Cybersecurity and cybercrime prevention: strategies, policies, and programs
Module 12 examines the key principles, goals, and strategies that influence cybersecurity at both national and international levels. Students will start by analyzing what constitutes an effective cybersecurity strategy and how it differs from cybercrime prevention efforts. The module details how national cybersecurity strategies are created, executed, and sustained throughout their lifecycle, with a special emphasis on safeguarding critical infrastructure and sensitive information systems.
A global perspective is also included, introducing frameworks that support international cooperation. By comparing national and international initiatives, students will learn how countries operate separately and together to strengthen cybersecurity and respond to emerging digital threats.
The module focuses on the concept of risk within information security, covering the basics of risk analysis, assessment, and management. Students will explore how identifying and reducing risks improves security across all levels of government and organizations.
Finally, students will examine the core technologies used in cybersecurity, including firewalls, encryption, intrusion detection systems, and other essential tools for data protection. By the end of the module, students should be able to assess cybersecurity strategies across different global contexts and understand how these strategies influence policy, planning, and operational defense.
Learning Objectives
After completing this module, you should be able to:
- explain the key aspects of cybersecurity strategies and distinguish between cybersecurity efforts and cybercrime prevention.
- explain and assess the goals and stages of national cybersecurity strategies.
- identify and evaluate international frameworks that enhance cybersecurity cooperation.
- assess efforts at both national and international levels to enhance cybersecurity resilience.
- understand the concept of risk in information security and infrastructure protection.
- explain the fundamental ideas of risk analysis and management.
- identify the primary technologies used to safeguard digital information and systems.
Summary
Cybersecurity and preventing cybercrime are crucial in today’s interconnected world. Governments, organizations, and individuals must use combined strategies, policies, and practices to protect against cyber threats.
Many countries have developed national cybersecurity strategies to protect critical systems and ensure secure digital environments. These often rely on collaboration among government agencies, the private sector, and civil society.
Laws and regulations help prevent cybercrime by defining offenses and establishing clear penalties. Compliance requirements also encourage organizations to adopt higher security standards.
Public-private partnerships are vital because they allow real-time sharing of threat intelligence and best practices between government and industry.
Education and awareness programs enhance defenses by teaching individuals and organizations how to identify risks like phishing, data theft, or social engineering.
Incident response planning helps organizations quickly detect, contain, and recover from attacks, reducing damage and downtime.
Information Sharing and Analysis Centers assist industries in collaborating on security threats and vulnerabilities, while routine audits and risk assessments identify and fix weak points before attackers can exploit them.
Technologies like intrusion detection systems, firewalls, antivirus software, and encryption form the core of cybersecurity. More and more, AI and machine learning tools are being added to predict and respond to threats more quickly.
Because cyber threats are global, international cooperation is vital. Shared intelligence, harmonized laws, and coordinated investigations are necessary to combat transnational cybercrime.
The need for skilled cybersecurity professionals keeps increasing, emphasizing the significance of education, certification, and continuous professional development.
Finally, maintaining strong cyber hygiene through regular updates, robust passwords, and multi-factor authentication remains essential for everyone. Organizations must also safeguard their supply chains and adhere to data protection regulations like the GDPR.
Cybersecurity is an ongoing, collective effort that combines policy, technology, education, and cooperation. It constantly evolves with new risks and innovations, requiring vigilance and adaptability.
Key Takeaways
Click on the > to expand the related statement.
Key Terms/Concepts
Click on the following key term/concept to view the definition:
Administrative controls
Business Continuity Planning (BCP)
Cyber Resilience
Cyber Threat Intelligence (CTI)
Cybersecurity risk management (RM)
Cybersecurity strategy
Encryption
Enterprise risk management (ERM)
Incident Response Plan (IRP)
Information Sharing and Analysis Center (ISAC)
Internet of Things (IoT)
National Cybersecurity Strategy (NCS)
Password policy
Physical controls
Risk appetite
Risk assessment
Risk exposure
Risk Mitigation
Risk tolerance
Security Controls
Technical controls
Zero Trust Architecture
Read, Review, Watch and Listen
1. Read 5 elements to include in a cybersecurity strategy for any size business
- This article outlines the core components every organization should include in its cybersecurity strategy, regardless of size or sector. The five key elements usually involve risk assessment, access management, employee training, incident response, and continuous monitoring. It emphasizes that cybersecurity planning is not only essential for large corporations but also for small and medium-sized businesses. The reading helps students connect theoretical strategy concepts to real-world implementation.
2. Read the United Nations Office on Drugs and Crime’s (UNODC) National cybersecurity strategies: Lifecycles, good practices and repositories
- Cybersecurity Strategies: Lifecycles, Good Practices, and Resources. This publication offers a detailed overview of how countries develop and execute cybersecurity strategies. It outlines the typical lifecycle stages, initiation, design, implementation, evaluation, and maintenance, and provides examples of best practices from different nations. The document also features resources and case studies that emphasize international cooperation, capacity building, and legal harmonization to strengthen cybersecurity frameworks.
3. Read What is risk management and why is it important? (Linda Tucci, Industry Editor — CIO/IT Strategy)
- This material explains the basics of risk management in information technology. It clarifies what counts as risk, how to find vulnerabilities, and the steps organizations take to reduce those risks. The article emphasizes that risk management is an ongoing process that helps ensure business continuity and protect data. It also covers common frameworks and methods used by IT professionals to evaluate and handle security risks.
4. Review Executive Order on Improving the Nation’s Cybersecurity (The White House Briefing Room, May 2021)
- This executive order from the U.S. federal government establishes a national policy to strengthen cybersecurity across both public and private sectors. It emphasizes enhancing threat detection, upgrading security systems, and promoting stronger information sharing between federal agencies and private companies. Key elements include zero-trust architecture, software supply chain security, and incident response protocols. Students will learn how the national cybersecurity strategy is turned into policy and action.
5. Review What Are Security Controls? An overview of the types of countermeasures security practitioners use to reduce risk (By Debbie Walkowski, August 2019)
- This article explains the concept of protective actions or measures used to manage and reduce risk control. It classifies controls into three categories: administrative, technical, and physical. Examples include password policies, encryption, and access restrictions to facilities. The article helps students understand how security controls support broader risk management and cybersecurity objectives.
6. Review The 12 Best Risk Management Software and Programs for 2024 (December 14, 2021 by Tess Hanna in Best Practices)
- This review explores various software solutions used by organizations to monitor, assess, and reduce risk. Each tool is described based on its features, ease of use, and integration capabilities. The article provides students with a practical understanding of how risk management is applied through technology, connecting theoretical concepts to current industry practices.
7. Review SANS Cybersecurity White Papers
- A large collection of technical and managerial papers on cybersecurity topics, including risk management, digital forensics, and policy development. Ideal for deeper exploration of specific module topics.
8. Watch Internet of Things (IoT) | What is IoT | How it Works | IoT Explained | Edureka!: (also embedded below)
- This educational video explains what the Internet of Things is and how connected devices communicate through data collection, transmission, and analysis. It emphasizes how IoT technology is changing everyday life and business operations, while also addressing the cybersecurity risks linked to connected systems. The video underlines the importance of securing networks that include smart devices.
9. Watch Ring, Amazon sued over string of hacked security cameras | ABC News (Dec. 2019) [also embedded below]
- This news segment reports several incidents where hackers gained unauthorized access to Ring home security cameras. It highlights how weak passwords and poor device security exposed users to privacy breaches. The video offers a real-world example of cybersecurity failures in consumer technology and emphasizes the need for stronger data protection and user education.
10. Watch Cisco’s What is IT Security? – click on Watch overview (2:17)
- This brief video explains IT security and highlights its main goals: safeguarding data confidentiality, integrity, and availability. It provides a concise overview of common cybersecurity tools like firewalls, encryption, and intrusion detection systems. The video serves as a basic introduction for learners new to cybersecurity concepts.
11. Watch Women in Cybersecurity – Interview with Helen Patton of Cisco (July, 2022) [also embedded below]
- This video showcases women working in cybersecurity roles and their contributions to the field. It emphasizes the importance of diversity in cybersecurity and the advantages of including a broad range of perspectives in problem-solving and innovation. The segment also covers global collaboration and talent growth in cybersecurity careers.
12. Watch Inside the FBI: Introducing the Ahead of the Threat Podcast (DOJ/FBI, November 2024). [also embedded below]
- Gives a first-hand look at how the FBI investigates cybercrimes and collaborates with other nations and private companies. It connects directly to module topics like public–private partnerships and law enforcement coordination.
13. Listen to Ahead of the Threat Podcast: Episode Zero (DOJ/FBI, October 2024).
- The FBI’s new podcast miniseries that brings together an FBI cyber executive and a private sector chief information security officer. Join Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farschi, a strategic engagement advisor for the FBI who also works as an executive vice president and CISO of Equifax, as they discuss emerging cyber threats and the enduring importance of cybersecurity fundamentals. Featuring distinguished guests from the business world and government, Ahead of the Threat will confront some of the biggest questions in cyber: How will emerging technology impact corporate America? How can corporate boards be structured for cyber resilience? What does the FBI think about generative artificial intelligence? Listen to new episodes biweekly and stay Ahead of the Threat.
Activity – Password Protection within the Context of Computer Security
STOP!!
Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
PURPOSE
The biggest problem in computer security is password protection. While there are some basic do’s and don’ts, there are also advanced software programs that tackle this issue. The goal of this activity is to examine the challenges related to password security.
OVERVIEW
Various methods have been employed to improve password security, such as password creation software, one-time password generators, and user authentication systems like biometric devices. There are numerous software options available for system administrators to enhance password security. Some programs require users to change their passwords regularly, such as monthly, quarterly, or even weekly.
INSTRUCTIONS
- Read 6 Practices to Strengthen Your Password Hygiene in 2020 (CISCOMAG, Dec. 2019)
- Read Password hygiene fortifies defense against cyberattacks (VentureBeat, Nov. 2021)
- Read Davey Winder’s, Smart Guessing Algorithm Cracks 87 Million Passwords In Under 60 Seconds (Forbes, June 2024)
- Watch How Your Passwords Were Stolen And Why You Were Hacked (see below)
- Visit the Password Meter website and test a couple of your own passwords
ANSWER THE FOLLOWING QUESTIONS:
- Per Password Meter, what was the Score for used passwords?
- Per Password Meter, what was the reported Complexity for used passwords?
- Based on the information within Module 12 and the Password Meter, would you consider updating your password? Why or why not? Explain using key terms and concepts presented within this module.
- From an information security and infrastructure protection position, explain why passwords are a dynamic challenge for both companies and end users. Be specific.
KEY TERMS/CONCEPTS
Password hygiene – The degree to which a user’s passwords are selected and managed according to secure best practices.
Two-factor authentication – Also known as 2FA is a process which requires two steps to verify a user. Rather than just asking for a single piece of information – such as a password — two factor authentication goes a step further to enhance the level of security within the system.
Passphrase vs. password – Using a passphrase over a password will give you maximum security for your account. But make sure the passphrase you choose is easy-to-remember and complex, e.g., “I love my Computers & Criminal Justice class.” Pick a line from your favorite song or quotation, but preferably not a common one that can be simply guessed by someone who knows you.
Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading
Supplemental Resources
- Cyber Capabilities and National Power: A Net Assessment (International Institute for Strategic Studies (IISS) [June 2021].
- Wireshark (November 2024).
- Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
- FBI – Cyber Theft Ring Fraud Graphic (uploaded, November 2024).
- PC Magazine – The Best Password Managers for 2024 (Kim Key, updated, Oct. 2024) [last accessed, November 2024].
- Eye on Tech – 5 Types of Firewalls (April 16, 2021) [last accessed, November 2024].
- Breaking the Target An Analysis of Target Data Breach and Lessons Learned (Xiaokui Shu, Ke Tian*, Andrew Ciambrone* and Danfeng (Daphne) Yao, Member, IEEE, January 2017).
- Cyber-Threats-and-NATO-2030_Horizon-Scanning-and-Analysis (January 2020)
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Refers to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization's security goals. These can apply to employee hiring and termination, equipment and Internet usage, physical access to facilities, separation of duties, data classification, and auditing.
Preparation to ensure that essential operations can continue during and after a cybersecurity incident or disruption.
The ability of systems and organizations to prepare for, withstand, recover from, and adapt to cyberattacks or disruptions.
Information collected and analyzed to identify existing or emerging cyber threats and guide security decisions.
An ongoing process of identifying, analyzing, evaluating, and addressing your organization's cybersecurity threats. Cybersecurity risk management is not simply the job of the security team; everyone in the organization has a role to play.
Explains how the government will ensure that all public sector organizations will be resilient to cyber threats.
A method of encoding data into a secure format that blocks unauthorized access or reading without a decryption key.
The practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats
A structured approach that defines how an organization detects, manages, and recovers from cybersecurity incidents.
An organization that helps members share threat information and best practices within specific industries.
Refers to a system of interrelated, internet-connected objects that can collect and transfer data over a wireless network without human intervention.
An organized plan outlining a country’s objectives, principles, and measures for protecting digital infrastructure.
A set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly.
Anything tangible that is used to prevent or detect unauthorized access to physical areas, systems, or assets. This includes things like fences, gates, guards, security badges and access cards, biometric access controls, security lighting, CCTVs, surveillance cameras, motion sensors, fire suppression, as well as environmental controls like HVAC and humidity controls.
The amount of risk it is willing to accept to realize its objectives.
The process of identifying potential threats, vulnerabilities, and their impact on an organization’s assets.
The quantified potential loss from business activities currently underway or planned. The level of exposure is usually calculated by multiplying the probability of a risk incident occurring by the amount of its potential losses. The most common forms of risk exposure are brand damage, compliance failures, security breaches, and liability issues.
Actions taken to reduce the likelihood or severity of potential cybersecurity risks.
The amount of acceptable deviation from an organization's risk appetite. While risk appetite is a broad, strategic philosophy that guides an organization's risk management efforts, risk tolerance is a much more tactical concept that identifies the risk associated with a specific initiative and compares it to the organization's risk appetite.
Protective measures, administrative, technical, or physical, used to reduce vulnerabilities and strengthen defenses.
Also known as logical controls, include hardware or software mechanisms used to protect assets. Some common examples are authentication solutions, firewalls, antivirus software, intrusion detection systems (IDSs), intrusion protection systems (IPSs), constrained interfaces, as well as access control lists (ACLs) and encryption measures.
A security model that assumes no user or device is trusted by default and requires verification at every stage of access.
