CYSE 200T
Write Ups
Discussions
Discussion Board: Projecting Availability
Feb 16, 2025
COURTNEY JONES
I would establish these protective measures as the CISO to maintain system availability.
1. Redundancy and Failover: Redundancy eliminates single points of failure. The redundant systems will maintain operations without disruption if a server fails or network connectivity is lost. Automated failover mechanisms reduce the time required for system recovery, thus minimizing service disruption. Organizations can use RAID (Redundant Array of Independent Disks) and server traffic distribution through load balancers to establish disaster recovery sites and create resilient storage solutions.
2. Proactive monitoring tools: Proactive monitoring helps us find and fix issues before they grow and cause downtime. Real-time alerts enable rapid response to incidents. Nagios, Zabbix, and Datadog are monitoring tools for server systems, network devices, and application performance. Deploying SIEM (Security Information and Event Management) systems enables organizations to connect security events and identify possible threats.
3. Security Hardening and Vulnerability Management: We will establish strong protective measures for our systems against cyberattacks. Our protection strategy includes firewalls, intrusion detection/prevention systems, and consistent security patching and vulnerability scanning. Our security strategy includes strong access controls together with multi-factor authentication implementation. Systems may experience substantial downtime during cyberattacks like DDoS attacks and ransomware, which can turn off operations. Security measures that are well-enforced reduce the chance that attack attempts will succeed. Deploy firewalls to stop unauthorized access while utilizing intrusion detection systems to detect and block harmful activity and perform routine system updates to fix known weaknesses.
4. Disaster Recovery and Business Continuity Planning: We will create and perform periodic tests on a detailed disaster recovery and business continuity plan. The plan details data backup and restoration procedures, communication protocols, and alternate work locations during a major outage. A comprehensive disaster recovery plan enables swift restoration of systems and data during disasters while reducing business downtime and disruption. Critical data will receive regular backups while disaster recovery processes undergo frequent testing, and alternate work locations will be designated for essential personnel.
5. Capacity Planning and Scalability: Our team conducts routine capacity planning to guarantee our systems are prepared for existing demands and future workload increases. Our system design emphasizes scalability to allow for simple resource expansion when necessary. When systems become overloaded, their performance decreases, and they experience downtime. Capacity planning helps us maintain enough resources to satisfy demand needs. With scalability, we can handle growth effortlessly. Our team tracks system resource use while predicting future needs and creates systems that allow seamless scalability in both upward and downward directions.
6. Employee Training and Awareness: All employees will receive regular security awareness training sessions. Security training for employees includes topics on phishing attacks and social engineering techniques, along with password security best practices. System downtime and security breaches often result from human error, but proper employee training can reduce these risks. We will run periodic phishing simulations and offer security best practices training while implementing strict password policies.
These protections will greatly enhance our system availability while reducing downtime risks. I appreciate your input and ideas about this plan.
Sources:
ISO/IEC 27001. https://www.iso.org/standard/27001Links to an external site.
SANS Institute. https://www.sans.org/Links to an external site.
NIST Cybersecurity Framework. https://www.nist.gov/cyberframeworkLinks to an external site.
Discussion Board: Ethical Considerations of CRISPR Gene Editing
Mar 2, 2025
COURTNEY JONES
DNA data transformation into digital storage benefits medical and genealogical research but raises major ethical concerns about privacy protection and data security.
Privacy: DNA analysis offers comprehensive health risk information while showing family links and ethnic origins. Unauthorized access to these details by malicious actors allows them to force victims into discriminatory targeting through coercion.
Security: The article “Hacking Humans: Protecting Our DNA From Cybercriminals” shows that DNA databases are exposed to cybersecurity threats which mirror those seen in digital platforms. Data breaches lead to serious negative consequences when they expose personal information.
Informed Consent: Direct-to-consumer DNA testing services confuse users due to the complicated nature of their privacy policies and terms of service, which are hard to comprehend. Uncertainty exists about user knowledge and agreement throughout their DNA data collection and storage phases.
Unforeseen Consequences: Researchers remain uncertain about the long-term technological effects of DNA digitization. Technological advancements create ethical dilemmas because they enable unprecedented genetic engineering breakthroughs and DNA weapon developments.
My position: DNA digitization presents significant advantages, necessitating robust ethical supervision and careful management. Effective security measures to block unauthorized access to DNA information remain essential. Complete transparency and a comprehensive understanding of consent enable participants to evaluate the benefits and risks of DNA testing and data sharing. The field demands constant ethical reflection and dialogue to guide our responses to its emerging challenges.
References: