Countermeasures White Paper

Vulnerability Countermeasures and Costs
Countermeasures
Malwares. Malwares come in form of ransomware, Trojans, and worms, all which are malicious in nature that have multiple negative effects on user data, systems, networks, and compromises security. While the simplest countermeasure against malwares is installation of antivirus programs, it is also important to include a multilayered approach that will include installation of deep-packet inspection firewalls, email virus scanners, intrusion detection systems (IDs), in additional to training employees on awareness.
Phishing Attacks (Social Engineering). The tricksters target victims to give account credentials through software downloads via email attachments from purportedly known sources. To counter this vulnerability, it is critical to install email virus detection tools, utilize multifactor authentication, enhance employee security awareness through trainings, and implement the policy of least privilege – this ensures that user access is limited to amount required to execute their duties.
Use of Internet of Things Devices. Many smart devices like printers, coffee makers, refrigerators and have Wi-Fi capabilities for ease of access. However, attackers easily hijack and use them to compromise networks for further attacks. In addition, some of the users do not realize that the devices they own are quite sophisticated and their lack of knowledge makes a vulnerability conduit. In order to reduce the risk, implementation of security audits to establish vulnerability of those assets is critical as an accountability of cybersecurity strategy.
Company Employees. Most organizations are prone to security vulnerabilities through their own employees, which occurs either intentionally or accidentally. When an employee abuses their access privileges for personal gain, or gives out their login credentials to the wrong

Person, it makes it possible for breaches to occur. The best counter-measure for such scenarios is to implement policies of least privilege, whereby not too much information can be accessed at a given time, and also implementing audit trails to track every activity of an employee. Employees can also be trained not to fall prey to social-engineering attacks to enable them detect phishing attempts (Dosal, 2018).
Cost Implication
The ideal and most viable approach to implementing vulnerability countermeasures, is establishing an optimal balance between the intrusion damages and response costs (Granadillo, et. al, 2015). Therefore, balancing is a risk analysis process that helps to value information assets (software or hardware) based on replacement or recovery cost. It is also important to estimate the potential loss for every risk and the likelihood of a risk occurring based on previous experience (TechTarget, 2007). In sum, organizations that have leaner budgets are most often unable to invest heavily on security if they are not certain of their Return on Investment in the security assets.
Critical Issues in Cybersecurity Management and Technology Policy
Skills Gap. The growth of cybercrime, which got many organizations by surprise indicates that there is a significant gap in the skills required to effectively implement cybersecurity. As a result, many of the security practitioners do not understand the scale and scope of their roles, making it difficult for other business staff to acknowledge what impact the different assets they use in the organization require securing.
Explosion of Endpoints. The explosive nature and number of connected devices is overwhelming, hence overrides the earlier security and compliance mechanisms that relied exclusively on securing only Ethernet-based networks. With billions of endpoints responsible for

Running networks or organizations, the amount of effort required to secure so many devices has continued to increase operational costs, hence stretching organizations’ abilities to ensure each device is compliant with industry standards (People of Tripwire, 2016).
Continuous rise in integrity attacks: Threats continue to occur in a more sophisticated manner and this requires being abreast with how to manage these new sophistication.
Long-term impacts of cybersecurity: While cybersecurity was viewed from chronic tactic issues, it is obvious that based on the impacts, the perspective has to shift into changing mindset from short-term expensive fixes to long-term treatment of the challenges of cybersecurity (McAfee Labs, 2016).
Cybersecurity Creates need for more Hardware. Evidently, the evolution of attackers though sophistication has created the need to invent and expand more hardware systems or devices to better manage the newer threats. At the same time, this leads to an increased cost.
Physical-Digital Convergence. There is a marked meeting point between enterprise and industrial teams as a result of Internet of Things and Industrial Internet of Things. Therefore, there is need to streamline, and align protection on critical infrastructure.
Cyber Warfare Principles
Lack of Physical Limitations: In the cyber world, distance and physical barriers are non-existent. Both attacks and defense can be executed without the necessity to be physically present at the point of attack or defense.
Kinetic World Effects: Every attack must have an effect on someone or something in the real world, which means that even in its covert nature, attacks must get the attention of the victims.

Stealth. While everything happens in invisible manner, it is important that at least someone is looking and is able to recognize that covert activity. Therefore, the camouflage can only make sense once there is data movement or system manipulation which ought to be noticed.
Privileges and Identity: Any identity in the cyber world has the ability, authority or access to perform a given action desired by an attacker. Which means that every part of the cyber world is controlled by human beings (Parks & Duggan, 2011).
Key Initiatives in International Cybersecurity Policy Advances
Need for Cooperation. There is exists acceptance for the need to forge cooperation among nations and states to mitigate threats of cyberattacks on critical infrastructure, cybercrime, electronic espionage, and bulk data interception (Council on Foreign Relations, 2018). Furthermore, the US has continued to initiate relationships including interagency partners with a view to promote a framework of international cyber stability that is aimed at achieving and maintaining peaceful cyberspace, with all states harnessing benefits from this pragmatic cooperation against online threats. This will also lead to all states conforming to international laws governing their behavior on cyber space (Painter, 2016).
Cybersecurity Standards Organizations
There are numerous standards established to provide a uniform security standards platform, and all the standards are applicable to all organizations. Some of these cybersecurity standards organizations include: Federal Information Security Management Act, Health Insurance Portability and Accountability Act, ISO/IEC 27001 (IT Governance, nd.).

Reference
Council on Foreign Relations (2018). Increasing International Cooperation in Cybersecurity and Adapting Cyber Norms. Retrieved https://www.cfr.org/report/increasing-international-cooperation-cybersecurity-and-adapting-cyber-norms
Dosal, E. (2018). Top 5 Cybersecurity Threats and Vulnerabilities. Retrieved https://www.compuquip.com/blog/top-5-cybersecurity-threats-and-vulnerabilities
Granadillo, G. D. G., Garcia-Alfaro, J., Debar, H., Ponchel, C., and Rodriguez-Martin, L. (2015). Considering Technical and Financial Impact in the Selection of Security Countermeasures against Advanced Persistent Threats. Retrieved https://hal.archives-ouvertes.fr/hal-01263402v2/document
IT Governance (n.d.). Cybersecurity Standards. Retrieved https://2009-2017.state.gov/s/cyberissues/releasesandremarks/257719.htm
McAfee Labs (2016). Critical Issues Challenge Cybersecurity Professionals. Retrieved https://securingtomorrow.mcafee.com/business/critical-issues-challenge-cybersecurity-professionals/
Painter, C. (2016). International Cybersecurity Strategy: Deterring Foreign Threats and Building Global Cyber Norms. Retrieved https://2009-2017.state.gov/s/cyberissues/releasesandremarks/257719.htm
Parks, C. P. and Duggan, P. D. (2011). Principles of Cyberwarefare. Retrieved http://pages.erau.edu/~andrewsa/bumgarner3_1.pdf

People of Tripwire (2016). Understanding Five Key Challenges to Security, Compliance, and IT Ops. Retrieved https://www.tripwire.com/state-of-security/security-data-protection/understanding-five-key-challenges-to-security-compliance-and-it-ops/
TechTarget (2007). Balancing the Cost and Benefits of Countermeasures. Retrieved https://searchsecurity.techtarget.com/feature/Balancing-the-cost-and-benefits-of-countermeasures