Cybersecurity and cybercrime prevention: strategies, policies, and programs
Module 12 provides a comprehensive overview of the fundamental principles, objectives, and strategies involved in national and international cybersecurity efforts. Learners will begin by exploring the essential features of cybersecurity strategies, gaining a clear understanding of the distinctions between cybersecurity and cybercrime prevention. The course will delve into the core objectives and lifecycle stages of national cybersecurity strategies, equipping students with the skills to analyze and evaluate how these strategies protect critical infrastructure and information assets.
The module also provides a global perspective, introducing frameworks for international cooperation on cybersecurity. By assessing both national and international cybersecurity initiatives, learners will develop a nuanced understanding of how countries work both independently and collaboratively to strengthen their cybersecurity postures.
A critical component of the course involves the concept of risk in the context of information security, focusing on the key principles of risk analysis and risk management. Therefore, this module’s review and discussions on identifying, assessing, and mitigating risks to information and infrastructure, emphasizing the importance of these practices in enhancing overall security is an essential element.
Finally, the module covers the primary technologies used in cybersecurity, such as firewalls, encryption, intrusion detection systems, and other tools essential for information protection. By the end, students will be equipped to understand and evaluate the complexities of cybersecurity at both national and international levels and be prepared to contribute meaningfully to cybersecurity planning and policy efforts, the basic features of cybersecurity strategies and differentiate between cybersecurity, and cybercrime prevention strategies.
Learning Objectives
After completing this module, you should be able to:
- describe the basic features of cybersecurity strategies and differentiate between cybersecurity and cybercrime prevention strategies.
- explain and evaluate the objectives and lifecycle of national cybersecurity strategies.
- identify, examine, and evaluate frameworks for international cooperation on cybersecurity matters.
- assess national and international efforts to enhance our countries’ cybersecurity posture.
- understand the concept of risk as applied to information security and infrastructure protection.
- discuss the major principles of risk analysis.
- identify and define the primary security technologies used to protect information.
Summary
Cybersecurity and cybercrime prevention are critical in our increasingly digital and interconnected world. To address these issues effectively, governments, organizations, and individuals must implement a range of strategies, policies, and programs.
Many countries have developed national cybersecurity strategies that outline their approach to protecting critical infrastructure and securing cyberspace. These strategies often involve collaboration between government agencies, the private sector, and other stakeholders.
Laws and regulations play a crucial role in deterring cybercriminals. Governments enact cybersecurity laws that define cybercrimes and outline penalties. Regulations may also require organizations to adhere to certain security standards.
Collaboration between government entities and private sector organizations is essential. Public-private partnerships facilitate the sharing of threat intelligence, best practices, and resources for a more robust defense against cyber threats.
Raising awareness about cybersecurity is key to preventing cybercrimes. Programs that educate individuals and organizations about safe online practices, phishing awareness, and data protection are crucial.
Developing and regularly testing incident response plans is essential. These plans help organizations minimize the damage from cyberattacks and recover swiftly.
ISACs are organizations that facilitate information sharing among industry peers and government agencies. They help organizations stay informed about emerging threats and vulnerabilities.
Regular security audits and risk assessments help organizations identify vulnerabilities and weaknesses in their cybersecurity posture. These evaluations can inform necessary improvements.
Implementing advanced cybersecurity technologies, such as intrusion detection systems, firewalls, antivirus software, and encryption, is critical. Emerging technologies like AI and machine learning are also being used to enhance security.
Cyber threats are not limited by borders, so international collaboration is essential. Sharing threat intelligence, harmonizing cybersecurity standards, and cooperating on cybercrime investigations are ways to combat transnational cybercriminals.
There is a growing need for skilled cybersecurity professionals. Training programs, certifications, and initiatives to attract and retain cybersecurity talent are crucial.
Encouraging individuals and organizations to practice good “cyber hygiene” is fundamental. This includes regular software updates, strong password management, and multi-factor authentication.
Securing the technology supply chain is becoming increasingly important. Organizations should verify the security of hardware and software components and assess their vendors’ cybersecurity practices.
Keeping abreast of the evolving threat landscape is vital. Continuous monitoring of networks and the collection of threat intelligence allow organizations to detect and respond to new threats in real-time.
Strong data protection laws, such as the European Union’s GDPR, help safeguard personal information. Compliance with these laws is a critical aspect of cybersecurity.
Regularly testing systems through penetration testing and red teaming exercises can identify vulnerabilities and weaknesses before cybercriminals do.
The prevention of cybercrimes and the enhancement of cybersecurity require a multifaceted approach that combines government policies, private sector cooperation, technological solutions, public awareness, and international collaboration. It’s an ongoing effort that needs to adapt to the evolving threat landscape, and it requires a collective commitment to mitigating cyber risks.
Key Takeaways
Click on the > to expand the related statement.
Key Terms/Concepts
Click on the following key term/concept to view the definition:
Administrative controls
Cybersecurity strategy
Cybersecurity risk management (RM)
Enterprise risk management (ERM)
Internet of Things (IoT)
Password policy
Physical controls
Risk appetite
Risk exposure
Risk tolerance
Technical controls
Read, Review, Watch and Listen
- Read 5 elements to include in a cybersecurity strategy for any size business
- Read the United Nations Office on Drugs and Crime’s (UNODC) National cybersecurity strategies: Lifecycles, good practices and repositories
- Read What is risk management and why is it important? (Linda Tucci, Industry Editor — CIO/IT Strategy)
- Review Executive Order on Improving the Nation’s Cybersecurity (The White House Briefing Room, May 2021)
- Review What Are Security Controls? An overview of the types of countermeasures security practitioners use to reduce risk (By Debbie Walkowski, August 2019)
- Review The 12 Best Risk Management Software and Programs for 2024 (December 14, 2021 by Tess Hanna in Best Practices)
- Watch Internet of Things (IoT) | What is IoT | How it Works | IoT Explained | Edureka!: (also embedded below)
- Watch Ring, Amazon sued over string of hacked security cameras | ABC News (Dec. 2019) [also embedded below]
- Watch Cisco’s What is IT Security? – click on Watch overview (2:17)
- Watch Cisco’s Women in Cybersecurity (Dec. 2018) [also embedded below]
Activity – Password Protection within the Context of Computer Security
STOP!!
Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
PURPOSE
The single greatest problem in computer security is password protection. Although there are some basic do’s and don’ts, there are also sophisticated software programs that address the issue. The purpose of this activity is to explore challenges associated with passwords protection.
OVERVIEW
Several approaches to enhance password security have been taken, including password creation software, onetime password generators, and user authentication systems, e.g., biometric devices. There are a variety of software programs that system administrators can use to improve password security. Some programs force users to change their passwords on a regular basis. For example, every month or few months, or even every week.
INSTRUCTIONS
- Read 6 Practices to Strengthen Your Password Hygiene in 2020 (CISCOMAG, Dec. 2019)
- Read Password hygiene fortifies defense against cyberattacks (VentureBeat, Nov. 2021)
- Read Davey Winder’s, Smart Guessing Algorithm Cracks 87 Million Passwords In Under 60 Seconds (Forbes, June 2024)
- Watch How Your Passwords Were Stolen And Why You Were Hacked (see below)
- Visit the Password Meter website and test a couple of your own passwords
ANSWER THE FOLLOWING QUESTIONS:
- Per Password Meter, what was the Score for used passwords?
- Per Password Meter, what was the reported Complexity for used passwords?
- Based on the information within Module 12 and the Password Meter, would you consider updating your password? Why or why not? Explain using key terms and concepts presented within this module.
- From an information security and infrastructure protection position, explain why passwords are a dynamic challenge for both companies and end users. Be specific.
KEY TERMS/CONCEPTS
Password hygiene – The degree to which a user’s passwords are selected and managed according to secure best practices.
Two-factor authentication – Also known as 2FA is a process which requires two steps to verify a user. Rather than just asking for a single piece of information – such as a password — two factor authentication goes a step further to enhance the level of security within the system.
Passphrase vs. password – Using a passphrase over a password will give you maximum security for your account. But make sure the passphrase you choose is easy-to-remember and complex, e.g., “I love my Computers & Criminal Justice class.” Pick a line from your favorite song or quotation, but preferably not a common one that can be simply guessed by someone who knows you.
Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading
Supplemental Resources
- Cyber Capabilities and National Power: A Net Assessment (International Institute for Strategic Studies (IISS) [June 2021].
- Wireshark (November 2024).
- Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
- FBI – Cyber Theft Ring Fraud Graphic (uploaded, November 2024).
- PC Magazine – The Best Password Managers for 2024 (Kim Key, updated, Oct. 2024) [last accessed, November 2024].
- Eye on Tech – 5 Types of Firewalls (April 16, 2021) [last accessed, November 2024].
- Breaking the Target An Analysis of Target Data Breach and Lessons Learned (Xiaokui Shu, Ke Tian*, Andrew Ciambrone* and Danfeng (Daphne) Yao, Member, IEEE, January 2017).
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Refers to policies, procedures, or guidelines that define personnel or business practices in accordance with the organization's security goals. These can apply to employee hiring and termination, equipment and Internet usage, physical access to facilities, separation of duties, data classification, and auditing.
Explains how the government will ensure that all public sector organizations will be resilient to cyber threats.
An ongoing process of identifying, analyzing, evaluating, and addressing your organization's cybersecurity threats. Cybersecurity risk management is not simply the job of the security team; everyone in the organization has a role to play.
The practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats
Refers to a system of interrelated, internet-connected objects that can collect and transfer data over a wireless network without human intervention.
A set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly.
Anything tangible that is used to prevent or detect unauthorized access to physical areas, systems, or assets. This includes things like fences, gates, guards, security badges and access cards, biometric access controls, security lighting, CCTVs, surveillance cameras, motion sensors, fire suppression, as well as environmental controls like HVAC and humidity controls.
The amount of risk it is willing to accept to realize its objectives.
The quantified potential loss from business activities currently underway or planned. The level of exposure is usually calculated by multiplying the probability of a risk incident occurring by the amount of its potential losses. The most common forms of risk exposure are brand damage, compliance failures, security breaches, and liability issues.
The amount of acceptable deviation from an organization's risk appetite. While risk appetite is a broad, strategic philosophy that guides an organization's risk management efforts, risk tolerance is a much more tactical concept that identifies the risk associated with a specific initiative and compares it to the organization's risk appetite.
Also known as logical controls, include hardware or software mechanisms used to protect assets. Some common examples are authentication solutions, firewalls, antivirus software, intrusion detection systems (IDSs), intrusion protection systems (IPSs), constrained interfaces, as well as access control lists (ACLs) and encryption measures.
