11/16 - Cybersecurity Field Trip to Fannie Mae
Essential Question: How is cybersecurity policied and practiced in a real-world business?
Objective: I will be able to connect the content of this course of what I have learned so far and recognize it in a real-world business.
Word Wall:
All the vocabulary we learned in Chapters 1-3.
Task:
- Today as we visit Fannie Mae on the subject of Cybersecurity and how it looks like in a real business, the answers to the following questions are what I want you to listen for as we go through our tour and hear the presentation.
A. Threat Detection & Response (Identify and respond to threats)
Question 1: What software/technology does Fannie Mae use to detect threats?
Question2: In different threat incidents, what are some examples of corrective responses?
Question 3: How are threats detected managed | archived | analyzed? What are the baselines which are used to setup the criteria to detect a cyber threat?
Question 4: Does Fannie Mae have any incidents of malware intrusion it may discuss?
Question 1: What software/technology does Fannie Mae use to detect threats?
Question2: In different threat incidents, what are some examples of corrective responses?
Question 3: How are threats detected managed | archived | analyzed? What are the baselines which are used to setup the criteria to detect a cyber threat?
Question 4: Does Fannie Mae have any incidents of malware intrusion it may discuss?
B. Vulnerability Management (Identify and manage security vulnerabilities)
Question 1: What vulnerability tests do you run? What vulnerability audits do you run?
Question 2: Does Fannie Mae run penetration tests? Has a penetration test ever affected a system in a way which impacted everyday business performance?
Question 3: What is the process Fannie Mae uses to decide if a vulnerability is "serious" enough to warrant funding to diminish the vulnerability?
Question 1: What vulnerability tests do you run? What vulnerability audits do you run?
Question 2: Does Fannie Mae run penetration tests? Has a penetration test ever affected a system in a way which impacted everyday business performance?
Question 3: What is the process Fannie Mae uses to decide if a vulnerability is "serious" enough to warrant funding to diminish the vulnerability?
C. Identity & Access Management (Implement and manage secure access and authorizations controls to systems and data)
Question 1: What access controls does the Fannie Mae security department implement in the following categories: technical, management, operational?
Question2: What is the company's password policy?
Question 3: How are privileges assigned? How are ACLs created?
Question 4: What physical access controls does Fannie Mae have in place?
Question 5: What logical access controls does Fannie Mae have in place?
Question 1: What access controls does the Fannie Mae security department implement in the following categories: technical, management, operational?
Question2: What is the company's password policy?
Question 3: How are privileges assigned? How are ACLs created?
Question 4: What physical access controls does Fannie Mae have in place?
Question 5: What logical access controls does Fannie Mae have in place?
D. Incident & 3rd Party Management (i.e. FNMA vendors)
Question 1: How are incidents detected?
Question2: How are incidents handled at the time of intrusion?
Question 3: How are incidents managed after time of intrusion?
Question 4: How is knowledge management developed after incidents to promote prevention after detection and correction?
Question 1: How are incidents detected?
Question2: How are incidents handled at the time of intrusion?
Question 3: How are incidents managed after time of intrusion?
Question 4: How is knowledge management developed after incidents to promote prevention after detection and correction?
E. Transformation, Simplification & Governance (Implement a Cyber Security Awareness program)
Question 1: What type of technical training does Fannie Mae offer personnel on cyber security awareness?
Question2: What type of social engineering training does Fannie Mae offer personnel on cyber security awareness?
Question 3: Does Fannie Mae have any security incidents it can share which occurred due to an employee who was socially engineered to share confidential information?
Question 4: What policies does Fannie Mae encourage individual personnel to follow to ensure confidentiality? (clean desk policy, passwords, use of USBs, etc.)
Question 5: Who at Fannie Mae must have CompTIA Security+ certification for a job position requirement?
Question 1: What type of technical training does Fannie Mae offer personnel on cyber security awareness?
Question2: What type of social engineering training does Fannie Mae offer personnel on cyber security awareness?
Question 3: Does Fannie Mae have any security incidents it can share which occurred due to an employee who was socially engineered to share confidential information?
Question 4: What policies does Fannie Mae encourage individual personnel to follow to ensure confidentiality? (clean desk policy, passwords, use of USBs, etc.)
Question 5: Who at Fannie Mae must have CompTIA Security+ certification for a job position requirement?
F. Security to Business Integration (Defines requirements for designing secure systems and enterprise solutions)
Question 1: What is the process in creating computer network infrastructure in the event the company wants to add, for example, more hardware or functionality to its infrastructure? In other words, what process does Fannie Mae follow to make the most cost-effective and security-effective network since security may cost more than the cost of the vulnerability risks?
Question2: Is there any technology services Fannie Mae outsources? How is confidentiality ensured when other parties are involved?
Question2: Is there any technology services Fannie Mae outsources? How is confidentiality ensured when other parties are involved?
Question 3: What is the security business contingency plan in case we have another 9/11 event in the DC area?
2. Be prepared to come back and write a paragraph about the answers to three of these questions using information you received from today's field trip and the connections you can make on what we have learned already in this course.
Total Points: 30 (3 healthy high school level paragraphs [Quantity AND Quality]
Total Points: 30 (3 healthy high school level paragraphs [Quantity AND Quality]
Image Attribution:
Fannie Mae Logo BY Fannie Mae found at http://www.allenadvisors.com/wp-content/uploads/2013/07/FannieMae-Logo.jpg