Learning Module 1 PDF

Preview

Summary

first module for nag's class...

Description

Cybersecurity Module 1: Personal Use Security .

Background Summary: Internet-enabled mobile devices are commonly used by people in a business environment to do business work such as communicating with clients and co-workers involved in same or similar projects.

Description: Business issued mobile devices are commonly used by employees and business associates in performing normal business functions. It can easily happen that a person is not aware of all the security policies and procedures, or perhaps the person makes a mistake in observing these security policies. Sensitive data may be exposed, or the business employer may become vulnerable, as a result. Sometimes a user may carry only one mobile device which is used for both business and personal use. Even if this does not violate company policy, it may involve security risks.

Risk – How Can It Happen? There are a number of possibilities that may lead to these situations, as follows: 1. 2. 3. 4. 5.

Lack of a security policy for the organization Lack of awareness of existing security policies Forgetfulness or other error on the part of the user Complacence, and the notion that “nobody will hurt us” Pressure from work schedules or from management, and the need to rush through things.

The list is not necessarily complete.

Example of Occurrence: Scenarios Helena works remotely and commonly uses the mobile device issued to her to conduct client meetings and access the customer database. She is on the go a lot, and instead of using the secure 4G network issued by the company, she often uses the open access Wi-Fi network wherever a network might be available, such as at a Starbucks. There is no company policy against the personal use of company mobile devices. She knows it is against company policy to download applications, such as games, that have not been approved

Answer the following questions: Question 1: The company has issued Helena the mobile device to work remotely to interact with clients and access the database. Is this the right thing to do? A. No, the company should require her to be at her desk inside the firewall. B. It is acceptable to do client meetings remotely, but database access has to be secured. C. Considering that the company has issued her this device, they expect her to use it remotely provided she follows security procedures. D. There is no problem. There is no need to be paranoid.

Question 2: Is it all right for Helena to use the company issued mobile device on an open access network that is not password protected? A. Absolutely not. Even if she does not access clients and client data, she is possibly exposing the device and the data it contains to other users. B. She could be doing personal work, just not access any secure company data. C. It is all right if she does it quickly. Keeping the connection open a long time could be risky. D. Some people are so paranoid. The only people in Starbucks are coffee lovers, not snoopers.

Question 3: Is it all right for Helena to be downloading games that have not been approved by the IT department? A. It is quite all right to download the games, but she should not be playing them at work. B. There is nothing wrong with downloading the game as long as she is playing within the security firewall. C. Everyone needs to relax with games. This is an example of an improper security policy. D. It is very wrong for her to disregard the security policy and the IT department. Games can come with spyware or malware. This is the big concern, bigger than her playing games at work. //**********************************************

Responsible Use – How can these errors be avoided?

All the answers are given in the scenario. The company has issued Helena a mobile device with a secure 4G connection. They expect her to work remotely to conduct client meetings and access the company database. She does not need to use public Wi-Fi where her device and communications are exposed to other users, who could also overhear her or look over her shoulder. Using the secure 4G she can connect from any private area, such as inside her parked car. It is very wrong of her to ignore the company security policy and the IT department with respect to games. The company has not banned games. They only require games to be vetted by the IT department so it is free of spyware and malware that can expose sensitive information.

Answer the following questions: Question 1: Which of the following best represents what Helena should do at work? A. Focus on work and not play games. B. Bring her own phone to play games at work. C. It doesn’t matter. One or two games will not hurt if she does not play too often. D. Have her work phone scanned on a regular basis by the IT department.

Question 2: Which of the following best represents what Helena should do when clients urgently request information from her when she is away from work? A. Find a secluded location where she can use her secure 4G connection. B. She should not answer the call. C. She should answer and give the client a time when she can give the information. D. She should only provide general information.

Laboratory Assignment STEP 1: Internet Research 4G is the 4th generation of the International Mobile Telecommunication standard specified by the International Telecommunication Union, an agency of the UN. The specific standards are What can by youthe describe about the increase in bandwidth from 3G(IEEE). to 4GRead to 4Gabout LTE? global 4G developed Institute of Electrical and Electronics Engineers LTE developments for mobile devices, and the IEEE standards that support it. You will find it at: The increase in badwidth is caused by carrier aggregation. This function works by combining two different frequencies to create one big pipe for information to flow through. This speeds up http://spectrum.ieee.org/telecom/standards/lte-advanced-is-the-real-4g speeds and creates a bigger path for information to flow thorugh.

Question 1: Question 2: You may have noticed an increase in screen size over the years in moving to 4G LTE. What features are supported by the larger screens? By having bigger screens, there is more screen real estate. Since there is more real estate, the user can multi task with ease due to the increase bandwidth from 4G LTE

Discussion Questions Question 1: The original WiMAX IEEE 802.16N city-wide Internet was scrapped because there was no security and too much interference. The current 4G LTE (4 th Generation Long Term Evolution) is based on The of the Internet is thelevels biggest boon forIn people. The openness of and the Internet the IEEE openness 802.16e-2005 and has higher of security. moving from 3G to 4G 4G LTE it isoften gravest danger people. Comment on this statement the context of cybersecurity. seems that the for focus is on greater bandwidth and higherinspeeds. Discuss the importance of security in what is essentially an open global Internet. The internet can allow people to access tons and tons of information quickly and efficiently. Securtitycan Anyone is extremely access theessiental data on the to keeping internetcompany’s which allows information it to be viable safe and for the secure. average Withuser the innovation that is not worried of 4G LTE, about companies security.can However, push more this data is a problem over thefor air.companies. Hackers have Everyone more access prettythan ever tohas much gain access insightful to theknowledge internet sotoitthe is easy company. to share Theinformation 4G LTE is used between by consumers employees all in across a the country, so company remotely. thereforeIf there they are is no passing really data secure between network each thatother couldthat keep is data relevant secure. to the company and a hack gets hold of the data it can cause great danger. Also, the internet allows for the Internet of Things (basically devices and wearables that are connected to the internet). Hackers can modify these things. For example, a common IOT device is a internet connected thermostat. A hacker can take advantage of this software and turn the temperature of the house to freezing to drive up consumer’s electric bill and mess with them. It can cause grave danger with computers that are connected to cars (can remotely start and crash the vehicle). In this new era of technology, it is extremely important to stay ahead of the game and keep everything secure so people’s lives and not in danger.

Question 2:...