Documenting Business Cybersecurity Issues

Documenting Business Cybersecurity Issues

Objectives:

Part 1: Record your assessment of Athena’s cybersecurity issues. Part 2: Record the different types of assets owned by Athena. Part 3: List the threats for each asset type. Part 4: Recommend mitigation techniques to address each threat.

Scenario: Athena Learning Incorporated is an educational service provider. Athena has two major lines of business: course content creation and online learning services. Athena creates learning content and hosts learning content. Athena also provides internet sales services that enable its partners to charge their students to attend their courses.

Athena employs about 100 people in its headquarters office, and about 5 people each in its London and Singapore offices. Because it provides content and delivery services globally, Athena must comply with diverse privacy and security standards.

Athena serves as custodian for its content and content that belongs to its partners. The content includes text, graphics, video, and interactive assets. This content is the essential intellectual property of the company. It also manages student account information including student registration, authentication, records, and payment information. Athena manages its own SQL databases, some of which are connected to web portals.

The Athena network consists of mostly MS Windows and Apple IOS clients with a mix of Microsoft and Linux servers to store business and employee records, learning content assets, and financial information, including customer data. The hosts include various PC brands and models of varying ages. Different versions of operating systems are in use. Athena uses cloud services to deliver courses to the public, but must house assembled courses on the internal network for creation and editing. When the courses become available, they are mirrored to the cloud. Employees are permitted to use their personal phones and tablets for work. In addition, some employees work from home, but require full network access to do so. Athena also hosts its own DNS, email, and intranet services.

Athena employees use common office application software, custom applications, and tools that have been created internally.

Athena provides access to parts of its internal network to its partners through a secure web portal. Clients are able to preview their course content and deliver course assets to Athena for assembly in the Athena learning management system. Students interact with the cloud-managed learning platform through their web account logins.

We will apply knowledge of cybersecurity threats and mitigation techniques to a corporate setting. We will read about a business, classify its assets, and then list the potential vulnerabilities and threats that the business faces. Finally, we will recommend threat mitigation measures for the threats that you identify.

Required Resources: i) Basic knowledge of vulnerabilities, threats, and mitigation techniques. ii) Devices with internet access

Instructions Part 1: Record your assessment of Athena’s cybersecurity issues. Study the Scenario above about Athena Learning Incorporated. Focus on identifying the data, software, hardware, and network assets that need to be protected to ensure that company is not impacted by various types of threats that have been discussed in the course so far.

Use the tables below to record your answers.

Part 2: Record the different types of assets owned by Athena. From the information in the Scenario, and our knowledge of business in general, fill in the first columns of each table with the relevant assets that are owned by Athena. There should be at least four entries in each table.

The different types of assets are defined as follows:

• Information/Data Assets: Data that is used by the company, in any of the three states of data. This data could be Athena’s business data, Athena’s learning content, student sales and learning data, or partner data.
• Software Assets: Software that is used by Athena, including commercial business applications, operating systems, server software, database software, and custom software.
• Physical Assets: The physical devices, equipment, and other property that are used by Athena in the course of their business.
• Network Assets: The types of networks and network connections that are hosted or used by Athena in the course of its business.

Part 3: List the threats for each asset type. a. Review the information that you have learned in this pathway regarding vulnerabilities and threats.

What is the difference between a threat and a vulnerability?

Answer: Vulnerabilities are weaknesses or characteristics of an asset that can result in damage to or loss of those assets. Threats are the possible actions or events that exploit vulnerabilities. Threats can be posed by people or nature.

b. Complete the second column of the table with threats that could exploit vulnerabilities for each asset that we listed. There is usually more than one threat to each asset.

Part 4: Recommend mitigation techniques to address each threat. Review the information that we have learned so far about ways to mitigate various cybersecurity threats. Complete the third column of the table with mitigation techniques that can be done to avoid or limit the damage caused by each potential threat.

1. Why is it useful to categorize assets when identifying threats and mitigation techniques?

Answer: Classifying assets by type helps to organize thinking around what threats may exist. Otherwise, there are so many assets that it is difficult to get started with the analysis.

2. Do some threats have the same or similar mitigation measures? Why is it important to note this?

Answer: Yes, some threats can be mitigated using the same means. For example, a system of updating host and server software can help to mitigate threats to customer and company data. VPNs can encrypt data uploaded to Athena’s servers by customers and can also protect assets sent to the cloud. Knowing this helps guide the choice and implementation of threat mitigation solutions.

3. What have we learned about the application of knowledge of cybersecurity threats and mitigation techniques to the context of a simulated organization?

Answer: Cybersecurity programs require many different types of measures that work together to protect an organization’s diverse assets. There is no single solution to protecting assets from the wide range of threats that exist in the world today.

Skills Gained:?

• Asset classification and inventory management?
• Threat identification and risk assessment?
• Mitigation planning and strategy formulation?
• Application of cybersecurity frameworks in a simulated enterprise environment?
• Critical analysis and structured problem-solving in cybersecurity contexts

Conclusion:

This project provided a comprehensive exercise in identifying, classifying, and mitigating cybersecurity issues within an enterprise setting. By analyzing Athena Learning Incorporated’s scenario, I learned to assess vulnerabilities, map asset types, and determine tailored mitigation strategies. The process reinforced the importance of structured analysis, as categorizing assets simplifies threat identification and highlights common solutions across diverse challenges.