Week 8 of 'Current Trends in Cybersecurity' has us working on a Threat Action Plan for the fictional Harry & Mae's organization. This week I am to reflect on the hardest part of working out the Action Plan.
For me the hardest part of working on the Harry and Mae Case Study to provide threat, vulnerabilities, and risk analysis is trying to find the happy medium of demonstrating that I understand the material without going overboard. Done properly (as if Harry & Mae's were a true world client), the Threat Action Plan would likely be somewhere in the ballpark of 80 pages long.
There are a lot of references out there to draw from, to include NIST pubs and CISSP material, but my biggest problem is trying to grasp what is really required for these assignments. I could spend another 40 hours sifting through NIST documents, and another 40 hours using ALE (SLE * ARO) calculations to present something that demonstrates a strong grasp of how to approach this case study, but I'm not sure if something along those lines are required, or if it'd be overkill.
The material for the other class I'm currently enrolled in (Ethical Hacking and Response) is very familiar, so it frees me up to really focus on this class. Again, the challenge for me this week is to know where to draw the line on identifying threats/vulnerabilities/risks; for example, identifying threats/vulnerabilities/risks associated with a Cisco Nexus 7000 Switch could take a week by itself, so I've opted to provide a few simple examples for each area I'm addressing and hope that it's enough to meet the requirement and demonstrate that I have a grasp of what we're attempting to achieve.
No comments:
Post a Comment