¶ … Persistent Threats
One of the biggest risks that companies face is advanced persistent threats.
Advanced persistent threats can be very harmful to a company and can come in various forms as hackers have a variety of methods in their tool belt; however, on the receiving end, companies should be prepared for cyber attacks -- and yet they often are not, because of carelessness, neglect, lack of oversight, regulation, accountability, transparency, review, and an ability to conduct proper assessment. APTs are happening all the time and can be traced to origin locations all over the world (Norse, 2016). Cyber security should be therefore a number priority for any and all businesses that utilize information systems software and hardware. As the Norse Map shows, countries in both the East and the West are waging cyber war against one another; cyber security is therefore a real going concern for all (Norse, 2016).
Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat.
There are many ways to mitigate risk in this manner. They include: Prudent project management, modular contracting, acquisition planning that is thorough and united to the budgetary planning designed within the program/finance/contract offices; constant collection and monitoring/assessing of data related to ongoing risk; reviews following implementation, and prototyping prior to implementation; project cost analysis vs. project benefit/return analysis; and quantifying of data for the sake of clarity (Boyens, Paulsen, Bartol, Moorthy, Shankles, 2012).
The most effective way to mitigate the risk of insiders either taking part in or facilitating an advanced persistent threat is to practice prudent project management: this includes doing all of the above-mentioned items. Essentially, by staying on top of the project, knowing who is involved, what they are doing, how they are supposed to be doing it, and what speed and cost they are supposed to be doing it, and measuring their progress at regular intervals, the project manager can mitigate risk in the best possible manner, by implementing a strategy of oversight and accountability (Boyens, Paulsen, Bartol, Moorthy, Shankles, 2012).
The best way to mitigate risk, therefore,...
A 0-100 strategy is helpful for this because it cuts down on the false sense of advancement that a 25-25-25-25 or a 50-50 system can give (Ruskin, 2004). Earned Value Analysis is very important in gauging how on-target the inner workings of a company are (Earned Value Analysis, 2012).
iii. What policies can help manage the insider threat for an organization's supply-chain companies, or the organization's off-shore contractors?
A policy of constant vigilance and oversight maintained by a 0-100 reward system, which is most effective at lower or beginning levels where maximum threats can occur, is a good policy to implement in order to maintain coherence and consistency. Insider threats to supply-chain management stem from careless organization, lack of oversight, lack of reward structure (a 50-50 reward structure is not recommended as this can give a false sense of progress when little is actually being made). A policy of transparency and effective communication consisting of two-way flows in a top-down hierarchical model can support the overall framework of monitoring the supply-chain as well as off-shore contractors, which can be monitored in the same manner, so long as the model is implemented according to the same strategic objectives of oversight, review, and assessment.
Duties therefore should be separated so that each unit is responsible for a specific task; in this manner, a system of checks and balances can be achieved that will makes sure every project is proceeding as it should. With managers overseeing each unit and each unit responsible for a specific section of the project, better coherence and logistical development can be arranged with maximum oversight generated at each stop (Fleming, Koppelman, 2000).
Topic 2: Mandiant Report
(a) This report will lead to increased understanding and coordinated action in countering APT network breaches; and (b) It's resulting exposure and discussion may thwart APT…
