Reflective Paper

 Student's Name

Institutional Affiliation

Course Code

Professor's Name

Due Date程序cs代写

程序cs代写 Before learning the topic about cybersecurity, I was not aware of the various tools for cybersecurity like using specific software to..


Reflective Paper

Before learning the topic about cybersecurity, I was not aware of the various tools for cybersecurity like using specific software to alert the users about the malicious site, using an anti-malware system that verifies emails before entering the inbox; it scans for malicious emails (Carpanelli, 2021).  An organization must have a Critical Security Control Detail (CIS) to provide proper email communication security.

The cybersecurity of an organization can be assessed using various parameters.

First, the company should strictly deny access to IT centers only the authorized person should access; this prevents physical threats. The offender cannot have access to taking away important documents in the institution (Carpanelli, 2021). The computers should have up-to-date Antivirus, and the users of the computers must have strong passwords. Additionally,

the people in the company using the internet should be having regular meetings on cybersecurity. If the company have copies of information, in case of theft, then it can enter the information (Sohal et al., 2018)

Cyber risk assessment is a key thing an organization should be doing regularly to get rid of cyber insecurity; one of the risk assessments is identifying any gaps in cybersecurity by assessing if all the hardware and software of the computer are well and if there is any problem, the IT experts to fix as early as possible (Sohal et al., 2018).

Checks the networks, control system, and infrastructure to secure the companies data safely.程序cs代写

Performing security assessment information and auditing the cybersecurity standards to ensure the company security is tight. The qualitative risk assessment helps the company know their weakness that may have resulted from outdated software, hardware, and the kind of infrastructure used in quantitative risk assessment. It identifies the amount of loss the company might lose in the finances.

The company employs security governance strategies to ensure cybersecurity is well. The administration must come up with policies and guidelines to be followed. For instance, each person is responsible for cyber threats and should report to the IT manager in case of any for proper management (Sohal et al., 2018).

The administration should give strict rules to its members in case of cyber-attacks. The person is responsible for it, and they should be surcharged. The IT expert should provide up-to-date software, and he should be checking regularly to prevent threats.

The company has security governance.程序cs代写

Only one person in my institution has the authority to decide it. The audit and assessment are done in time. There is physical security for IT where the security personnel protects the company's property and physical assets (Carpanelli, 2021). There is no security awareness in the company,

and I would come up with a team that will teach peoples about cybersecurity and be going for outreach. Information security program management should be reviewing the policies and standards of cybersecurity in the institution every one year.

 According to Sohal et al. (2018),程序cs代写

emerging cyber threats can be handled carefully by first being prepared for external threats like malware, phishing, Trojans, and ransomware by having the software that tracks malicious information. Threats to a critical system can lead to the loss of important information.

Critical cyber systems include the payment card processing system that shows the organization's transactions and receipts and a patient health delivery system that stores the patient information. Identify whether the threat impacts the compliance regulations,

confirm other threats by managing cybersecurity threats, always filter the email traffic, scan internet documents before downloading, and regularly change the passwords and encryption keys.

The company can control Cyber internal threats by installing security software like the Intrusion Prevention System(IPS),  Firewall, Email Security Gateway, web application Firewall(WAF), web content filtering, VPN, and Antivirus. This listed software offers maximum security to internal threats of the computer (Carpanelli, 2021).

The organization can also whitelist the specific owners to run on the workstation.程序cs代写

Advanced technologies use the Endpoint detection and response(EDR), which provides visibility capability on the endpoint to detect, investigate, and mitigate the suspicious activity. Endpoint Protection Platform combines features of Antivirus, firewall/IPS, whitelisting into one product. Finally, Network Access Control ( NAC)  incorporates endpoint security with authentication.

Other technical control includes Security information and event Management (SIEM), Server File Integrity Monitoring and Security reputation monitoring.

Focused training is essential for each member in the company using the cyber to prevent cyber threats; people should avoid ignorance so that they cannot attract cyberattacks; targeted training is done using phishing to reduce unwanted behavior taking place. Training of both the security team and non-security IT staff is vital.

It will have informed knowledge on the new cyber threats (Carpanelli, 2021).  A monthly campaign for phishing and cybersecurity awareness will reinforce the users to learn more about the cyber threats; challenges that most users face are failing to comply with the new rules, information overload, and a lot of work.

In summary, cybersecurity is an important area in an organization, and if it is amiss in it, the company can lose many things. The company should do a risk assessment for cybersecurity frequently and update themselves to prevent threats.




Carpanelli, E. (2021). Book Review: Cybersecurity. Key Legal Considerations for the Aviation and Space Sectors, Federico Bergamasco, Roberto Cassar, Rada Popova & Benjamyn I. Scott eds, Aerospace Law and Policy Series Vol. 19. Wolters Kluwer, Alphen aan den Rijn. 2020. Air and Space Law46(1).

Sohal, A. S., Sandhu, R., Sood, S. K., & Chang, V. (2018). A cybersecurity framework to identify malicious edge devices in fog computing and cloud-of-things environments. Computers & Security74, 340-354.




该公司采用安全治理策略来确保网络安全状况良好。主管部门必须提出要遵循的政策和指南。例如,每个人应对网络威胁负责,如果有任何威胁要进行适当管理,则应向IT经理报告(Sohal等人,2018)。发生网络攻击时,主管部门应对其成员制定严格的规则。该人对此负责,应向他们收取额外费用。 IT专家应提供最新的软件,并应定期检查以防止威胁。
该公司具有安全治理。我机构中只有一个人有权决定。审核和评估是及时进行的。 IT具有物理安全性,安全人员可以保护公司的财产和有形资产(Carpanelli,2021年)。公司中没有安全意识,因此我想出一个团队,该团队将教人们有关网络安全的知识,并努力进行推广。信息安全计划管理应每年审查机构中网络安全的政策和标准。
据索哈尔等。 (2018年),可以通过具有跟踪恶意信息的软件,首先为外部威胁(如恶意软件,网络钓鱼,特洛伊木马和勒索软件)做好准备,以谨慎处理新兴的网络威胁。对关键系统的威胁可能导致重要信息的丢失。关键的网络系统包括显示组织交易和收据的支付卡处理系统,以及存储患者信息的患者健康交付系统。识别威胁是否影响合规性,通过管理网络安全威胁来确认其他威胁,始终过滤电子邮件流量,在下载之前扫描Internet文档,并定期更改密码和加密密钥。
该公司可以通过安装入侵防御系统(IPS),防火墙,电子邮件安全网关,Web应用程序防火墙(WAF),Web内容过滤,VPN和防病毒软件等安全软件来控制网络内部威胁。该列出的软件为计算机的内部威胁提供了最大的安全性(Carpanelli,2021年)。该组织还可以将要在工作站上运行的特定所有者列入白名单。先进技术使用端点检测和响应(EDR),它在端点上提供可见性功能,以检测,调查和减轻可疑活动。 Endpoint Protection Platform将防病毒,防火墙/ IPS,白名单的功能组合到一个产品中。最后,网络访问控制(NAC)将端点安全性与身份验证结合在一起。其他技术控制包括安全信息和事件管理(SIEM),服务器文件完整性监视和安全信誉监视。