One Pager on Each topic – Included references at the end of each topic

    0

    Topic 1: Advanced and Persistent ThreatsOne of the biggest risks that companies face is advanced persistent threats. Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat. What policies can help manage theinsider threatfor an organizationssupply-chaincompanies or the organizationsoff-shore contractors? Integrate the concept of separation of duties into your discussion. Background: 1.Notional Supply Chain Risk Management Practices for Federal Information Systems[2012 NIST – note that the term insider threat is not used in the document but multiple practices are outlined for controlling risks posed by personnel).2.The Risk of Insider Fraud: Second Annual Study[2013 Ponemon – not specifically supply-chain related but a detailed overview of the current understanding of the risk posed to enterprises by insider threats generally]3.Cybersecurity: An Examination of the Communications Supply Chain[2013 – video / transcript of Congressional hearing examining multiple aspects of this topic
    INSERT References
    Topic 2: Mandiant ReportOn Feb. 19 2013 Mandiant released a report alleging that a specific Chinese military unit is behind one of the largest cyber espionage and attack campaigns aimed at American infrastructure and corporations. Public understanding of Advanced Persistent Threats (APT) is weak attribution remains difficult and cyberattacks are often dismissed as criminal or peripheral to national security. This carefully-researched report is significant because it convincingly and publicly assigns attribution for ongoing cyber espionage to groups supported by China. By publishing Mandiant hopes that –(a) this report will lead to increased understanding and coordinated action in countering APT network breaches; and(b) its resulting exposure and discussion may thwart APT activities. After reading the article at the link below and perusing the Mandiant report discuss whether Mandiants two desired outcomes above are likely to occur.Background:NYT summary: http://ezproxy.umuc.edu/login?url=http://search.proquest.com/docview/1288537806?accountid=14580NPR audio:http://www.npr.org/2013/02/19/172431535/report-chinese-government-hackers-behind-dozens-of-attacks-on-u-s-companies
    INSERT References

                                                                                                                                      Order Now