Read each response and respond back providing your own thoughts and feed back regarding the information. 100-200 word responses. Response 1: Certifications provide a means for employers to validate a candidate’s skill set and to match the candidate with a position. Certification typically results in higher pay – as much as $25,000 more annually according to Yasin (2016) from his source, a 2015 study published by Global Information Security Workforce. The CompTIA Security+ certification is well-known and popular in the information technology field because it does not carry experience requirements, it is mandated by the Department of Defense, and it is vendor-neutral (“Average Security+”, 2017). Yasin (2016) likens certification to a double-edged sword. He warned that employers must also consider experience; certifications should not be the only benchmark when considering candidates. There are many people with experience who are much more knowledgeable about security than those with certifications. Once certified, the individual needs to continue education and work in the security profession to maintain certification. Certification implies a commitment to the career field. Response 2: Doyle’s research provides a clear understanding of Title 18 Section 30 (Doyle, 2014). This legislation, also known as the Computer Fraud and Abuse Act (CFAA), is not comprehensive, but is meant to fill in the gaps left by other federal laws. The intent of the legislation is to protect computers that are used by government and financial institutions from threats, damage, espionage, and trespassing. Doyle (2014) went on to describe hacking as unauthorized intrusion, or trespassing, which is covered under the CFAA. It is unlawful, with penalties of imprisonment and fines, to access intentionally a protected computer without authorization (a protected computer is one used for government or financial institutions). Three years after the CFAA was enacted it was used to obtain a conviction for Robert Morris, Jr., a graduate student at Cornell University, for releasing the Morris worm (Zetter, 2015). That was the first case, but since then, it has been used to prosecute hundreds of hackers. Zetter pointed out that the law is very broad, and prosecutors have stretched interpretation of unauthorized access. For example, Andrew Auernheimer was prosecuted for accessing unprotected data that was publicly available on a website. Whereas legal advocacy groups are pushing to reform and relax CFAA, the government is seeking to strengthen it by increasing its scope. Zetter discussed the controversies in numerous hacking cases prosecuted under this law in her very interesting article. References Doyle, C. (2014, October 15). Cybercrime: A sketch of 18 U.S.C. 1030 and related federal criminal laws. Retrieved from https://fas.org/sgp/crs/misc/RS20830.pdf Zetter, K. (2015, October 26). The most controversial hacking cases of the past decade. Retrieved from https://www.wired.com/2015/10/cfaa-computer-fraud-abuse-act-most-controversial-computer-hacking-cases/ Response 3: Industrial Controls and Recovery: Attackers have targeted industrial companies systems and their ability to recover after failure. This leads to catastrophic and rather expensive repairs to systems. It also focuses time and effort to areas that were once automatically corrected by processes that were put into place by electronic or computer needs. For instance, imagine if a water treatment plant incorporated systems that allowed pressure to be relieved from a main line. Now imagine that an automatic shut-off valve was compromised by someone targeting industrial companies and their ability to employ automated process. That line would now burst and cause great amounts of money in repair and lost resources. Manual releases would obviously be the fix for this. Additionally, in the case of power outages, having the company on another backup power grid would ensure that operations continues going as well. Password Security: Most objects such as computers, phones, wireless routers use some type of alpha-numerical password. Password generators are becoming a lot better at guessing and exploiting this type of password security measure. A way to fix this would include harder, longer, and more complex passwords made up by users. This is actually easy, but when coupled with the forgetful nature of people and their ability to remember passwords (unless written down) will cause people to revert to lazy methods which in itself will cause people to be exploited. Web Services vs Software Libraries: Developers normally need to patch software libraries in order to keep them updated. Now, people are relying on web services as a software component and without proper monitoring and validation, this leaves applications at a great risk for compromise. According to an article, a web service is a unit of managed code that can be remotely invoked using HTTP, that is, it can be activated using HTTP requests. Web services allows you to expose the functionality of your existing code over the network. Once it is exposed on the network, other application can use the functionality of your program (“Why Web”, n.d.). IoT Attacks The “Internet of Things” is a big movement for smart devices. However these devices have come under attack and have been used as attack weapons on the internet field of battle. Cameras have been taken over to spy on people, keystrokes record our passwords via worms, viruses, and Trojans. These objects that have been used to help you save money (thermostats and lightbulbs) can now cause you more money or harm if hacked. Ensuring you have proper updated security measures or even turn off their network ability can help prevent intrusions (“The Seven”, n.d.). Ransomeware and IoT: Ransomeware allows hackers to get into your computer and obtain pertinent information about you and then take it. If you want this information back you must pay the ransome. This also works as a sextortion scam, which I encounter many times in my job. Attackers hack your camera and spy on you while getting out of a shower and threaten to send your pictures and video online unless you pay them money. Proper prevention includes not downloading random unknown tools for your devices and to cover or close your laptop. References: The Seven Most Dangerous New Attack Techniques (n.d.) Retrieved from https://www.sans.org/the-seven-most-dangerous-new-attack-techniques Why Web Services (n.d.)? Retrieved from https://www.tutorialspoint.com/webservices/why_web_services.htm

    Discussion Board

    Reply to Response 1

    Employee certification provides employers and authoritative employment bureaus with distant foundation restraint measuring a implicit employee’s aptitude cemal so as to potent to effectively span the regular lesson with the rearrange employee.  It to-boot provides measurpotent attributes and condition that are used by the civilized productions division during employee appraisal restraint advancement reflectations. Certification documents an employee’s scholarship, proof and raze of education and influence as a third-party duty cat's-paw restraint evaluating an employee’s capabilities. According to Yasin, such certifications enpotent an employee to jaw extremely during appraisals which construe to wealthy salaries, a condition estimated to leak to environing $ 25000 per year.

    According to other scholars, certification ought to reflect twain sides of the invent. It is main restraint employers to to-boot reflect proof when benchmarking employee duty razes. Certification proves that an employee is an sample in a feature arena. It is main restraint employee to abide afloat in the environment they are certified in so as to abide bettering their aptitude.

    Reply to Response 2

    This word by Doyle discusses the provisions of the Computer Wrong and Abused influence epithet 18 minority 30. This mode was meant to outmode influence of computer withed influence and conducts that compromises computer systems. The synod was meant to be a plug inconsequence gauge restraint federal modes. It was purposed to cbalance computer systems used by federal divisions, financial and banking institutions and idiosyncratic computers that with to the internet from intolerant menaces, mischief, espionage, postulates depredation, deterioration and mischief or nature used as instruments of wrong by unacknowledged entities.

    In his scrutiny disquisition, Doyle (2014) exalt defines hacking influenceivities as unacknowledged avenue to detain computer systems as laid down in the CFAA. The CFAA touch the reason leakning following its enaction and it has played a searching role in managing computer wrong. Restraint sample, regular 3 years into its enaction the CFAA played a indicative role in conferring a belief restraint a Cornell University learner by the spectry of Robert Morris who had instituted the Morris Worm (Zetter, 2015). In her incorrectly very animated word published in the year 2015, Zetter discusses the intricacies in prosecuting hacking cases and definition of what amounts to unacknowledged avenue.

    References

    Doyle, C. (2014, October 15). Cybercrime: A delineate of 18 U.S.C. 1030 and withed federal wrong modes. Retrieved from https://fas.org/sgp/crs/misc/RS20830.pdf

    Zetter, K. (2015, October 26). The most controversial hacking cases of the departed decade. Retrieved from https://www.wired.com/2015/10/cfaa-computer-fraud-abuse-act-most-controversial-computer-hacking-cases/

    Reply to Response 3

    In regulate to determine that good-fortune of their attacks, cyber attackers are targeting the controls and unreflective renovation systems to determine that the systems do referable reboot to fasten the drift unreflectiveally. This jams the processes which leads to plain more mischief. The most contemptible restraintm of avenue pawn that is used with electronic gadgets such as computers, routers, fickle phones is the alpha-numeric password. Password pawn is increasingly lower menace from super computers and password generators which keep the capabilities to guessing passwords (Vu et al, 2007).

    Maintaining an updated software library normally requires software developers to botch them. People are increasingly hanging on the internet as a spring of software in the nowadays. Absence of distant validation and monitoring exposes the applications to the abandon of getting confused. The counsel technology globe is saturated by pungent devices nonetheless, as considerable as they keep made stipulations of living easier, they keep been targeted by attackers who keep used them restraint intolerant influenceivities balance internet platforms (Liu et al, 2011). Ransomware is used by computer hackers to gain avenue to a targeted computer or postulates infamous where they can earn easily-affected and secret counsel and seize balance its tenure.

    References

    Liu, C., Yang, J., Zhang, Y., Chen, R., & Zeng, J. (2011, July). Scrutiny on immunity-based intervention counteraction technology restraint the internet of things. In Natural Computation (ICNC), 2011 Seventh International Conference on (Vol. 1, pp. 212-216). IEEE.

    Vu, K. P. L., Proctor, R. W., Bhargav-Spantzel, A., Tai, B. L. B., Cook, J., & Schultz, E. E. (2007). Improving password pawn and memorability to cbalance idiosyncratic and organizational counsel. International Journal of Civilized-Computer Studies, 65(8), 744-757.