.

Saturday, March 30, 2019

Cybercare Work Placement Review

Cyberc be live on Placement ReviewIgnacio Fernndez De ArroyabeThe regulate stance for this module, Work Related Module II, was at Cybercare UK. From October 2016, I fail been bob uping this activity.Cybercare UK is an organisation in London, which offers one-stop-shop to support victims of cyber crimes. The goal of the organisation is to assist victims of cyber crimes in detecting and harboring themselves. In fact, the posts of this company are advocacy for the testimonial of the individual, respecting powerfuls and responsibilities to tick trade protection measure and freedom, in consultation with government, wakeless and technical services, and kindly agencies.During the period washed-out at Cybercare, I restrain worked in a group called Cybercare agate line Rehunt Team. The objective of this aggroup has been to identify products for the gage of reckoner arrangements. For this task, we feel fol scurvyed the work methodological analysis DESP, which consist s in detecting problems and vulnerabilities, node education, and in supporting and offering protection for victims of cyber crime.In this report, we synthesise twain the activities carried out and the assessment of the experienceing outcomes. Thus, we firstly conduct a study of the activities doed, placing special emphasis in the work methodology. Secondly, we evaluate the activities carried out in terms of learning. This learning has been evaluated at three levels (i) the acquisition of knowledge, (ii) the improvement of capabilities, and finally (iii) the improvement of skills ( non only personalized skills tho also interrelatednessal and leadership skills).In the pas clock sections, I present the canvas of activities, the academic context in which they bring forth been unquestion fitting, the evaluation of activities and finally, the conclusion explaining the achievements with this Module. I enclose as Annexes the presentations that I agree elaborated for the organis ation.2. Review of ActivitiesAs a member of the Cybercare trading question Team, the work we confound done has been to go out products for the gage of calculating machine systems. Our role was to educate and provide victims of cyber crime with measures ( packet or procedures) to protect systems For warning, antivirus and search engines that provide you privacy, or network sniffers, for users with more com ordainer skills. As members of the Cybercare telephone line look Team, we took care of everyday software, for example, encrypted mail, secure VPN, secure payment methods, and so on The Table 1 shows the activities developing.Table1 Activities performed during the work with Cybercare interrogation TypeMain DutiesResearch on Antivirus and ripe Browsers-Find the best Cost/Security Antivirus.-Find the best Secure browsers that do non slow down the system.-Compatible with multiple O.S.Research on web Sniffers-Research for Network Sniffers.-Tutorials to show how to use the S oftware.Research on Network Ports-Tutorials in explaining what Network Ports are.-Research on how to close ports.2.1 take inings with the client necessitateIn the context of my activities in Cybercare Business Research Team, we note that Cybercare is a peculiar organisation in the birth with its clients since it is not only necessity to provide a service, but also it is necessary to consider the mental state of the client, as these people have suffered a cybercrime. Therefore, this makes our work touched in several waysFirst of all, when determination solutions or luck a client, we have to lead with clear and simple ideas to suspensor them. We look at that their knowledge of com instaler tools does not necessarily correspond to an expert level.Second, the psychological line, since apart from customers, they are victims of cybercrime. This means that we have to be especially sensitive, both(prenominal) in the provision of the service and in the relationship with them.Thes e two aspects have been the reason for the first meetings with the company since the relationship with the clients is fundamental.2.2 Working Methodology DESP approach. For the operation of our work, and considering the framework of the relationship with the clients, the methodology used in the company is DESP approach. This methodology work consists of four phases Detect, Educate, Support, and Protect. Through it, we provide an integral service to our clients, following the guidelines of work of the main international regulations, on the execution of information security systems (Boehm, 1991 CLUSIF, 20081 Infosec Institute, 2016 ISO, 2016). Below we describe the main aspects of the work methodologyThe first set of the work is the detection (Detect). This is probably the to the highest degree campaigning task because when a client needs help, you have to find the possible vulnerabilities or mistakes that they have do and that have allowed the hacker to enter to the system. I t is a crucial step, as all the solutions that might be applied dep dismiss on finding the problem. If the vulnerability exploited by a hacker is not detected, it bequeath not be possible to implement a solution. To make a good detection analysis, it is crucial to meet with clients, with the aim of identifying and recreating the steps followed by the hacker. For the realisation of this work, we use technical diagnostic toolkits, such as CrystalDiskInfo, which monitors the firmly ploughs and reports the state of their health, then it returns all the S.M.A.R.T. information and shows how many magazines the disk has been turned on and off (Hiyohiyo, 1998), or even the help of legal agencies (for example, the metropolitan police).The second stage of our methodology is education (Educate). At this stage, we develop an educational programme, qualified for each(prenominal) client. The purpose of this is to instruct the client so that he/she jackpot transform why it happened (identifi cation of vulnerabilities), and how to remedy it (development of information security systems). As we headspringed out above, for the development of this educational phase, we must be tolerant with the client, and very clear and didactic in the teachings, as well as in the recreation of the computer attack. Therefore, for this task, it is necessary both, the understanding and empathy of the employee as the pursual towards the client. Moreover, we have to consider, that in many cases the client does not have a high knowledge in IT, for which is essential that it is explained in a row and context that the client can understand and guard later what has been learned, perpetually taking into account that the most important intimacy is that the user can apply these remedies or the solutions taught.As a means to accomplish this task, we have used digital and blended training tools and e-learning tutorials. These educational systems have helped customers learn the use of some softwar e, for example, Zenmap. Zenmap is software from the company Nmap2, which adds an interactive GUI so that the user can easily see the networks to which it is connected, the open ports and all the interactions mingled with the computer and the network.The third stage of our methodology is Support. This stage is intended to help the client in future questions or doubts about what has been learned to protect themselves. Fui-Hoon et al. (2001), Boehm (2008) and ISO (2016) point out that this task is critical for the development of a computer security system. Cybercare considers this stage to be fundamental, un like separate consulting companies that do not give so often importance to the phase of support, in Cybercare we ensure that the customer has the best support possible. This is because if the client does not remember how to apply what they have learned to protect their dodge, they impart repeat the same mistakes made previously. For the operation of this stage, telephone supp ort is usually the most used medium, and have with online assistance, in the clients system.The last step is protection (Protect). This is the stage in which the system is already protected and the customer has already applied the recommended guidelines to keep the System safe. Normally this is the last process, unless it is necessary to repeat any of the above, either ascribable to new system vulnerabilities or bad habits and/or forgetting to follow institutionalizes to defend it. If this is successfully completed it can be said that the system is protected and that the user is out of risk.2.3 Working indoors a team surroundFor the development of our work and the performance of the same, it has been done by work on a team. The importance to the business success of teamwork is well known in the literature (McDonough, 2000 Bakker and Schaufeli, 2008). In this sense, in Cybercare, we work as a Research Team, creation team work the second pillar on which the methodological work is supported. In this context, the coordination and interaction mingled with the team members were very important, with the aim of finding solutions for our clients, which can satisfy them in all aspects both economic and practical security.My working group was Cybercare Business Research Team. The goal was to work on finding cybersecurity solutions for each client. The assignment of the tasks in our work team was based on the type of products needed. Thus, each member of the group work in one type of product. In my case, I was responsible for the antivirus software. For this task, I elaborated a list with all the antivirus that were on the market and relegate them considering two conditions, the price and the direct system of the client also for peregrine devices, such as smartphones, PDAs, etc. The second product I had to search in my working group, was secure browsers. In order to perform this assignment, I had to find the best secure browsers that offered the most securi ty and privacy to the user, for the unlike operating systems, which could allow them to navigate the network with the highest security possible.However, in our topographic point as students with not much experience in the organisation environs, it was difficult at first to be able to coordinate and divide the assignments properly. This is a fundamental component since in any passe-partout environment the coordination of workers is a critical element, which is why we try hard to learn from it. The situation among the teammates, disposed(p) that we all have the same background (IT), made intercourse mingled with us easier since in technical terms we all understood each other.2.4 Presentations for employers, clients and team membersIn the implementation of our work methodology, a key element is the presentation of our publications to employers, clients and members of the others groups. This methodology followed in Cybercare was considered critical, as Fincham (1999) points out , it facilitates the learning, the interaction and the trust between the company and the clients (Fincham, 1999 Nah et al. 2003). In addition, teamwork call for that each member of the Research Business Team had to present at the meetings our results and recommendations, both in terms of solutions and products. Hence, I have made several presentations during my work with Cybercare. In these presentations I showed the characteristics, the prices and the period that would take to get the software or product to be in operation for the company.2.5 Find the right products for customersAs a member of the Cybercare Research Business Team, our work was based on the search for products that offered security for our clients. For this, we looked for products the most affordable as possible, preferably free, since in many cases the user or customer formeritises the software to be free or very low cost.One of the products to look for the clients was an antivirus and secure browsers. For this, we elaborated a comparative spreadsheet (Annexe 1), in which we explain the features of the antivirus and the secure browsers. We also prioritise the cost, thus obtaining two antiviruses per operating system (one free and another low cost but with features wagerer than the free), and secure browsers by operate System.For the realisation of this work, apart from the Internet search, we had to clutch companies to ask about their products specification, for example, Panda Security. The objective was to clarify the various products and classify them both in security level and in cost.3. Academic sceneThe work placement is related to my course in many ways. Firstly, it has allowed me to put into practice the knowledge acquired in the modules developed in my Bachelor. Especially, I would like to point out that the knowledge acquired in the CC6004 Network and Cloud Security, CS5001 Networks and Operating Systems and CC5004 Security in Computing modules, have been useful in the accompl ishment of my work at Cybercare.Secondly, I had the possibility of interacting with other colleagues, of whom I have acquired knowledge in other areas, which I did not have prior knowledge, or in which my knowledge was superfluous. This is the case, for example, network security or software security.In addition to the implementation of the knowledge acquired in my BSc, I have had the opportunity to improve my capabilities and skills. Working in a company has helped me to summation first-hand in-depth knowledge, not only on customers needs but also on new working methodologies and learned to interact with other colleagues.4. Activities Evaluation4.1 Dealing with the client needsSince my experience in a company environment was not as extensive as some of my colleagues, I did not have the opportunity in prior working occasions to deal with clients needs. This, in turn, resulted in that I had to learn many things, which helped me develop my skills and abilities. Specifically, I have de veloped my client orientation competencies, as the relationship with them was lie towards the search for adequate protection solutions, in terms of money and time of implementation. Furthermore, I have improved my skills of interrelating with people, especially in dealing with clients. In this respect, we have to consider not only the classic supplier-customer interaction but also we had to qualify the clients psychological state, as the victim of a cyber-attack. This was helpful to see what the requirements in company environment are. As a result of this, I developed my personal skills, such as work and time management and organisational capabilities.4.2 DESP approachAs pointed out earlier, DESP approach follows the standards of consulting in the information firmament. This system is very effective in solving cyberattack problems, which has required being able to detect, educate, implement and assist the client, developing and learning to better go bad systems and problems deriv ed from malware or intrusion to the system. This has allowed me to assimilate this methodology, as well as to know how and when to implement it properly and to learn the international standards of computer security.This experience has candid me the doors to a learning process and therefore an increase in my personal skills and abilities, which pass on allow me in the future to work in the consultancy sector. Windolf (1986) and true sparrow (2007) point out that in the recruitment of personnel in the consultancy sector the most valued capacities are to detect, educate, implement and help the client.4.3 Working within a team environmentThe next challenge for me has been group work. Although at university we have experiences in group work, for example, the elaboration of coursework. However, the experience of a professional job has enriched me in my skills both in a personal relationship and in management.The group work, has in first place, meant the need to plan and trick out the tasks in the team. This interaction has been a very interesting experience, for example, analysing the criteria for dividing tasks and adjusting a work plan to the needs of the client.Additionally, in some tasks, I have developed the coordination role. This has allowed me to gain experience in the management of work teams. Having to learn, listen, coordinate, motivate, and lead a team.4.4 Presentations for employers, clients and team members face-to-facely, before working at Cybercare, I did not have much experience in presentations in a business environment, outdoor(a) the strictly academic. This experience has, therefore, helped me greatly to improve my presentation skills, in presentations with employers, clients, and team members.More in detail, the presentations meant the implementation of our communication skills, especially in the infection of ideas, which have to be especially good to be able to exhibit and convince the possible client about the solutions or products more suitable for their Computer security problems. In addition, considering that clients were not IT experts, we had to make a communication effort, to simplify some terms, for example, VPN, Network Sniffer, etc. In addition, attending presentations of other teams helped me to increase my knowledge in areas in which I had not much prior knowledge, such as Networks Sniffers products (this is the case of Wireshark, Nmap or Zenmap).4.5 Find the right products for customersAs already mentioned, much of the time working for the company was spent looking for the products and applications most appropriate to the needs of customers. The best example has been to search, fail and classify the best antivirus that can be found on the market. This has required looking at all the antivirus for all operating systems, their functions, and features, considering aspects such as the price and the number of licenses that can be obtained for that price. So make a chart with the main features and prices. I n order to be able to find products to recommend to customers, we had to acquire an exhaustive knowledge about the product and the market, to a fault identifying the needs of the customer or user.As a conclusion to this work, this helped me to understand that each customer has different necessities and therefore the product has to be adapted to these needs, thereby increasing my analytical skills greatly improved after this situation (see Table 2). Also, gain a thorough knowledge of antivirus.Table 2 Skills, Knowledge and Capabilities gather.SkillsCapabilitiesKnowledgeClientsPersonalInteractionOrientation to the clientsClient interpositionDESPPersonalConsultantWork MethodologyWorking TeamPersonalInteractionDirectionDefine and eradicate the problemNetworksTeam WorkSolutionsPersonalAnalyticsAnti-Virus,Secure BrowsersNetwork Sniffers5. ChallengesAs in all jobs, pauperization is always a great ally in order to perform a task properly. At first you are very motivate to have achieved that position, but then irremediably with the passage of time is just falling into a routine, which ends up gradually losing your motivation, and instead of being something special that put one ampere-second percent, You end up just putting what you echo is just necessary to complete the task.In my case, I always try to be motivated, with ideas, with previously read material to extend my knowledge on the field. But sometimes it is impossible to keep that motivation all the time. For example in my case, to get down to work, I have to travel an hr and a half between trains and the underground. At the beginning, I used that time to read the extra material, that could give me a better idea of the affair that was going to be working that day, but in the end, I end up not reading on trains, usually for privation of motivation. This I think has been one of the great challenges for me, to keep the motivation to one hundred percent, to be able to take full advantage of the experience o f working in the company Cybercare.Another great challenge that I had when it comes to successfully carry out the work with the organisation Cybercare, has been the product presentations. This was due to my lack of experience in professional presentations (not academic, since I have had numerous presentations at the University), since professional presentations require a more practical knowledge of the products (such as cost of a product, the availability, the time it would take to have such a product), plus you have to present only what is important, since the rest of the things you say will not serve to the company at all, therefore, they would not pay anxiety. This has been from my point of view the most difficult challenge, getting the audience (employers and clients) to pay attention and being able to convey the main characteristics of the product. Compared to presentations at an academic level, in which data, such as the history of the product, origin, how you ended up reachi ng that product, etc., are very important. In the presentations at a business level, the important thing is why would the company invest in this product, which is what it makes it better than the rest of the product, and when will they have it.6. ConclusionIn conclusion, after working with Cybercare since last October (2016), I have noticed that I have improved in my personal, interrelation and leadership skills. Being in a business environment the train by the employers is maximum, so you have to do your best to be able to meet deadlines, and correctly perform the tasks ordered.The Learning outcomes (LO) have helped me to set goals to meet. With the logbooks, I have been able to summarise what I have done during this time, and it has helped me to review the feedback of the employees so that I was able to improve every week.In normal terms, the Work Related Module II module has helped me to put into practice my theoretical knowledge learned in the University and has prepared me fo r the business knowledge base for when I finish my bachelor.ReferencesBakker, A.B. and Schaufeli, W.B. (2008). Positive organisational behavior Engaged employees in well-to-do organizations. Journal of Organizational Behavior, 29(2), 147-154.Boehm, B.W. (1991). Software risk management principles and practices. IEEE Software Journal,8, 32-41.Boehm, B.W. (2008). assessment of the Effectiveness and Efficiency of an Information Security Management System establish on ISO 27001. SECURWARE, 8, 224-231.CLUSIF (2008). Risk Management. Concepts and Methods. Club de la Securite Infomatique, Paris, France.Fincham, R. (1999). The consultant-client relationship Critical perspectives on the management of organizational change. Journal of Management Studies, 36(3), 335-351.Fui-Hoon Nah, F., Lee-Shang Lau, J. and Kuang, J. (2001). Critical factors for successful implementation of enterprise systems. Business Process Management Journal, 7(3), 285-296.Hiyohiyo (1998) CrystalDiskInfo software cr ystal dew world. acquirable at http//crystalmark.info/software/CrystalDiskInfo/index-e.html (Accessed 12 January 2017).Infosec Institute (2016). IT Auditing and Controls Planning the IT Audit. Infosec Institute. http//resources.infosecinstitute.com/itac-planning/grefISO (2016). ISO/IEC 27001 Information security management. ISO. http//www.iso.org/iso/iso27001McDonough, E. F. (2000). Investigation of factors contributing to the success of crossfunctional teams. Journal of crossroad Innovation Management, 17(3), 221-235.Nah, F.H., Zuckweiler, K.M.and Lee-Shang Lau, J. (2003). ERP implementation chief information officers perceptions of critical success factors. worldwide Journal of military man-Computer Interaction, 16(1), 5-22.Sparrow, P.R. (2007). Globalization of HR at function level four UK-based case studies of the international recruitment and selection process. The International Journal of Human Resource Management, 18(5), 845-867.Windolf, P. (1986). Recruitment, selectio n, and internal labour markets in Britain and Germany. Organization Studies, 7(3), 235-254.Annexe 1 Presentation on Antivirus and Secure browsersAnnexe 2 Presentation on Network SniffersAnnexe 3. Presentation on Network Ports (Windows)1 CLUSIF Club de la Scurit de lInformation Franais (https//clusif.fr/).2 Nmap Security (NMAP.ORG, https//nmap.org/zenmap/).

No comments:

Post a Comment