THE “ASSUME BREACH” MINDSET
Wouldn’t it be nice to have perfect security, perfect trust, and perfect information over a long period of time? Unfortunately, not to assume breach would be naive. In security risk management, it is always better to be on guard and to always expect an attack as opposed to being complacent and hoping for the best.
Security professionals must continuously seek to improve their defenses and look for signs of breach. Just like the attackers, defenders should think of new ways that their systems can be hacked and compromised. Failure can be defined as a system not conforming to your expectations. Technology will fail. People will fail.
RESOURCES
Be sure to review the Learning Resources before completing this activity.
Click the weekly resources link to access the resources.
WEEKLY RESOURCES
To prepare for this Discussion:
Consider the following questions:
• Should we be pessimistic about the IT industry?
• Are we losing the war against hackers?
BY DAY 3
Post 300–400 words (not including the list of references), in which you:
• Explain how you can “prepare for failure” based on your personal and professional experience.
• Describe the change of mindset concept based on the “assume breach” approach and explain the follow-up procedure.
Cite and reference all sources following APA format and style guidelines.
Refer to the Week 1 Discussion Rubric for specific grading elements and criteria. Your Instructor will use this grading rubric to assess your work.
Read a selection of your colleagues’ postings.
LEARNING RESOURCES
Required Readings
• National Institute of Standards and Technology. (2018, December). Risk management framework for information systems and organizations: A system life cycle approach for security and privacy (Special Publication 800-37, Revision 2)Links to an external site.. U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
o Chapter 2, pp. 6-20
Required Media
• Walden University, LLC. (2018). Definitions of asset, risk, threat, vulnerability [Video]. Walden University Canvas. https://waldenu.instructure.com
Note: The approximate length of this media piece is 4 minutes.
• Walden University, LLC. (2018). NIST 800-39 SRM fundamentals [Video]. Walden University Canvas. https://waldenu.instructure.com
Note: The approximate length of this media piece is 7 minutes.
Optional Resources
• National Institute of Standards and Technology. (2011). Managing information security risk: Organization, mission, and information system view (Special Publication 800-39)Links to an external site.. U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
• Federal Financial Institutions Examination Council. (2023). Cybersecurity assessment toolLinks to an external site.. https://www.ffiec.gov/cyberassessmenttool.htm
• Federal Financial Institutions Examination Council. (2017). Cybersecurity assessment tool: User’s guideLinks to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_Users_Guide_June2.pdf
• Federal Financial Institutions Examination Council. (2017). FFIEC cLinks to an external site.ybersecurity assessment tool: Overview for chief executive officers and boards of directorsLinks to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_CEO_Board_Overview_June_2015_PDF1.pdf
• Federal Financial Institutions Examination Council. (2017). FFIEC cybersecurity assessment tool: Cybersecurity maturity: Doman 1Links to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_Cybersecurity_Maturity.pdf
• Federal Financial Institutions Examination Council. (2017). FFIEC cybersecurity assessment tool: Inherent risk profileLinks to an external site.. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_Inherent_Risk_Profile.pdf