EDMG600 AMU Week 3 The Essentials Of Risk Management In Cyber Security
Question 1 ( 500 words )
(HLS week 3 )
Discuss what is meant by “acceptable risk” in determining a risk management plan relating to critical infrastructure, and how the level of acceptable risk may differ among stakeholders.
Question 2 ( 500 words respond to )
Edmg 600 David Diaz
The article “Modeling Human Behavior to Anticipate Insider Attacks” outlines several reasons why there are difficulties in developing and implementing proactive approaches to anticipating insider threats in order to provide an opportunity to intervene and prevent an insider attack. The first of these reasons is that there is a lack of sufficient real-world data that is actually true and can be verified and validated (Greitzer & Hohimer, 2011). This means that there is not enough data on actual insider attacks that has not been altered for a number of reasons that can also be verified by external sources and entities. The second reason that implementing these proactive approaches, as stated in the article, is difficult is that due to a lack of understanding the difference between normal and anomalous behavior in the data, it can be difficult to determine what is normal behavior and what is behavior that leads to an insider attack (Greitzer & Hohimer, 2011). Some insider threats may exhibit behaviors that could precede an insider attack, however many of these behaviors, with context, could be legitimate and not be indicators of an attack at all. Finally, the third and fourth reasons that Greitzer and Hohimer argue that it is difficult to anticipate insider threat behavior are that the amount of data and the relationships between the data present scalability challenges and that there is almost no attempt to support insider threat analysis despite large amounts of evidence stating that in most insider attacks, the warning signs and behaviors were able to be observed (Greitzer & Hohimer, 2011). Each of the reasons outlined in the article makes anticipating insider threat behavior difficult, which in turn makes the development of systems to predict this behavior equally difficult.
Do you agree with them? Why? Why not?
Overall, I do agree with Greitzer and Hohimer in their argument regarding the difficulties of anticipating insider threat behavior. The main reason I agree with the assessment contained in the article is because it is difficult to separate behaviors that are legitimate from behaviors that are anomalous and could be indicators of insider threat behavior. For example, a behavior commonly associated with insider attacks is being disgruntled; however disgruntled employees do not always seek to commit insider attacks. In addition, I think that there is a lack of truthful data regarding actual insider attacks due to the fact that these attacks may be mislabeled as another type of attack or the organizations who were victim to the attacks will not want to report that the attack was caused by an insider. This makes getting real data that would support insider threat analysis that could predict these behaviors difficult and counterproductive as organizations supporting these endeavors can benefit from the results and prevent more insider attacks from occurring.
References
Greitzer, F. & Hohimer, R. (2011). Modeling Human Behavior to Anticipate Insider Attacks. Journal of Strategic Security,4(2), pp. 25-48. Retrieved April 14, 2019 from https://scholarcommons.usf.edu/cgi/viewcontent.cgi”¦
“Place your order now for a similar assignment and have exceptional work written by our team of experts, guaranteeing you A results.”