Pick 3 topics to write about. I do not need a title page, but I DO need references for each of the 3 topics that are chosen.

Course Objective: Design effective organizational cybersecurity safeguards around vulnerabilities, risks, and auditing practices. The class discusses approaches, standards, and tools related to vulnerability and risk assessment to prevent cyber attacks.

Topic 1: Advanced and Persistent Threats
One of the biggest risks that companies face is advanced persistent threats. Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat. What policies can help manage the insider threat for an organization’s supply-chain companies, or the organization’s off-shore contractors? Integrate the concept of separation of duties into your discussion.
Background:
1. Notional Supply Chain Risk Management Practices for Federal Information Systems [2012, NIST – note that the term “insider threat” is not used in the document, but multiple practices are outlined for controlling risks posed by personnel).
2. The Risk of Insider Fraud: Second Annual Study [2013, Ponemon – not specifically supply-chain related, but a detailed overview of the current understanding of the risk posed to enterprises by insider threats generally]
3. Cybersecurity: An Examination of the Communications Supply Chain [2013 – video / transcript of Congressional hearing examining multiple aspects of this topic]

Topic 2: Mandiant Report
On Feb. 19, 2013 Mandiant released a report alleging that a specific Chinese military unit is behind one of the largest cyber espionage and attack campaigns aimed at American infrastructure and corporations. Public understanding of Advanced Persistent Threats (APT) is weak, attribution remains difficult, and cyberattacks are often dismissed as criminal or peripheral to national security. This carefully-researched report is significant because it convincingly and publicly assigns attribution for ongoing cyber espionage to groups supported by China. By publishing, Mandiant hopes that —
(a) this report will lead to increased understanding and coordinated action in countering APT network breaches; and
(b) its resulting exposure and discussion may thwart APT activities.

After reading the article at the link below and perusing the Mandiant report, discuss whether Mandiant’s two desired outcomes above are likely to occur.
Background:
NYT summary: http://ezproxy.umuc.edu/login?url=http://search.proquest.com/docview/1288537806?accountid=14580
NPR audio: http://www.npr.org/2013/02/19/172431535/report-chinese-government-hackers-behind-dozens-of-attacks-on-u-s-companies

Topic 3: EMP and Solar Weather
While the daily news contains a wealth of information about vulnerabilities, threats, and hackers, there are still several national cybersecurity concerns about which little is known by the general public. Electromagnetic pulse (EMP) is described by several experts as a low-probability, high-effect event. First, read the journal article by Dan Dickerson: “No Defense: America’s Growing Vulnerability to an EMP Attack.” Another low-probability, high-effect threat are “Coronal Mass Ejections, more commonly known as Solar Flares. Our own sun goes through an eleven-year Sun Spot cycle, with the next maximum Solar Flare activity predicted to occur between 2013-2014. An “EMP” spike, or either a “Coronal Mass Ejection” magnetic field, can each disrupt or permanently disable power lines and computer circuitry. They can each fry transformers or overheat transistors. When an EMP event, or a Solar Flare, involves enough high energy, the resulting damage to electronic equipment may be so severe that a re-boot or re-start may not be possible. The equipment is trashed. The DOD, and possibly other countries are currently studying design for new energy weapons that can direct EMP against enemy computers.

After reading the EMP article (reserved), discuss with your classmates your opinion about the likelihood of an EMP attack by an adversary, or the likelihood of a Solar Flare that could permanently damage much of our sensitive electronic infrastructure equipment.

Answer these questions:
(1) to what degree should US policy makers should be concerned about a high-effect, low-probability EMP attack, or a powerful Solar Weather event?
(2) describe measures that may mitigate damage to the US power grid; and
(3) measures individuals can take to mitigate the consequences to their personal electronic equipment.

Background:
1. Sun fires off powerful solar flare, triggering radio blackout – Nov 2013 ( http://www.nbcnews.com/science/sun-fires-powerful-solar-flare-triggering-radio-blackout-2D11623878 )
2. Chaos from the Sky: Why the EMP Threat Is Real (http://blog.heritage.org/2013/03/12/chaos-from-the-sky-why-the-emp-threat-is-real/ )
3. The Real EMP Threat ( http://www.nationalreview.com/articles/285601/real-emp-threat-frank-j-gaffney-jr#! )
4. Next-Gen Threats [2011]
5. Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says [2012 – NAS report is freely available]

Topic 4: Penetration Testing & Vulnerability Assessments
As new technology becomes adopted by organizations, standards must also adapt to meet the change. What new standards should be adopted for penetration testing to assess vulnerability for mobile devices in the growing BYOD (Bring Your Own Device to work) environment?

Background:
1. Penetration Testing Android Applications [2013]
2. Penetration Testing for iPhone / iPad Applications [2013]
3. iPhone Hacking! Penetration Testing for iPhone Applications [2012-13 – 5 parts]
4. BYOD Security Challenges: Control and Protect Your Most Sensitive Data [2012]
5. BYOD: Security and Privacy Considerations [2012]
6. Guidelines for Managing the Security of Mobile Devices in the Enterprise [2013 – NIST]