Cyber security, and its impact on everything we do today, is a dynamic and ever- changing area for Emergency Managers and Homeland Security professionals. Laws, policies, and the development of “best practices” with new approaches are issued almost on a monthly basis. Technology change, along with the cyber threats accompanying these changes, and the federal government’s efforts to protect cyber space, have resulted in a dynamic legal and policy environment.
Mission critical systems such as geo-spatial information systems, emergency management decision support systems, law enforcement databases, transportation control systems, and the power grid are a few examples of the impact cyber security awareness has on responding to disasters and incidents affecting our communities. Many threats, vulnerabilities, and weaknesses in our existing systems are attributed to poor cyber security practices. For example, as much as 91% of reported attacks can be thwarted using relatively simple approaches. The remaining exposure to cyber security threats and vulnerabilities requires more sophisticated protective measures. If such a great percentage of cyber security threats, weaknesses, and vulnerabilities exist and are relatively simple to resolve, why are these threats problematic?
For this project you will complete a research paper that will express your view on the following questions:
- Why has there been so much change in the field of cyber security, and moreover, should the Federal Government be driving these changes?
- Can cyber security ever be truly achieved and if so, how can it be achieved?
- Would you consider achieving cyber security as an end-state or is it an on-going
process, given the likelihood that events and circumstances in the current environment continue?
Research Paper Instructions:
The following areas must be included in your research paper:
1. Introduction with thesis and problem statement (2 pages).. This section provides a basic overview of the situation to be analyzed and includes your thesis and problem statements.
· The introduction is the broad beginning of the paper that answers three
important questions for the readers:
o What is this about?
o Why am I reading it?
o What do you want me to do?
· The introduction must include:
o A problem statement. A problem statement answers 4 questions: 1)
what is the problem, 2) what is the magnitude of the problem, 3) where is the problem, and 4) why is it important to solve the problem. Problem statements are typically 4-5 sentences. Carefully consider your topic because the paper builds off of the problem statement and ultimately, it provides a measure of whether or not the solution is feasible given the description of the problem.
o A thesis statement. A thesis statement is a sentence that identifies the main idea and/or central purpose of the paper. It serves as the organizing principle of the paper and usually appears at the end of the problem statement.
- Challenges Overview (3 pages). Describe the threats and vulnerabilities, adherence (or not) to existing cyber deterrence strategies, explain the response and recovery efforts undertaken (what has happened, who did it, why did it happen, what was affected). Provide an explanation concerning how the incident occurred from a non-technical perspective. This might include Identifying stakeholders and explaining their how their actions and relationships with others helped to create the problem.
- Cybersecurity Frameworks, risk and vulnerability analysis, and best practices that can be used to address the challenges (3 pages).. Explain how the problem can be mitigated using the methods discussed in the course materials and resources.
- Solutions based on law and policy that can reasonably be drawn from research. (3 pages).
- Conclusions and Recommendations (1 pages). Your conclusion should briefly summarizes what was presented in the paper. The conclusion should not include any new or additional information.
- References. In text and reference page.
