Only choose three questions out of the six questions..
You are to answer three of the following six questions using what you have learnt to date on the course and any other additional readings you have done. Each answer should be 1000 words (+/- 10%) and all citations (in the text and bibliography) should follow APA requirements. You should include a single, consolidated bibliography at the end for all works cited in each answer.
Question 1: Insider threats pose a potentially serious problem to almost every organization. Mitigating them involves a combination of management, technology and complicated issues of human behavior. In your informed opinion, what would a successful insider threat mitigation strategy entail at your organization?
Question 2: States and cyber analysts often make a distinction between computer network exploitation (CNE) and computer network attack (CNA). CNE exfiltrates confidential information against the wishes of the owner; CNA uses information to disrupt and destroy. The majority of intrusions involve CNE (espionage for political, commercial and other purposes). CNA attacks such as Stuxnet and Shamoon are less frequent but also more damaging and costly. First, do these examples of CNA rise to the level of an attack on national security that requires an armed (cyber or otherwise) response? Second, do you foresee a future scenario (5-10 years) in which a CNA could lead to a retaliatory armed response from a state?
Question 3: Cybersecurity tends to bring along important direct and indirect costs. However, the benefits of innovation and technology outweigh the costs of defending against cyber threats and risks associated with the cyber world. In other words, being connected outweighs potential risks. Do you agree? Why or why not?
Question 4: Myriam Dunn-Cavelty and Thomas Ridd both say cyberterrorism is a reality but has not occurred yet. In contract, Lee Jarvis et al. and Maura Conway say that cyberterrorism is a real, present and ongoing danger. What do you think? Does cyberterrorism pose a threat to the UAE? If yes, why and how (give examples of cyberterrorism)? If no, why and how (give examples of actions that some label cyberterrorism but are not)?
Question 5: Cyber Security is only as strong as its weakest link. Much attention has gone the last years to the design and implementation of insider threat programs that aim to prevent, detect, mitigate and deter these types of threats. Do you agree with the fact that the human element plays a key role in cyber security and insider threat programs might be an effective measure in managing, mitigating and strengthening resiliency?
Question 6: Phishing and spearphishing are used by a variety of state and non-state actors to elicit useful, lucrative and/or sensitive information. For example, an email from what appears to be the management of your organization, your bank or your favorite restaurant offering a promotion are all examples of emails that you would likely open and read. But would you click on the link? What clues may tell you whether the email is a phishing/spearphishing or legitimate email? In other words, what are some of the ways you can protect yourself and your data from exploitation by cybercriminals?
