Solar Flares EMP and Back Doors Into Iphones

¶ … Persistent Threats One of the biggest risks that companies face is advanced persistent threats. Advanced persistent threats can be very harmful to a company and can come in various forms as hackers have a variety of methods in their tool belt; however, on the receiving end, companies should be prepared for cyber attacks -- and yet they often are not, because of carelessness, neglect, lack of oversight, regulation, accountability, transparency, review, and an ability to conduct proper assessment.

APTs are happening all the time and can be traced to origin locations all over the world (Norse, 2016). Cyber security should be therefore a number priority for any and all businesses that utilize information systems software and hardware. As the Norse Map shows, countries in both the East and the West are waging cyber war against one another; cyber security is therefore a real going concern for all (Norse, 2016).

Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat. There are many ways to mitigate risk in this manner. They include: Prudent project management, modular contracting, acquisition planning that is thorough and united to the budgetary planning designed within the program/finance/contract offices; constant collection and monitoring/assessing of data related to ongoing risk; reviews following implementation, and prototyping prior to implementation; project cost analysis vs.

project benefit/return analysis; and quantifying of data for the sake of clarity (Boyens, Paulsen, Bartol, Moorthy, Shankles, 2012). The most effective way to mitigate the risk of insiders either taking part in or facilitating an advanced persistent threat is to practice prudent project management: this includes doing all of the above-mentioned items.

Essentially, by staying on top of the project, knowing who is involved, what they are doing, how they are supposed to be doing it, and what speed and cost they are supposed to be doing it, and measuring their progress at regular intervals, the project manager can mitigate risk in the best possible manner, by implementing a strategy of oversight and accountability (Boyens, Paulsen, Bartol, Moorthy, Shankles, 2012).

The best way to mitigate risk, therefore, is to maintain an IS team that is responsible for building and maintain firewalls that can resist cyber attacks, hacks, and other forms of invasion, as well as to have a management team that can implement a 0-100 reward strategy that monitors progress of teams and measures developments at all stages to ensure that project goals are being met and that no fraud is being committed.

A 0-100 strategy is helpful for this because it cuts down on the false sense of advancement that a 25-25-25-25 or a 50-50 system can give (Ruskin, 2004). Earned Value Analysis is very important in gauging how on-target the inner workings of a company are (Earned Value Analysis, 2012). iii.

What policies can help manage the insider threat for an organization's supply-chain companies, or the organization's off-shore contractors? A policy of constant vigilance and oversight maintained by a 0-100 reward system, which is most effective at lower or beginning levels where maximum threats can occur, is a good policy to implement in order to maintain coherence and consistency.

Insider threats to supply-chain management stem from careless organization, lack of oversight, lack of reward structure (a 50-50 reward structure is not recommended as this can give a false sense of progress when little is actually being made).

A policy of transparency and effective communication consisting of two-way flows in a top-down hierarchical model can support the overall framework of monitoring the supply-chain as well as off-shore contractors, which can be monitored in the same manner, so long as the model is implemented according to the same strategic objectives of oversight, review, and assessment.

Duties therefore should be separated so that each unit is responsible for a specific task; in this manner, a system of checks and balances can be achieved that will makes sure every project is proceeding as it should. With managers overseeing each unit and each unit responsible for a specific section of the project, better coherence and logistical development can be arranged with maximum oversight generated at each stop (Fleming, Koppelman, 2000).

Topic 2: Mandiant Report (a) This report will lead to increased understanding and coordinated action in countering APT network breaches; and (b) It's resulting exposure and discussion may thwart APT activities. Discuss whether Mendicant's two desired outcomes above are likely to occur.

Mendicant's two desired outcomes are likely to occur because education and the proliferation of information does lead to increased understanding and coordinated action in countering APT network breaches -- however, an appropriate model of systematic review and oversight is needed to ensure that coordinated action is taken; the supplying of information in a report cannot do this on its own because it only generates a need for review: implementation must come from within the company itself.

The company's resulting exposure and discussion may however thwart APT activities as there will be more awareness and a focus of energy and commitment to facilitating a defense against APT network breaches. Mendicant's desired outcomes are thus likely to be reached so long as the company is responsible and responsive to the report and engages in updating their systems and practicing good risk management. Topic 3: EMP and Solar Weather (1) To what degree should U.S.

policy makers should be concerned about a high-effect, low-probability EMP attack, or a powerful Solar Weather event? US policy makers should be very concerned about a high-effect, low-probability EMP attack because if U.S. defense juggernauts are learning whether they can direct an EMP attack on enemies, then policy makers should expect that enemies are learning how to direct an EMP attack against the U.S. What goes around comes around, is how the maxim is told.

Thus an EMP may be low-probability for the time being but it is not likely to stay that way. Thus some defense should be initiated immediately. As for Solar Weather, this has been happening off and on throughout history and is not likely to be as much of a threat to U.S. programs as an EMP attack. However, some consideration should be given to a defense mechanism against solar flares. (2) Describe measures that may mitigate damage to the U.S.

power grid Measures that may mitigate damage to the U.S. power grid include an advanced firewall so to speak against EMP attacks. This would come in the form of a defense shield, which as of now still needs to be designed. However, other ways to mitigate the intensity of such a disaster would be to effect a back-up power plan for if the grid goes offline. Or there could be a survival strategy to use in case the U.S.

has to live without the grid for a period of time. (3) Measures individuals can take to mitigate the consequences to their.