Responsibilities
....................................................................... 26
Use of Military Organizations and Assets
.................................................................................. 28
Role of the Private Sector
...............................................................................................
........... 30
Role of International
Organizations..........................................................................
.................. 32
Topic 6:
Summary.................................................................................
......................................... 36
Glossary
...............................................................................................
.......................................... 38
UMUC
CSEC670

Topic 1: Scenario
Scenario: The Christmas Fiasco
Executing the Response to a Cyberattack
CSEC670—Module 4
The Christmas Fiasco
Crazy Steve's is an online electronics store based in New York
City. The business has
an excellent reputation based on the variety of products it offers
and its commitment to
excellent customer service. The Christmas season is the busiest
time of year for the
company. However, this year the company faced some problems
with its order fulfillment
system. The system incorrectly bypassed the normal order
fulfillment programs and
shipped 200 orders without receiving any payment for them. Is
this just a system glitch,
or were cybercriminals at work?
Disclaimer: The storyline and characters in this part of the
module are fictitious and were developed for the
purposes of this course. No association with any real person,
places, or events is intended or should be
inferred.
Scenario
Scene 1

Stephan Jones has been the Chief Information Security Officer
(CISO) at Crazy Steve's
for more than two years. The financial impact of the security
incident involving the fake
orders has put a lot of pressure on Stephan to ensure that such
an incident is not
repeated.
Scene 2
Stephan discusses the incident with his colleagues: Jamie, from
the IT Department;
Rory, from the Finance Department; Darren, from Customer
Service; and others.
Here is a transcript of the conversation.
Jamie: Did you know that our competitors have nicknamed the
recent security incident
"the Christmas Fiasco?"
Stephan: This is the first time in two years that I've had to deal
with an incident worse
than a virus outbreak.
Stephan: So far, we've only had to deal with minor issues like
employees surfing the
Internet at work.
Rory: None of those incidents caused any major damage to the
company's reputation.
The financial damage was also insignificant. This is different.
Darren: This incident has raised some serious concerns among
our customers. We've
seen a significant decline in the number of visitors to the Web
site and we are receiving

fewer orders.
Jamie: We really need to find out why the system processed and
shipped those orders.
UMUC
CSEC670
Stephan: That's not all. We also need to ensure that such an
incident never occurs
again. If it does, we need to be better-prepared.
Scene 3
Stephan's investigation shows that cybercriminals infiltrated the
company's servers,
entered fake orders directly into the shipping system. Using this
technique they were
able to completely bypass the order entry and payment modules
of the company's ERP
system. After the Christmas security incident, Stephan realizes
that Crazy Steve's entire
system will need to be updated to prevent similar incidents from
happening in the future.
Scene 4
One of the main challenges that Stephan now faces is to
persuade top management to
execute vital changes. He has to convince Chief Information
Officer (CIO) Jonathan

Kessler that he needs a larger budget to keep up with the
organization's adoption of new
technologies as well as the changing threat environment.
Scene 5
In the past, Stephan has not had much luck convincing Jonathan
to increase funding for
his department. Stephan believes that company executives do
not focus on
cybersecurity because their profits are generated by other
sectors of the business.
Nevertheless, Stephan keeps pushing for a larger budget. He
feels the company is quite
unprepared for a sophisticated attack on its IT systems and
infrastructure.
Scene 6
After a lot of hard work, Stephan manages to get his point
across to Jonathan. Together,
they decide to form an internal incident response team to
prepare for potential future
security incidents at Crazy Steve's and ensure business
continuity.
UMUC
CSEC670
Topic 2: Module Introduction

Whether they are customers buying goods online, tellers in a
bank, or cashiers at a gas
station, individuals are critically dependent on the systems and
infrastructures with which
they work. The impact and dependencies of a health care
provider or a military service
member deployed overseas are even more critical.
Executing the response to a cyberattack is an important
responsibility of every person
within an organization, as a potential attack can come from any
place, anywhere, and at
any time. The process of dealing with cyberattacks includes
prevention, defense,
detection, recovery, and finally, the response to an attack.
Every government agency and private business has a different
matrix of cyberthreats
and vulnerabilities. For example, the vulnerability matrix for
the U.S. Department of
Defense will not be the same as that of a bicycle manufacturer.
The final element of
response may be different, depending on the organization
attacked and the type of
attack.
This module will examine how the response to a cyberattack is
executed. It will also
examine factors to consider when developing a response plan,
the process involved in
implementing a response plan, disaster recovery, and business
continuity planning.

UMUC
CSEC670
The Decision-Making Process
The decisions made by Crazy Steve's management and the
incident response team are
critical, and they will play an important role in getting business
back to normal after the
attack. The stakeholders at Crazy Steve's, which include the
technical staff and the
business leadership, need to work together to address the
security incident. In this case,
the company stakeholders decide to have the delivery company
return the shipment of
200 orders.
Response to a Cyberattack
Cyberattacks may vary from a denial of service to outright theft.
Regardless of the type
of attack, organizations should compartmentalize, manage, and
mitigate risks after the

attack to the fullest extent possible to avoid additional damage.
The process for most organizations includes prevention,
defense, detection, recovery,
and finally, the response to a cyberattack. In order to achieve
success, members of the
organization must work together to make the right decisions for
the enterprise. As in the
case of Crazy Steve's, most companies' responses will include
remediating and
mitigating the risk exposed by the attack.
UMUC
CSEC670
Determining the Appropriate Response
Response to a Cyberattack
A business continuity and disaster recovery plan helps
companies to deal effectively with
threats and disasters, including cyberthreats and security
incidents. A well-developed
plan will identify the potential threats to the company, and

provide adequate support for
prevention and recovery in the event of an incident.
A critical element in the process of business continuity planning
is determining the
appropriate response to a cyberattack. Cyberattacks may include
the destruction or
modification of system configurations or data, unauthorized
system access, or attempts
to penetrate technologies and systems. If incidents of this type
occur, critical data can be
compromised, causing enterprise-wide system failures that may
impact the business.
Role of Leadership
The main responsibility of a company's leadership when a
cyberattack occurs is to
protect confidential information and information systems, while
at the same time
restoring business continuity. At Crazy Steve's, the leadership's
ultimate objective is to
mitigate the damage to customers, their data, and the enterprise
through isolation of the
incident while restoring critical business systems, and maintain
the integrity of the
organization.
Advance Planning
Advance planning is a key element of any response to a
cyberattack. Stephan,
Jonathan, and selected members of their team have determined
roles and
responsibilities for evaluation, response, and management of
future attack-related
events. They have also developed steps and guidelines that

employees will adhere to for
reporting and escalation of duties if another attack occurs.
Designating Members
Team members of the leadership team have been identified and
assigned duties. The
process has been mapped out with a clear designation of who
will declare the
occurrence of an event and who will begin the overall business
continuity and
resumption plan. Once the declaration is made, selected
members of the organization
will begin their tasks and address the damage while restoring
critical system
components.
Proper Training of Team Members
Extensive training sessions and workshops have been
implemented to ensure that staff
members with critical responsibilities and expertise across the
enterprise are properly
trained to respond immediately and fulfill their duties.
Regular Testing with Simulations
Training simulations and drills will be conducted to continually
evaluate the incident
response team's reactions to emergency situations. Only by
testing practices before an
emergency occurs will management be able to evaluate whether
the practices align with
the organization's overall business resumption strategies.
UMUC

CSEC670
Crisis Management
For effective crisis management in the event of a cyberattack,
organizations should
determine in advance the staffing of the crisis management team
and determine the
steps and processes for a responsible crisis management
approach. The crisis
management team normally leads activities that are part of the
business continuity plan.
Crisis Management Team
The crisis management team will lead all activities as well as
coordinate with dependent
departments such as utilities, infrastructure, and emergency
communications
management. The crisis management team normally includes
members from various
key departments throughout the enterprise. The members of
Crazy Steve's crisis
management team are listed here.
Name Designation Department

Role
1 Shara
Vandivort
President Executive/Senior
Management
The executive/senior
management members
are responsible for top-
level critical and strategic
decision making for the
enterprise.
2 Jonathan
Kessler
Chief
Information
Officer
IT Management The IT management
members are responsible
for tactical and strategic
implementation and
protection of critical
systems, system security,
remediation, and system
or infrastructure
continuity operations.
3 Lesley
Ruthers

Vice President
of Facilities
Management
Facilities
Management
The facilities
management members
are responsible for
physical infrastructure,
physical security, and
logistics.
4 Garrett
Westerling
Vice President
of Human
Resources
Human Resources The Human Resources
Department is
responsible for
personnel, staffing
issues, and travel.
UMUC

CSEC670
Name Designation Department
Role
5 Sara Chang Vice President
of
Communications
Communications
and Public Relations
The Public Relations
Department is
responsible for internal
and external
communications,
including media contact.
6 Norman
Calwell
Chief Financial
Officer
Finance and
Accounting

The Finance and
Accounting Department
is responsible for critical
financial decisions as
well as funds
disbursement.
7 Andre
Parker
Vice President
of Risk
Management
Risk Management The risk management
members are responsible
for internal and external
evaluation of potential
risks and exposure
areas.
8 Perry
Prichett
General
Counsel
Legal The Legal Department is
responsible for counsel
and guidance regarding
legal issues.

9 Sharon
Murphy
Vice President
of Compliance
Compliance The Compliance
Department is
responsible for internal
and external assurance
that the organization is
conforming to laws and
regulations affecting the
industry.
10 Jerry Kripke Chief Operating
Officer
Operations The operations area
covers other parts of the
organization that may not
be included above, but
are critical to the
functioning of the
organization.

UMUC
CSEC670
Responsibilities
A strong crisis management team, with team members who have
the skills to perform
their duties, makes plans well in advance of an event. In
addition, an effective team has
the authority to make rapid decisions based on available
information.
Every recovery scenario will require a different plan for internal
and external
communication and notification. A strong business continuity
plan allows the organization
to focus on business recovery while the crisis management team
focuses on mitigating
the crisis.
The crisis management team should perform tests and drills that
allow participants to
exercise and practice delegating authority. This ensures that the
end-to-end process
meets the business's needs.
UMUC

CSEC670
The Elements of a Business Continuity Plan
Business Continuity Plan
The main responsibility of the senior management and
leadership of a company is to
make sure the organization follows the appropriate plans and
processes. The steps of a
solid Business Continuity Plan (BCP) include identification,
assessment, prioritization,
management, and mitigation of risk. This is not an easy process,
and it requires that
individuals work collaboratively across the enterprise to
identify both the vulnerabilities
and potential threats.
An effective BCP contains internal and external elements
mirroring business priorities
across the enterprise. It includes collaboration across the
components, identifying
system dependencies and potential processes while responsibly
addressing the risks
associated with any identified interdependencies. This is a
cyclic process, and every
cycle brings improvements in its ability to address known and
potential threats and
vulnerabilities.

Elements of a Business Continuity Plan
Policies and Processes
One of the key elements of a good BCP is establishing policies
and processes to
determine the steps the organization will take to identify,
manage, and mitigate risks that
are identified.
Competent Staff
Deploying staff with sufficient knowledge, appropriate levels of
authority, and budget
authority to deploy the BCP responsibly is a crucial factor in
ensuring the success of a
BCP.
Regular Review
It is important to test the BCP on an annual basis and have it
reviewed independently to
ensure an unbiased perspective.
Awareness and Training
Requiring everyone in the organization to be aware of threats,
and to have the proper
training and skills to succeed, is another critical element of a
strong BCP.
Organization-Wide Testing
Testing the BCP across the organization on a regular basis helps
ensure that a BCP is
capable of meeting the needs of the organization.
Critical Evaluation
A BCP's testing process needs to be critically evaluated, and the
results have to be

reviewed with the staff, to ensure complete understanding of
weaknesses and areas for
improvement.
UMUC
CSEC670
Regular Updates
An effective BCP is modified and updated on a regular basis so
it is a living and evolving
plan that meets the needs of the organization, and adapts to
changes in the operating
environment and threat landscape.
UMUC
CSEC670

The Business Continuity Planning Process
Crazy Steve's Problem
Stephan and Jonathan manage to fix the main issue that allowed
the multiple fake
orders to be placed via Crazy Steve's Web site. Stephan realizes
that this was a close
call. While working to mitigate the issue, he discovers that the
company's business
continuity plan does not include strategies for handling
cybersecurity incidents. As the
success of the entire business continuity effort hinges on
advance planning, Stephan
believes that a plan should be put in place to address
cyberattacks. He decides to
discuss this with Jonathan.
Here is a transcript of the conversation between Stephan and
Jonathan.
Stephan: Hi, Jonathan. Are you free? I need to discuss
something with you.
Jonathan: Yes. Go on.
Stephan: Now that the Christmas incident has been handled,
there is one thing that I
would like to bring to your attention.
Stephan: While handling the security incident, I realized that
our company's business
continuity plan does not consider cybersecurity.

Jonathan: Yes, I realized that as well. The BCP focuses
primarily on natural threats
such as fire and flooding. It also addresses major power outages
and system
breakdowns.
Jonathan: It does not deal specifically with cybersecurity
incidents.
Stephan: I think it would be prudent to call a meeting of the
BCP steering committee,
discuss this issue in depth, and decide on a proper plan of
action for fixing this gap in the
BCP.
Jonathan: I agree. I will send an e-mail immediately and get this
process started.
The Meeting
The BCP steering committee at Crazy Steve's convenes to
discuss the proposed
changes. Among the members are Jerry Kripke, the chief
operating officer, and Patricia
Gunter, the head of IT.
Here is a transcript of the conversation.
Jonathan: As you all know, this meeting has been called to
reassess the company's
business continuity plan.
Jonathan: The recent security incident regarding the fake
Christmas orders has made
us aware that the BCP does not include strategies for handling
cybersecurity incidents.

UMUC
CSEC670
Jonathan: Stephan and I propose that the BCP should include
plans and processes for
rapid and effective response, management, and recovery from
any cyberattacks that
could have a significant impact on performance, customer
expectations, our brand, or
our finances.
Stephan: Advance planning will enable us to have discussions
regarding emergency
decisions before an actual cyberemergency, when many other
issues will require our
immediate attention.
Patricia: I agree. This will allow us to discuss known risk areas
and research other
potential risks as well.
Patricia: I feel strongly that we should include cybersecurity
incidents in the BCP.
Jerry: I think that cybersecurity incidents should be managed by
the CISO and his team.
I believe that he has a plan in place.

Stephan: This is a very serious matter that needs to be analyzed
and discussed
thoroughly before we come to a decision.
Stephan: I suggest we see what the other members of the
steering committee have to
say and consider all aspects before making a decision.
Conclusion
A thorough discussion follows. Some members agree with
Jonathan's proposal to
include cybersecurity incidents in the BCP, and some do not.
Ultimately, the committee
decides to include cybersecurity incidents in the BCP.
The BCP Process
At Crazy Steve's, the process of developing the BCP is
collaborative; stakeholders from
all areas of the business provide input. It requires business units
across the enterprise to
assess their critical processes, dependencies, operations, and
facilities, and then
develop an appropriate business continuity strategy.
Organizations that have solid
business continuity plans, in addition to reviewing, modifying,
and testing them on a
regular basis, do much better during cyberattacks and other
emergencies than
organizations that do not take these precautions.
Critical Functions
The BCP steps should focus on critical business functions,
including resumption,
recovery, and maintenance, rather than focusing solely on
technology (FFIEC, 2008, p.
4).

Priorities
The BCP process includes evaluation and development of a
cross-enterprise
prioritization plan that aligns with critical business functions
and operational expectations
(FFIEC, 2008, p. 4).
Interdependencies
The BCP process includes interdependencies and integrates
expected interactions with
other critical partners, such as utilities and service providers
(FFIEC, 2008, p. A-4).
UMUC
CSEC670
Regular Updates
The overall BCP process should include regular plan updates
based on changes in
people, processes, and technologies, as well as independent
audit findings and lessons
learned from internal reviews and regular tests of the process
(FFIEC, 2008, p. 18).
Lifecycle Approach
The BCP process requires a lifecycle approach that incorporates
the risks identified

through the Business Impact Analysis (BIA), the vulnerability
assessment, and the
ongoing risk management and assessment process, in order to
continually improve the
BCP, from planning to final testing and monitoring (FFIEC,
2008, pp. 4, 13).
Reference: Federal Financial Institutions Examination Council
(FFIEC). (2008, March). Business continuity
planning: IT examination handbook. Retrieved from
http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_Busin
essContinuityPlanning.pdf
Analyze This
Question 1: Which of the following scenarios should be
included in the BCP for
cybersecurity incidents involving Crazy Steve's Web site and
online ordering
infrastructure?
a. A Distributed Denial Of Service (DDoS) attack on the servers
b. A Structured Query Language (SQL) injection attack on the
Web site, aiming to
extract financial and customer information
c. A virus infection on the servers
d. A developer accidentally uploading a Web page with
incorrect information
Correct Answer: Options a, b, and c
Feedback:
DDoS attacks on the servers, SQL injection attacks on the Web
site, and virus infections
on the servers should all be included in the BCP for
cybersecurity incidents.

DDoS, SQL injections and viruses are all serious attack
methodology that can be used
by adversaries. These scenarios therefore require careful and
detailed analysis in order
to assess how they are addressed in the company’s BCP.
Uploading incorrect data onto
the company’s web page is normally just a simple error that can
be easily corrected and
does not affect Business Continuity Planning.
Question 2: Which of the following key personnel should
provide input for the steps to
be taken when a cybersecurity incident occurs on Crazy Steve's
retail Web site? Choose
all options that apply.
a. The Chief Financial Officer (CFO)
b. The Chief Information Officer (CIO)
c. The Chief Information Security Officer (CISO)
d. The public relations and media advisor
Correct Answer: Options a, b, c, and d
Feedback:
The BCP process is a collaborative undertaking in which
stakeholders from all areas of
the business should give their input.
UMUC
CSEC670

Question 3: Which of the following inputs are relevant to the
BCP process for Crazy
Steve's Web site? Choose all that apply.
a. Vulnerability assessment and penetration testing reports
b. Previous audit reports
c. A Service Level Agreement (SLA) with the hosting provider
d. Legal or regulatory requirements for data protection
Feedback:
Vulnerability assessment and penetration testing reports,
previous audit reports, an SLA
with the hosting provider, and legal or regulatory requirements
for data protection are all
relevant to the BCP process.
All of the possible answers are important inputs to the
company’s Business Continuity
Plan. For example, prior audit reports can highlight weaknesses
in technical controls that
the organization should implement corrective action, or be
prepared to accept the risk
related to the vulnerability. An additional example is that
vulnerability assessments and
penetration testing provide an organization with a thorough
analysis of the WAN and/or
Enterprise Infrastructure. This is very relevant information for
the BCP.

UMUC
CSEC670
The Business Impact Analysis
Scenario
The first task that Crazy Steve's BCP steering committee faced
was carrying out a
Business Impact Analysis (BIA). BIA is a three-step process
that organizations use to
calculate the potential qualitative and quantitative impact of a
crisis. With information
from a BIA, an organization can refine its growth strategies,
risk management practices,
and cybersecurity infrastructure.
The time and resources required for a BIA will vary, based on
the complexity and size of
the organization. The BIA process is dynamic, and it includes
internal and external
interdependencies among departments, staff, and integral
business operations.
During the BIA process at Crazy Steve's, stakeholders identified
interdependencies and
prioritized them according to their business objectives. This
prioritization process plays

an important role in driving the required business recovery
timelines and expectations.
Analyze This
The BCP steering committee discussed the BIA process and
made several important
findings. Answer the following questions to learn more.
Question 1: Which of the following are critical functions or
processes at Crazy Steve's?
a. Supply chain management
b. Customer relationship management
c. Order processing
d. Online order management
Feedback:
Supply chain management, customer relationship management,
order processing, and
online order management are all critical functions or processes
at Crazy Steve's.
In an online e-tailer environment like Crazy Steve’s all of the
systems listed should be
considered mission critical. The failure of any one system
would have a significant
impact on the organization’s overall business operations.
Therefore, unexpected
downtime in any one or more of these information systems
would damage the company
(i.e. their reputation, ability to service customers and/or earn
profits).
Question 2: Since the bulk of Crazy Steve's business is
conducted online, which of the

following scenarios would have the greatest impact on business?
a. The payroll processing department sends the wrong
information to the bank
b. Corporate headquarters catches fire
c. The hosting company where all of Crazy Steve's servers are
located shuts down due
to a power outage
d. The CEO gets stuck at his vacation destination due to heavy
snowfall
Correct Answer: Option c
UMUC
CSEC670
Feedback:
A shutdown at the hosting company where all of Crazy Steve's
servers are located
would have the greatest impact on Crazy Steve's business.
Due to the fact that Crazy Steve’s business is entirely online
their IT systems are the
most essential aspect to the business. This would include the
availability of their Web
site. Therefore, a power outage at the company’s external
hosting company would have
the greatest impact on their overall business.

Question 3: Customers have come to value Crazy Steve's
because of its unparalleled
online transaction speed, the lack of any significant downtime
on the company's Web
site, and the company's quick delivery of products. What is
most likely the industry
standard for acceptable downtime for Crazy Steve's retail Web
site?
a. Less than a minute, with almost no data loss
b. Less than an hour, with a few hundred recent transactions
being unavailable
c. Less than a day, with the current day's transactions being
unavailable
d. More than two days
Correct Answer: Option a
Feedback:
Considering the company's previous performance and
reputation, less than a minute
with almost no data loss is the likely acceptable downtime.
Question 4: When focusing on the retail Web site, the BCP
steering committee will
detail the dependencies for Web site operations. Which of the
following dependencies
should the committee include?
a. The server hosting the Web site
b. The Internet link to the Web site
c. The DNS servers hosting the domain name
d. The power supply to the hosting company's data center
Feedback:
The server hosting the Web site, the Internet link to the Web

site, the DNS servers
hosting the domain name, and the power supply to the hosting
company's data center
are all dependencies that the BCP steering committee should
consider.
In data center operations, all the options are essential
components of maintaining
continuity of service to external customers and internal
stakeholders. Therefore, these
dependencies and for that matter inter-dependencies should be
evaluated by the BCP
Steering Committee.
BIA
During his background research, Stephan creates a presentation
about BIA.
Slide 1: The BIA should critically evaluate and prioritize
functions and processes by
business line. In addition, it should identify interdependencies.
UMUC
CSEC670
Slide 2: The BIA should highlight the possible business impact
for nonspecific,
uncontrolled events that may disrupt functions and processes

across the enterprise.
Slide 3: The BIA should highlight the regulatory and legal
responsibilities and
requirements that are integral to the company's business and
processes.
Slide 4: The BIA should estimate, by business function, the
parameters of acceptable
and unacceptable downtime and loss from a business
perspective.
Slide 5: The BIA should determine objectives for an acceptable
critical recovery path
that includes acceptable recovery times and recovery point
objectives.
UMUC
CSEC670
Checklist
To define the critical objectives and functions across the
enterprise, each business entity
involved in the BIA process should ask relevant questions and
gather data. Stephan
shares a checklist with relevant details that need to be collected
before a BIA.

Identify the vital interdependencies among applications,
systems, departments, and
critical business processes. Determine the criticality and
function of specific
equipment across departments.
Ascertain the impact to the department if a critical computing
environment and
support hardware (for example, a network or the Internet) is
unavailable, and identify
a fallback position.
Determine and identify single threads and points of failure, as
well as the impact of
the risks identified.
Determine whether there are any critical dependencies
involving outsourcing
arrangements.
Determine how the enterprise and third-party providers will
meet their service level
obligations during an emergency. Define how this will impact
the department.
Determine how effective security processes and operational
controls will be
maintained during the recovery process.
From a staffing and space perspective, determine the minimum
that will be required
to meet business requirements. Identify any alternatives. List
any special business
supplies, forms, or collateral required at the recovery site.

Determine whether communications provisions are available at
the backup site to
facilitate communications with customers, vendors, and
employees. Identify the
alternatives and backup.
If the recovery site is a common site used by other companies,
determine whether
the critical business resumption operations are prioritized at the
site and whether this
prioritization aligns with the company's business requirements
and expectations.
Understand how employees are trained to perform multiple
duties in the event of an
emergency and whether additional cross-training is necessary.
Create a succession
plan in case key leaders are unavailable.
Determine how the personal and family needs of employees
will be addressed.
Identify and detail the proper plans adequately to meet these
needs.
From a financial perspective, determine which issues must be
addressed in an
emergency situation.
UMUC

CSEC670
Activity: You Decide!
Dealing with a cybersecurity incident can be a major crisis for
an organization to cope
with effectively. Take on the role of a decision maker and help
handle the crisis in this
scenario.
For the following questions, assume the role of the CISO of a
publishing house. You
have just been informed that parts of the latest unpublished
book by your best-selling
author have been found online. You suspect that the company
database has been
compromised and information has been stolen.
Question 1: The Decision-Making Process
Which of the following steps should be initially included in the
decision-making process
that you would carry out in response to this cyberattack?
a. Inform and bring together all decision makers
b. Focus on factors that will get the business back to normal
c. Gather all the facts to make an informed decision
d. Understand the main points related to the security incident
e. Review the results of the forensic examination of previous
cyberattacks
f. Obtain advice from legal counsel

Feedback:
The decision-making process includes gathering all decision
makers, focusing on factors
that will get the business back to normal, gathering all the facts
to make an informed
decision, and understanding the main points related to the
security incident. Conducting
a forensic examination and involving legal counsel would come
after the attack has been
contained and broadly understood.
Obtaining advice from legal counsel is an important task.
However, it is not part of the
preliminary steps in counteracting a cyberattack on your
organization. This would
normally be done after the attack is contained, a damage
assessment can be
ascertained and results of a digital forensic investigation are
shared.
Question 2: Determining the Appropriate Process
Which of the following steps would you initially take while
determining the appropriate
process you would initiate in response to a cyberattack?
a. Identify the organization's critical business functions
b. Discuss how to prevent further harm to the business and
supporting systems
c. Analyze the qualifications of staff members
d. Assign roles and responsibilities to staff members
Correct Answer: Options a, b, and d

UMUC
CSEC670
Feedback:
Determining the appropriate process includes identifying the
organization's business
priorities, discussing how to prevent further damage, and
assigning roles and
responsibilities to staff members.
Question 3: Crisis Management
Which of the following steps should be part of the crisis
management process?
a. Predetermining the members of the crisis management team
b. Involving the Marketing Department in media relations
c. Coordinating with external agencies and organizations
d. Involving senior management, IT management, and other
critical teams
e. Following the practices and procedures outlined in the BCP
Correct Answer: Options a, c, d, and e
Feedback:
The crisis management process includes the following steps:
Predetermining the members of the crisis management team
Coordinating with external agencies and organizations

Involving senior management, IT management, and other
critical teams
Following the practices and procedures outlined in the BCP
Communications with the media would typically be handled by
the Public Relations or
Corporate Communications division, and not by Marketing.
Question 4: Critical Elements of a BCP
Which of the following are critical elements of a BCP?
a. Testing the BCP once every five years
b. Identifying risks
c. Prioritizing risks
d. Assigning mitigation strategies
e. Updating the BCP regularly
Correct Answer: Options b, c, d, and e
Feedback:
Identifying and prioritizing risks, assigning mitigation
strategies, and regular updating are
all elements of a BCP.
Question 5: Additional Elements of a BCP
Which of the following elements should be included in a BCP?
a. Understanding key business processes
b. Developing plans in advance
c. Prioritizing cross-organizational requirements
d. Focusing only on IT aspects
e. Testing the organization's BCP regularly
Correct Answer: Options a, b, c, and e

UMUC
CSEC670
Feedback:
Developing plans in advance, prioritizing cross-organizational
requirements,
understanding key business processes, and regular testing are all
elements of a BCP.
Question 6: Elements of the BIA Process
Which of the following options are parts of the BIA process?
a. Understanding that the BIA process is dynamic
b. Documenting key business processes and procedures
c. Adjusting the BIA to reflect changes in technology
d. Explaining and discussing risks and threats
e. Ad hoc review of the BIA whenever there is time available to
do it
Feedback:
Understanding the process, documenting key business processes
and procedures,
adjusting the BIA to reflect changes in technology, and
explaining and discussing risks
and threats are all parts of the BIA process.

UMUC
CSEC670
Topic 4: Offensive Cyberattack Technologies
Offensive Cyberattack Technologies
Case Study
Step 1
In 2011, growing concern over Iran's alleged nuclear weapons
program led the United
States to increase surveillance of possible Iranian nuclear sites.
Step 2
The intelligence-gathering process included the use of drones,
or Unmanned Aerial
Vehicles (UAVs), which can be operated from thousands of
miles away. In late 2011, a
drone operated by U.S. forces in Afghanistan was forced to land
on Iranian soil
(Gladstone, 2011).
Reference: Gladstone, R. (2011, December 15). Stop U.S. drone
flights, Iran warns Afghanistan. The New
York Times. Retrieved from

http://www.nytimes.com/2011/12/16/world/middleeast/iran-
warns-afghanistan-to-
stop-us-drone-flights.html
Step 3
While some drones can be armed with missiles, the U.S.
military reacted to Iranian
reports of the drone's capture by saying Tehran might have been
referring to a missing
"unarmed reconnaissance aircraft" (Jaffe & Erdbrink, 2011).
Reference: Jaffe, G., & Erdbrink, T. (2011, December 4). Iran
says it downed U.S. stealth drone; Pentagon
acknowledges aircraft downing. The Washington Post.
Retrieved from
http://www.washingtonpost.com/world/national-security/iran-
says-it-downed-us-stealth-drone-pentagon-
acknowledges-aircraft-
downing/2011/12/04/gIQAyxa8TO_story.html?wprss=rss_nation
al-security
Step 4
Drones run the risk of being shot down or crashing as a result of
malfunction or operator
error, and then being captured by foreign adversaries. U.S.
Defense authorities later
admitted that this drone was in fact spying on Iran. This
corroborates statements by
Iranian military authorities that they were able to do so using an
electronic attack
(Popular Mechanics 2011). In this case, the Iranians stated at
one point that they had
shot down the drone (The Daily Mail, 2011).
References:

Popular Mechanics. (2011, December 5). 3 Questions After
Iran's Claimed Shoot-Down of U.S. Drone.
Retrieved from
http://www.popularmechanics.com/technology/military/planes-
uavs/3-questions-after-irans-
claimed-shoot-down-of-us-drone-6610661
The Daily Mail. (2011, December 5). Iran threatens retaliation
after 'shooting down' U.S. spy drone in its air
space. Retrieved from http://www.dailymail.co.uk/news/article-
2069818/Iran-shoots-U-S-spy-plane.html
Step 5
However, Iran has made a separate claim that it captured the
drone after hacking its
navigation system (Gladstone, 2011).
Reference: Gladstone, R. (2011, December 15). Stop U.S. drone
flights, Iran warns Afghanistan. The New
York Times. Retrieved from
http://www.nytimes.com/2011/12/16/world/middleeast/iran-
warns-afghanistan-to-
stop-us-drone-flights.html
UMUC
CSEC670
Cyberattack Technologies

Many organizations and governments around the world are
examining, testing, and
deploying offensive cyberattack strategies and technologies. In
the United States, strong
laws forbid aggressive actions if they entail unauthorized access
to a device connected
to the Internet. Such laws do not exist in other parts of the
world, nor does the law in
some countries protect U.S. companies from attacks by foreign
hackers.
In light of this global predicament, enterprises need to be aware
of aggressive plans that
are being considered and implemented globally. As a
cyberattack can originate
anywhere, governments and other organizations may need to
take proactive steps to
protect their assets. In traditional warfare, attacking
communications and command and
control functions are crucial to victory; attacking the systems
that host and facilitate
these critical functions is also crucial to victory.
Identify Cyberattack Methods
Identify the cyberattack technologies that have offensive
capabilities.
a. Denial of Service (DoS) attacks
b. Remote keyloggers
c. Electromagnetic Pulse (EMP) weapons
d. Bolt phase attacks
e. Attacks on control systems that cause assets to self-destruct
f. Trojan implantations that allow control of systems activity
g. Root core scans
h. Flooding attacks
Correct Answer: Options a, b, c, e, f, and h

Feedback:
The following cyberattack technologies have offensive
capabilities:
Distributed Denial of Service (DDoS) attacks have definite
offensive capabilities. By
using a large group of zombie computers an attacker can
generate a very damaging
attack.
Remote keyloggers are also useful offensive cyberwarfare tools
because they relay
back each and every keystroke made on an enemy’s computer.
Electromagnetic Pulse (EMP) weapons imitate the gamma-ray
pulse caused by a
nuclear explosion, disabling all electronics over wide areas
(Gertz, 2011). These
weapons are currently designed to knock out electronic
equipment and possibly even
affect humans.
Attacking a control system normally has the objective of
causing a failure of the
operating system. This is potentially a very dangerous offensive
action that an
adversary might wish to use.
A Trojan program allows an outsider to gain control of a
program or system. Often, a
Trojan gains entry to a system to allow access at a later time.
A flooding attack can easily be a very damaging offensive
attack by a government
organization, or cybercriminals. In this type of attack, a large

number of remote
servers are used to generate massive volumes of data packets.
In turn, this creates
so much data that the receiving organization’s systems are
overrun and cannot
function normally.
UMUC
CSEC670
Reference: Gertz, B. (2011, July 21). Report: China building
electromagnetic pulse weapons for use against
U.S. carriers. The Washington Times. Retrieved from
http://www.washingtontimes.com/news/2011/jul/21/beijing-
develops-radiation-weapons/?page=all
UMUC
CSEC670

Federal Government Roles and Responsibilities
Within the U.S. government, no single department or agency has
the ultimate
responsibility for securing against or responding to
cyberattacks. The government is in
charge of leadership and sector-specific duties, and it requires
the coordination and
collaboration of many different organizations. The
organizations that play a role in
handling cybersecurity include the Department of Homeland
Security (DHS), the
Department of Defense (DoD), the Department of Justice (DOJ),
and other federal
agencies both inside and outside the Intelligence Community.
Together, they execute a
comprehensive strategy across the federal government.
This table shows the organizations with authorities for handling
cyberattacks within the
United States.
Executive Branch
Within the Intelligence
Community
Within Federal

Jurisdiction
Executive authority, issued
in the form of Presidential
findings, executive orders,
and Presidential
Directives, issue
responsibility to
government departments
and agencies to take
actions within the scope of
authority granted.
Intelligence Community
Directives (ICDs) are
responsible for containing
the intelligence governance
authorities.
Federal law enforcement
responsibilities are largely
defined within federal laws.
Based on the type of crime,
the FBI, the Secret Service,
or other law enforcement
agencies may have
jurisdiction.
The National Cyber Response Coordination Group
The National Cyber Response Coordination Group (NCRCG),
composed of 13 federal
agencies, collaborates with the Intelligence Community, law

enforcement, and the U.S.
Computer Emergency Readiness Team (US-CERT) before,
during, and after a
cyberincident. It serves as the leading disseminator of
information and coordinates
responses among government agencies following a
cyberincident.
National Cybersecurity and Communications Integration Center
DHS's National Cybersecurity and Communications Integration
Center (NCCIC) is a
"watch and warning" center with 24/7 capabilities for
emergency communications related
to cybersecurity. The NCCIC works across all levels of the
private sector and
government. It provides a unified and integrated response to
incidents that may impact
homeland security. The NCCIC is collocated with the Industrial
Control Systems Cyber
Emergency Response Team (ICS-CERT), the National
Coordinating Center for
Telecommunications (NCC), and US-CERT. Other federal
partners, including the
Department of Defense, members of the Intelligence
Community, and law enforcement,
also collaborate with the NCCIC. Information Sharing and
Analysis Center (ISAC)
activities for a few sectors also originate with the NCCIC (DHS,
2011).
UMUC

CSEC670
Reference: U.S. Department of Homeland Security. (2011,
August 9). About the National Cybersecurity and
Communications Integration Center (NCCIC). Retrieved from
http://www.dhs.gov/xabout/structure/gc_1306334251555.shtm
UMUC
CSEC670
Use of Military Organizations and Assets
In July 2010, The Economist described cyberwarfare as "the
fifth domain of warfare,
after land, sea, air, and space" (The Economist, 2010). A
cyberattack that could cripple
critical systems like the power grid, security systems, and
financial or governmental
systems could have devastating effects on a nation. Some
believe that the United States
should move to a more aggressive posture for offensive and

defensive cybermeasures.
Many countries have developed cyberattack capabilities. For
example, "Iran claims to
have the world's second-largest cyber-army," while China,
Russia, Israel, and North
Korea have capabilities of their own (The Economist, 2010).
As of now, it is difficult to gauge the true capabilities of
potential enemies. Thus,
countries need to prepare for worst-case scenarios. The
concurrent challenge is the
anonymity of a cyberattack. For example, one country could
launch a cyberattack on
another through a third and innocent nation. An attack of this
type could create mistaken
identity, misattribution, and lack of confidence, which could
easily escalate to military
action.
Reference: The Economist. (2010, July 1). Cyberwar: It is time
for countries to start talking about arms
control on the internet. Retrieved from
http://www.economist.com/node/16481504?story_id=16481504
&source=features_box1
Georgia Cyberattacks
Russia's military advance on Georgia during the South Ossetia
war of 2008 was
accompanied by cyberattacks, which included both DOS attacks
on numerous Georgian
Web sites and hacking of some government sites (Moses, 2008).
While Georgia has
accused Russia of orchestrating the cyberattacks, it is difficult
to prove that actions like
these are the result of action by an enemy state, as opposed to

independent hackers
working on their own (McCullagh, 2010).
Attribution is complicated by the fact that cyberattacks can be
geographically
decentralized. For example, when Estonia was subjected to
cyberattack in 2007, it
blamed Russia. However, the attack was carried out using a
network of thousands of
infected computers, 17 percent of which were said to have been
located in the United
States (Baldor, 2011).
References:
Baldor, L. C. (2011, June 22). New orders detail Pentagon
cyberwar guidelines. The Associated Press.
Retrieved from Air Force Times Web site:
http://www.airforcetimes.com/mobile/index.php?storyUrl=http%
3A%2F%2Fwww.airforcetimes.com%2Fnews
%2F2011%2F06%2Fap-pentagon-gets-cyberwar-guidelines-
062211%2F
McCullagh, D. (2010, July 29). U.S. military cyberwar: What's
off-limits? CNET News. Retrieved from
http://news.cnet.com/8301-31921_3-20012121-281.html
Moses, A. (2008, August 12). Georgian websites forced offline
in "cyber war." The Sydney Morning Herald.
Retrieved from
http://www.smh.com.au/news/technology/georgian-websites-
forced-offline-in-cyber-
war/2008/08/12/1218306848654.html

UMUC
CSEC670
GhostNet Espionage
An investigation has found circumstantial evidence that China
has used the GhostNet
cyberespionage network to compromise Tibetan computer
systems. The investigation
revealed that GhostNet consisted of more than 1,295 infected
hosts in 103 countries.
Thirty percent of the hosts were high-value targets that included
computers housed at
"ministries of foreign affairs, embassies, international
organizations, news media," and
nongovernmental organizations (Information Warfare Monitor,
2009).
Reference: Information Warfare Monitor. (2009, March 29).
Tracking GhostNet: Investigating a cyber
espionage network. Retrieved from http://www.infowar-
monitor.net/2009/09/tracking-ghostnet-investigating-
a-cyber-espionage-network/
UMUC

CSEC670
Role of the Private Sector
Militias
Militias of the Past and Cybermilitias of Today
Around the world, there are many private companies engaged in
developing
cyberwarfare technologies. As technology evolves to meet the
needs of competing
militaries, leading-edge innovations will continue to originate
in the private sector. Public-
private partnerships have been successful over the years, as they
perform specialized
functions that harness the capabilities of each sector.
Then
In the 1850s, Allan Pinkerton created the Pinkerton National
Detective Agency. The
Pinkertons, as the agency's detectives were popularly known,
foiled an alleged early plot
to assassinate Abraham Lincoln and were a prominent private
security force in the
United States during the late 1800s. As experts in their field,
Pinkertons were hired to
perform security services and military contract work. At their
height, the agency had

more documented members than the U.S. military and formed
the largest private
detective organization.
Reference: Morn, F. (1982). The eye that never sleeps: A
history of the Pinkerton National Detective
Agency. Bloomington: Indiana University Press.
Now
Blackwater Security Consulting (BSC), formed in 1997 and
renamed in 2011 as Academi
is a private firm that performed some security functions under
federal contract during the
Iraq War. Blackwater provided support for coalition forces and
installations, and trained
Iraqi military and police forces. Just as the Pinkertons did, in
the 1850s, Blackwater has
used its expertise to aid the U.S. government in various ways.
Public-Private Partnerships
Public-private partnerships have been used in research and
development efforts in many
areas. This is also true in cybersecurity. The private sector's
contribution to advances in
cybertechnology is bound to have a tremendous impact on the
future of cyberwarfare.
The market for such technology is not limited by borders or
nationalities. For example, a
company could develop a specific technology and sell it across
borders with ease, via
the Internet.
Global innovation in technology, for both good and evil
purposes, can now originate
virtually anywhere. This changing characteristic could be a

critical aspect of cyberwar in
the 21st century, and could dramatically change the landscape
and nature of future
military conflicts.
Defense Contractors
Private-sector firms currently assist traditional war operations
in areas ranging from
training to logistics. A private company's flexibility with
resources can help it meet critical
demands with dedicated expertise during a cyberemergency.
UMUC
CSEC670
For example, a company that routinely develops antivirus code
can quickly and
efficiently dedicate the resources necessary to address a new
virus when it appears.
The private sector is often more efficient, faster, and able to
function at a lower cost than
the government. Different vendors can work independently to
resolve a single problem,
in a competitive process that can result in the best solutions for
government and other
customers.
As the development of military technology increasingly

becomes the province of private
contractors instead of governments, these technologies will very
likely flow to other
countries that are willing to pay for them. Countries that do not
embrace the outsourcing
trend will not be able to keep up with other countries that
possess the latest technologies
available in the marketplace. Their capacity to retain military
prowess, especially in
cyberwar, will be challenged (Carafano, 2005).
Reference: Carafano, J. J. (2005, September 6). Sustaining
military capabilities in the 21st century:
Rethinking the utility of the principles of war. Retrieved from
Heritage Foundation Web site:
http://www.heritage.org/Research/Lecture/Sustaining-Military-
Capabilities-in-the-21st-Century-Rethinking-
the-Utility-of-the-Principles-of-War
UMUC
CSEC670
Role of International Organizations
Over the past few centuries, new technology has changed the
face of warfare. With the

advent of the Internet, cyberwarfare has become the latest threat
to security.
International organizations like the United Nations (UN) and
North Atlantic Treaty
Organization (NATO) are debating the effect of cyberwar and
the appropriate responses
to cyberattacks. As cyberattacks are not covered under the
Geneva Conventions and
there is no formal agreement among nations, limitations on
cyberwar and international
protocols of engagement are not defined.
Activity
Read and analyze each fictitious scenario, and answer the
related questions.
Question 1: A country has been under cyberattack by a known
and highly capable
adversary. The government has talked for a long time about
treating cyberwarfare the
same as it would treat kinetic warfare. What kind of effective
counterattack can it mount?
a. Kinetic warfare
b. Offensive cyberwarfare
c. A blended attack using both kinetic warfare and cyberwarfare
d. Disconnect the country's Internet connection
Correct Answer: Options a, b, and c
Feedback for Correct Answer:
The response would differ depending on the severity of the
cyberattack. For example, if
the cyberattack is against a water system, and it results in the
loss of 50,000 lives, a

decision might be made to not only initiate a cyberattack but
also to include a kinetic
strike against the facility that initiated the action. Conversely, if
an attack results
exclusively in damage to data, the response might be entirely
cyber.
Feedback for Incorrect Answer:
Disconnecting the country's Internet connection would not be an
effective measure to
use in the case of launching a cyberattack. As a cyberattack
would require utilizing the
Internet, and if you disconnect from the Internet this would be
view solely as a defensive
maneuver.
The response would differ depending on the severity of the
cyberattack. For example, if
the cyberattack is against a water system, and it results in the
loss of 50,000 lives, a
decision might be made to not only initiate a cyberattack but
also to include a kinetic
strike against the facility that initiated the action. Conversely, if
an attack results
exclusively in damage to data, the response might be entirely
cyber.
UMUC
CSEC670

Question 2: You are a member of the team evaluating the
decision-making process
related to disaster recovery. Which of the following information
and/or technologies
would you need most?
a. Blueprints of the facility that was attacked
b. Advanced disaster management plans
c. A smartphone
d. A backup copy of your computer's data
Correct Answer: Option b
Feedback:
Having advance plans in place that are based on different
scenarios will help your team
make the right decision more quickly.
Question 3: Hurricane Helen is just beginning to make landfall.
For the past five days,
the weather service has been saying that this storm is going to
hit land with Category 5
force. Which function of the weather service is best equipped to
deal with the media?
a. Legal counsel
b. Information Systems Department
c. Public relations
d. Executive management
e. Office of the Chief Meteorologist
Feedback:

The weather service's public relations function is best-suited to
deal with the media.
The office of the chief meteorologist, the executive
management, or the information
systems department shouldn't deal with media because this is
not their area of expertise.
The best organizational unit to deal with the media is the public
relations group since this
is a professionally trained group that knows what to say, as well
as what not to say
during a cybersecurity incident.
Question 4: You work for Herbert & Sons, a local consulting
firm, and you have been
hired to develop a BCP for a large community hospital. What
information should not be
included in the BCP?
a. Test plans
b. System interdependencies
c. Staff assignments and responsibilities
d. Capital cost of capital expenditures by fiscal year
Correct Answer: Option d
Feedback:
Cost calculations about capital expenditures should not be
included in the BCP. These
cost calculations would instead be included in the planning and
budgeting processes.
Capital cost expenditures are one-time costs that are normally
depreciated over the
individual asset’s useful life. For accounting purposes, this is
normally done over a 2-10
year period of time.

UMUC
CSEC670
Question 5: Which of the following items is not true of a
successful BCP process?
a. The BCP is updated regularly as part of a living process.
b. The BCP focuses on critical business processes.
c. The BCP excludes relationships with external service
providers.
d. The BCP is tested regularly.
Feedback:
A well-written and comprehensive BCP should be updated as
part of an ongoing
process, and it should include adequate information about the
organization's
relationships with key external service providers. The BCP
should also be tested
regularly.
Question 6: Which of the following items should be part of a
BIA?
a. Acceptable recovery times for each system
b. Interdependencies between individual systems
c. CISO responsibilities for incident response
d. Manual processes that can be initiated if systems are down

for a long time
Correct Answer: Options a, b, and d
Feedback:
Along with acceptable recovery times and interdependencies for
each system, manual
processes that can be initiated for each system if it is down
should be a part of the BIA.
The CISO's responsibilities for incident response are not part of
a business impact
analysis. These responsibilities would typically be outlined in
the CISO's job description
as well as the organization's business continuity and disaster
recovery plans.
Question 7: Which of the following options is not considered an
offensive
cybertechnology?
a. DDoS
b. Viruses
c. Worms
d. Dedicated firewalls
Correct Answer: Option d
Feedback:
DDoS, viruses, and worms have offensive capabilities. A
dedicated firewall has
defensive capability.
Question 8: Which of the following options is not a role of the
federal government as it
relates to cybersecurity?
a. Maintaining civil order

b. Reviewing the BCPs of Fortune 500 companies
c. Maintaining resilient public critical infrastructures
d. Debating and enacting laws about cybersecurity
Correct Answer: Option b
UMUC
CSEC670
Feedback:
Reviewing the BCPs of Fortune 500 companies is not the
government's responsibility. All
of the other options are key federal government functions.
UMUC
CSEC670
Topic 6: Summary

We have come to the end of Module 4. The key concepts
covered in this module are
listed below.
After a cyberattack, organizational decision making and
response to the attack is
critical in getting an organization through the incident and back
to normal. For
most companies, the response will include mitigating and
remediating the loss
caused by the attack.
The process of handling a cyberattack generally includes
prevention, defense,
detection, recovery, and response. All facets of an organization,
including
technical members and leaders, should work together to make
the right
decisions.
Business continuity and disaster recovery plans help companies
to deal
effectively with cyberthreats and security incidents. A well-
developed plan will
identify the potential threats to the company, and provide
adequate support for
prevention and recovery in the event of an incident.
The main responsibility of a company's leadership in the event
of a cyberattack is

to protect confidential information and information systems
while ensuring
business continuity.
A strong crisis management team will plan far in advance of an
event, with team
members who have the skills to perform their duties. The crisis
management
team normally includes members from various key departments.
The steps of a solid Business Continuity Plan (BCP), along
with the planning
process, include identification, assessment, prioritization,
management, and
mitigation of risk.
The first step in the BCP process is the Business Impact
Analysis (BIA).
Companies perform BIAs in order to determine the priority of
business functions
that need to be restored in the event of a crisis.
Many countries have developed cyberattack capabilities. As it
is difficult to gauge
the true capabilities of potential enemies, countries need to
prepare for worst-
case scenarios.
Private-sector firms currently assist traditional war operations
in areas ranging
from training to logistics. Private companies' flexibility with

resources can help
them meet critical demands with dedicated expertise during a
cyberemergency.
Private companies around the world are now engaged in
developing
cyberwarfare technologies. Public-private partnerships have
been successful
over the years, as they perform specialized functions that
harness the
capabilities of each sector.
UMUC
CSEC670
The private sector's contribution to advances in
cybertechnology is bound to
have a tremendous impact on the future of cyberwarfare. The
market for such
technology is not limited by borders or nationalities.
UMUC

CSEC670
Glossary
Term Definition
Business Continuity Business continuity is ensured by running a
parallel line of
business operations from an alternative geographic location.
This parallel operation may also house a backup of the
company's valuable data. Business continuity allows
uninterrupted workflow and customer service in the event of a
crisis or attack.
Business Continuity
Plan (BCP)
A Business Continuity Plan (BCP) guarantees that the
company can function normally in times of crisis, such as
following natural disasters, IT crashes, deliberate destruction,
and power failures.
Business Impact
Analysis (BIA)
A Business Impact Analysis (BIA) is a three-step process that
organizations use to calculate the qualitative and quantitative
impact crises can have on them. The crises can have human
or natural origins. With information from a BIA, an
organization
can refine its growth strategies, risk management, and

cybersecurity infrastructure.
Denial of Service (DoS)
Attack
Denial of Service (DoS) or Distributed Denial of Service
(DDoS) attacks use "zombie" servers to flood a target site with
large volumes of traffic. This flood of traffic consumes the
target site's network or system resources and denies access
to legitimate users.
Disaster Recovery Plan A disaster recovery plan is a
comprehensive plan for enabling
a company to resume work quickly in the wake of a disaster or
damage to IT infrastructure.
Electromagnetic Pulse
(EMP) Weapons
Electromagnetic Pulse (EMP) weapons disable electronics
over wide areas by imitating the gamma-ray pulse caused by
a nuclear explosion. These weapons are currently designed to
knock out electronic equipment and possibly even affect
humans.
Service Level
Agreement (SLA)
A Service Level Agreement (SLA) is a contract between a
customer and an IT service provider. It lists all the work tasks
outsourced to the provider and the output the provider is
expected to deliver.
National Cybersecurity
and Communications
Integration Center

(NCCIC)
The Department of Homeland Security's National
Cybersecurity and Communications Integration Center
(NCCIC) is a "watch and warning" center with 24/7 capabilities
for emergency communications related to cybersecurity.
National Cyber
Response Coordination
Group (NCRCG)
The National Cyber Response Coordination Group (NCRCG),
composed of 13 federal agencies, serves as the leading
disseminator of information and responses among
government agencies following a cyberincident.

1. After a cyber attack, the organizational decision making and re.docx

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a 1. After a cyber attack, the organizational decision making and re.docx

Semelhante a 1. After a cyber attack, the organizational decision making and re.docx (16)

Mais de jackiewalcutt

Mais de jackiewalcutt (20)

Último

Último (20)

1. After a cyber attack, the organizational decision making and re.docx