Introduction Students earning the Master’s Degree in Cybersecruity through UMUC are provided a distinctive opportunity. The capstone course for the degree program allows students to put the knowledge they have gained throughout the program into practice. The Cybersecurity Capstone Simulation presents students, organized into teams representing business sectors, with various scenarios in which a cyber threat must be addressed. Furthermore, the simulation stresses the need for the teams to consider other impacts on the implementation of security control, such as employee morale, productivity, and profitability. One of the greatest challenges of the simulation is to implement controls which will defend the sector’s systems, yet still provide …show more content…
considerations and balance for the other indices. For the Federal Government sector team, this writer assumed the role of the Network Administrator. As the Network Administrator, the primary responsibility was to implement controls to secure the organization’s network infrastructure. Following are some details on the preparatory steps taken by the Network Administrator prior to each round of the simulation. The group processes, the results of group efforts, lessons learned, and the challenges in achieving balance in cybersecurity will also be discussed. Individual Research and Planning for Team Support Initial Round The preparations for the first round of the simulation, Round 1A, required the greatest amount of individual research and planning. The process for choosing the initial controls to implement for the network systems began with research into the regulations and standards applicable to federal government sector systems. The intent was to create a network system security baseline which is as complaint as possible with the applicable standards and regulations. The first source of information referenced was the regulation which most impacts the selection of controls for federal government sector systems. The Federal Information Security Management Act (FISMA) of 2002 was consulted to determine the controls which need to be deployed for legal compliance. As an example, FISMA requires sensitive data to be encrypted; therefore data encryption controls must be implemented. To determine the minimally approved levels of encryption controls for government systems, the recommendations from the National Institute of Standards and Technology (NIST) and the Federal Information Processing Standards (FIPS) have been consulted for the establishment of the minimally acceptable baseline for the security control. The FIPS defined the levels to which some of the controls were implemented. Continuing with the data encryption control, the FIPS for encryption standards was consulted to determine requirements. In FIPS 197, the required key strength for cryptographic systems employed by the U.S. Federal Government is a minimum of 112-bits key length ("Advanced Encryption Standard", 2001). The only option available in the simulation which complied with the standards was the 128-bits key strength, which was selected. The process detailed above for the data encryption control was conducted for the other controls assigned to the Network Administrator role. The research and planning activities changed when the active simulation rounds began and control modifications may be required to counter a potential threat. Individual Preparations and Planning for Subsequent Rounds While the amount of individual preparation and planning for the simulation from Round 1B through Round 4 were not as research intensive as the initial control selection phase, efforts were taken to ensure the team was prepared for impending threats. These efforts consisted of understanding the threat, acquiring insights on effective strategy from course resources, and careful consideration of controls to be implemented. The first step in preparing for each round was to view the threat reports on ICYNN. This helped to determine the details of the attack and formulate an initial strategy for control implementation. Some reports were also useful in providing specifics about the attacks and the possible controls which may help to counter the attack. The Simulation Shop Talk documents were also reviewed. The Shop Talks provided valuable information to understand some the reasons behind certain indices being impacted. The advice imparted on strategies to improve scores in certain areas was also very useful. The Shop Talks also provided valuable information as to the methods the simulation used to convey the subjects for learning. Much of the preparation for supporting the team as the Network Administrator was to review the knowledge gained during the career as a telecommunications specialist and system administrator. These skills were invaluable in preparing the team for the simulation rounds. Much of the technological controls and utilization of these controls were familiar and that level of knowledge was valuable in the team efforts. In some instance, light review of details on a type of attack or control was conducted. For the most part, the desire to test already possessed knowledge, as a personal challenge, led to few external resources being reviewed. Team Activities and Results Over the Duration of the Simulation Team Activities The activities for the simulation required a large amount of coordination with the Federal Government sector team.
To make this level of coordination easier and more manageable for team members, the team agreed to a battle rhythm for weekly activities. As the simulation progressed, the schedule for deliverables was altered slightly to accommodate a strategic change to the processes for report generation. The weekly schedule of activities was as follows: Thursday - The team held a meeting on every Thursday evening. The meetings were conducted using Google Hangouts video chats. The video chats made coordination efforts far more effective and efficient than simple text chats. The purpose of this meeting was to coordinate the implementation of controls to address the current threats. The team also reviewed team performance in previous rounds and tried determine what controls could be implemented or adjusted to improve faltering indices. Budgetary conflicts were addressed during this meeting, if required. At the end of this meeting, all members of the team entered their final control decisions into the simulator, in preparation for the running of the simulation on Friday evening/Saturday
morning. Sunday - Inputs from each member of the team for the round reports were due by midnight, Eastern Time. Monday – The Network Administrator and Cyber Security Policy Analyst met to edit the simulation round reports. This meeting was changed from a group editing process conducted on Sunday evening, which was very inefficient. The new strategy of editing reports on Monday evening and having only two team members conducting the editing improved the scores on the simulation reports. Immediately after editing was completed, the report was submitted to Turnitin and then posted for grading. Throughout the course week, team members kept in contact through Gmail and Google Hangouts. Messages with ideas on how to combat a current threat, adjust controls, or advice to achieve greater success in the simulation were often freely shared. Communication among team members was an area which worked and worked very well. Results of Team Activities The results of the team efforts in the simulation rounds were often a mixed bag in several regards. The team’s primary goal for each simulation round was to counter the threat(s) facing the sector for that week. Unfortunately, these efforts were not entirely successful. The team also experienced variable elves of success in maintaining acceptable scores in the simulation indices. An overview of the simulation results are broken down below, by round. Round 1B Round 1B was the first in the simulation in which the team was presented with an impending threat. For this round, the sector was faced with the threat of hacktivists defacing organizational web pages. The Federal Government sector team was not able to prevent the attack. At the end of this round the team saw the security indices improve appreciably but several other indicators, like Public Sentiment, Morale, and Productivity, took significant losses. Round 2 The team faced two potential threats in Round2, a computer worm and a Distributed Denial of Service (DDoS) attack. Efforts to fend off the attacks resulted in only a 50% success rate, with the worm intrusion being countered. As in the previous round, security indices rose but several others decreased dramatically. This trend would continue throughout the rest of the simulation and resulted in a slight modification of strategy for the Federal Government team. Round 3 The Cross-Team impact reports showed the Federal Government team was experiencing significant losses in some indices due to attacks on other sectors. The team decided to focus on implementing controls and modifying control levels to increase security indices. IT was hoped the increase in area such as the National Security Index (NSI) would help other teams achieve a greater security posture, thereby increasing indices such as Public Sentiment for the Federal Government sector team. The team also realized this decision would hurt areas such as morale but the compromise was considered to be justifiable, based on the Federal Government’s obligation to make security a priority. The Federal Government sector was also faced with an attack from a Trojan. The team was unable to stop this attack and the Trojan was detected on the system. Round 4 Round 4 presented a challenge to the Federal Government and Hytema teams. The sectors had to implement controls to counter a threat from cyber terrorists. The Federal Government team implemented controls to attempt to counter as many attack types as possible. Unfortunately, the efforts were insufficient to stop the cyber terrorist from stealing vital data. At the round conclusion, the team was successful in achieving significant increases in security indices as well as Disaster Readiness and Disaster Damage scores. As expected, the strategy of focusing solely on security caused many other indices to take significant losses. Most notable were the massive loses in Public Sentiment, which lost 57 points over the simulation duration, and Downtime, which increased by 88% by the end of the simulation. The results from the simulation rounds and the ratings received in several areas revealed the team needed to adjust strategies throughout the simulation. The varying levels of success and outright failures in some areas demonstrated to the team the great difficulties of cybersecurity. The difficulties and challenge resulted in the team learning some valuable lessons.
Harnessing unique applications that formulate effective team competencies can be greatly beneficial when nourishing team dynamics. These necessary factors create high performance levels due to consistency and team cooperation. Performance appraisal is a great way to determine team dynamics due to summative evaluations that are executed during a practice. To obtain effective team dynamics it is important that each individual motivate one another in a positive manner, provide feedback and have an open mind. In conclusion, each member of the team should not be shy introducing any new ideas during the engineering, keep in mind that there is no wrong answer and diversity and innovation is always permitted. In a nut shell, Ocean’s Eleven depicts true signs of team work, leadership and the proper power and influence a leader should have to achieve his/ her goals in life.
Data was entered into a scheduling program to ensure convergence of the schedules across all the sub-teams.
The purpose of this report is to reflect on the experiences encountered during the Everest simulation and identify how these experiences affected our decisions and relate to the course. The report includes a description and analysis of the Everest group simulation, a critical analysis of the team’s performance and results along with a critical analysis of the team’s communication interactions.
“The Forming – Norming – Storming – Performing model of team development was first proposed by Bruce Tuckman in 1965. This model has become the basis for subsequent models of team dynamics and frequently used management theory to describe the behavior of existing teams (Wikipedia).”
The purpose of this report is to reflect on my team working experience and to critically review the events of this experience. Throughout the process I kept a diary of events which I will be analysing in conjunction with Tuckman and Jensen’s (1977) model on stages of group development, these are: forming, storming, norming, preforming and adjourning.
Seven tasks must be included in consideration of team dynamics and structure. The first of which is defining the goal, mission or function of a specific team. The team must know what it is being asked to accomplish. The second area of consideration is assessing what skills, abilities, knowledge or potential to acquire such would be needed amongst selected team members. Identification of potential team members should include an assessment of the skills, knowledge and abilities or the potential to acquire such so that ultimately the team has the building blocks with which to succeed in its mission, goal or function. This assessment must include an understanding of realistic potential contributions by potential team members with the included assessment of whether or not the acquisition of skills and knowledge can be made available through research and analysis.
The role of the leader in the Everest simulation was to motivate, instruct, resolve conflict and achieve group goals. I, as the team leader, made the point of differentiating myself from a manager, to someone who was extraverted, energetic and driven, within and outside of the simulation. This involved organising location times and communication between members, drawing up the team contract and building relationships between team members beyond the classroom. During the simulation however I chose to adopt a less prominent role to minimise conflict and maximise satisfaction.
That was an excellent mechanism for providing information on the different contributions and challenges of the various camps. Moreover, their active intervention during those meetings helped stop the blaming. Finally team members must create shared views of problems and shared approaches for resolving them. Those commonalities must be acceptable to everyone if they are to provide the core for new ways of doing things. The monthly problem chats represented the beginning of process if developing acceptable approaches.
We also addressed potential barriers that we may encounter, like scheduling conflicts due to personal or work related issues & technological boundaries, for each person may be on a different level in this area. Also, the time zone factor which is the biggest & you must prioritize it for the benefit of the team & the competency of each members contributions. Trust must be earned by the team members & leader through fulfilling duties, assignments, & commitments. (Temme, J. & Katzel, J. (1995)
When first being introduced to a group, it can be quite stressful trying to figure out how you and your team members are going to function together. As with any group, there are a few milestones that need to be reached in order to ensure a functional and successful relationship. Specifically, groups need to go through Tuckman’s Group Development Stages. These stages consist of forming, storming, norming, performing, and in some scenarios, a final stage of adjourning may be reached. After participating in this assignment, we as a group were easily able to identify, and analyze, each stage of our development.
1. Competitive Advantage – Through my experiences in the Capstone Simulation I learned a great deal about running a business. First of all, recognizing your company’s competitive advantage and reinforcing it in your business plan and operations is essential for sustained success. By investing heavily in TQM, HR, and automation in the low and traditional segments, Digby was more efficient than our competitors. Thanks to our heavy investments in TQM our company’s R&D cycle times were among the industry’s best. Not only were we able to meet customer preferences in a timely manner, allowing us to secure market share, our variable costs were greatly diminished with these investments. Costs were even further diminished with
Platt, L. (1999). Virtual Teaming: Where Is Everyone?. Journal for Quality & Participation, 22(5), 41. Retrieved from http://findarticles.com/p/articles/mi_qa3616/is_199909/ai_n8872660/
My strong curiosity towards the field of Cybersecurity dates back to my pre-university days when I started reading sci-fi novels. Digital Fortress, a techno-thriller novel written by Dan Brown, explored the theme of government surveillance, security and civil liberties. This theme is brought out in the book by portraying cryptographic techniques, security policies and implications of these policies. This gravitated me towards the field of security. With little programming experience, I was eager to begin my nascent adventure in the field of Cybersecurity. Although I’ve gained exposure in the field of security during the course of my Bachelor’s degree, I believe pursuing a master’s degree in Cybersecurity will allow me to explore the field of security in greater depth and utilize it effectively to address more real-world challenges.
between norming and storming, because, as new tasks come up, the team may lapse back
The stages of team development are forming, storming, norming, performing, and adjourning. Norming is the first stage that involves team members getting to know each other and trying to figure out where they fit in. As a leader, it is important to provide clear directions and set proper goals and expectations during this stage. Storming is the next stage and as the name suggest it is characterized with struggles, challenges, conflicts, and competition among team members. During this stage, I will provide a mediating role and facilitate conversations that steers the team towards the right