RESPOND TO THESE DISCUSSION POST BASED ON THE TOPIC “You are the chief information security officer (CISO), and due to a government shutdown and other factors, your desktop team is unable to migrate to Windows 7 as you initially planned. You know that Windows XP support will expire in just two weeks, and your agency will be vulnerable to all types of malware if you continue operating on it after the end of support deadline.
How would you handle this risk? Would you accept, reject, transfer, or mitigate it? How did you come to that decision?
When responding to your classmates, discuss your viewpoints of the best risk management option given in their scenario. Support your rationale with specific examples.” (TWO (2) PARAGRAPHS EACH WITH REFERENCES ON EACH OF THEN NOT TOGETHER)
1JnTHn SwGn M One Discss
As the CISO of the company, my first concern is why we decided to wait until the last second to make the change to XP. There should have been setups and testing done earlier to help ensure that enough time was given for the migration to be effective. Since that is in the past, my effort would be put towards mitigating the risk of the XP machines on the network. The first step would be to evaluate the users and find out who could be migrated to 7 the fastest and with little downtime as possible. This would help to lessen the risk while at the same time keeping user uptime to the highest possible. With the machines that still have to be in use, I would implement network changes that would prevent the XP boxes from accessing the internet, but able to access the internal network. If there is a need for internet access, I would ensure that every XP user has a Windows 7 VM that could be used for internet access. This would help to keep down the risks involved with the XP machines pulling malware from the internet without impacting the users too much. There is less risk involved on the XP machines if they are unable to access the internet to pull down malicious files that could impact the machines. To ensure that the machines to do not slip the system, rules could be set on the firewalls to drop all outgoing traffic that is not company related. This would help to ensure if any command and control software did infect the system, the machines could be cleaned up with ease since the entire malware package was not able to be installed or controlled.
2.Trll Bns ). DSCSS 1:1
The Framework contains an array of activities, outcomes and references to help organizations identify their cybersecurity risks. It also allows groups to work toward a targeted cybersecurity outcome tailored to match the sector or type of organization. The organization can then take steps to close the gaps between its current profile and its target profile (2017).
I would extend the contract for XP support until Windows 7 can be deployed across the organization. I would be sure to send out notifications to update all anti-virus and firewalls be setup to block specific IP addresses deemed risky. During this brief moratorium, we would block all unknown emails and end-users will receive the denied message attempting to access social media sites.
The IT team will disable unused ports. Now, during the changeover, the IT team should mitigate damages from malware by restricting access to unauthorized advertisements, games and gambling sites. Therefore, implement a URL content filters and block social networking activities by implementing Internet content filters. These are some temporary behaviors we will be adopted until the government shutdown is over.
I reached this critical decision because we must continue to operate for business purposes and support our customers. However, we know our network will be at risk during this shutdown if precautions are not in place.
3.Tyr Ktchn). Risk buz
The risk of using an outdated operating system poses many threats to the organization. If we were to continue using the OS we run the risk of vulnerabilities being exploited with no way of patching these vulnerabilities. I believe I would handle this risk by education, increased firewall rules, and anti-virus protection monitoring. We would attempt to mitigate this risk by tweaking our firewall rules to only allow trusted sources in and out of the network as well as specific ports. Next we would monitor our anti-virus software to make sure it is updating twice per day with intermittent scans of the system. The most important part of this mitigation would be to educate all users on safe browsing and email practices. Most websites would be closed off via firewall protection but all other links and attachments from emails should be treated as malicious. The risk is too great to accidently allow malware into the network. I came to this decision because accepting the risk would allow vulnerabilities to most certainly be exploited, rejecting the risk was not an option as plans could not be accelerated, and transferring the risk would cost more money than the potential risk (A Four-Step Risk Approach to Strategy Execution, 2010).
PLEASE READ THIS.IT IS VERY IMPORTANT
Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points. You must discuss the topic using your own words first. Using your own words indicate you understand the topic of discussions. Secondly, you must cite your sources in-text. This is necessary to justify your points. Sources from several sources showed good research abilities. Lastly, you must provide references at the bottom of your post. A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this. You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources.
www.citationmachine.net to format references into the APA style if necessary. Extremely important. Intext citations is very essential and highly needed as well.
use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements:2 PAPARAGRAPHS FOR EACH PROMPT ANSWER. Make sure you cite if you take a piece of someone’s work, very important and your reference should relate to your writing (don’t cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.