Discussion Topic #4 Discussion Topic Task: Reply to this topic

Choose one of the following topics for this discussion topic. Post your reply to the topic on this thread. Type your answer in the space provided below. Do NOT attach a document to this thread. You will not receive credit for the post if you attach a document to this or any discussion thread. (minimum of 100 words) Be sure to use complete sentences and check your grammar, spelling, and punctuation before making a submission.

Module 07 Public Key Infrastructure and Cryptographic Protocols

Organizations create a standard set of protective tools, such as encryption, firewalls, anti-virus software, intrusion-detection systems, and two-factor authentication. However, threat actors still may penetrate these defenses due to a vulnerability or misconfiguration. When that occurs, should companies be allowed to crash the servers that are attacking them or delete data that has been stolen from them off their adversaries’ computers? This concept of engaging in “active defense”—often considered a cybersecurity euphemism for offense—is not permitted by the Computer Fraud and Abuse Act (CFAA) in the United States and its counterparts in other countries. These laws effectively make it illegal for people to access computer systems that do not belong to them without permission from the owners. But some cybersecurity professionals and even lawmakers say that the time has come to carve out an exception to this blanket ban: companies should be permitted to infiltrate external networks in the name of active defense. One lawmaker has proposed the CFAA be changed so that it would not apply to victims of cyberattacks who accessed attackers’ networks to “gather information in order to establish attribution of criminal activity to share with law enforcement” or to “disrupt continued unauthorized activity against the victim’s own network.” Should active defense be permitted?

Module 08 Networking Threats, Assessments, and Defenses

Hacktivists often use DDoS attacks against organizations that they perceive as being opposed to them. This includes not only government but also journalist, publications, and human rights groups. Google’ss parent Alphabet has stepped up to help with thwart DDoS against these groups. Since 2016 Project Shield has thwarted DDoS attacks against hundreds of web sites in over 80 countries. These attacks were directed at web sites in order to silence important information. Project Shield was offered for free to journalists, small publications, human rights groups, and others. But Google is doing that from its own initiative at a relatively high cost. Should there instead be a tax on computer hardware and/or software that goes towards a fund that is then used for organizations like this to have permanent DDOS mitigation?