Cybercare Work Placement Review

Cyberc ar melt Placement ReviewIgnacio Fernndez De ArroyabeThe cultivate placement for this module, Work Related Module II, was at Cyberc be UK. From October 2016, I carry been developing this activity.Cybercare UK is an organisation in London, which offers one-stop-shop to abide dupes of cyber crimes. The goal of the organisation is to assist victims of cyber crimes in detecting and protecting themselves. In fact, the aims of this company are advocacy for the tax shelter of the individual, respecting rights and responsibilities to ensure tribute and freedom, in consultation with government, sanctioned and technical services, and charitable agencies.During the time spent at Cybercare, I throw away act uponed in a classify c anyed Cybercare contrast Research Team. The objective of this team has been to identify harvest-festivals for the earnest dodge of computer systems. For this task, we pose fol abjected the build methodology DESP, which consists in detecting proble ms and vulnerabilities, customer education, and in musical accompaniment and offering protection for victims of cyber crime.In this report, we synthesise some(prenominal) the activities carried out and the assessment of the learning outcomes. Thus, we firstly conduct a review of the activities performed, placing especial(a) emphasis in the work methodology. Secondly, we evaluate the activities carried out in terms of learning. This learning has been evaluated at three levels (i) the acquisition of companionship, (ii) the improvement of capabilities, and finally (iii) the improvement of skills (not only personal skills nevertheless too interrelational and leadership skills).In the following sections, I present the review of activities, the academic context in which they incur been developed, the evaluation of activities and finally, the conclusion explaining the achievements with this Module. I bring out as Annexes the presentations that I guard elaborated for the organisatio n.2. Review of ActivitiesAs a member of the Cybercare Business Research Team, the work we stick out done has been to invite harvest-homeions for the security of computer systems. Our role was to educate and provide victims of cyber crime with measures (software or procedures) to protect systems For example, antivirus and search engines that provide you covert, or network sniffers, for users with more computer skills. As members of the Cybercare Business Research Team, we took care of everyday software, for example, encrypted mail, secure VPN, secure payment methods, etc. The Table 1 shows the activities developing.Table1 Activities performed during the work with CybercareResearch TypeMain DutiesResearch on Antivirus and Secure Browsers-Find the trump out Cost/Security Antivirus.-Find the outperform Secure browsers that do not slow down the system.-Compatible with multiple O.S.Research on vane Sniffers-Research for internet Sniffers.-Tutorials to show how to use the Software. Research on Network Ports-Tutorials in explaining what Network Ports are.-Research on how to close ports.2.1 Dealing with the lymph node wishsIn the context of my activities in Cybercare Business Research Team, we note that Cybercare is a peculiar organisation in the relationship with its leaf nodes since it is not only necessary to provide a service, but also it is necessary to consider the psychological state of the client, as these people have suffered a cybercrime. Therefore, this makes our work affected in several waysFirst of all, when determination solutions or championing a client, we have to lead with gather in and simple ideas to help them. We assume that their knowledge of computer tools does not necessarily correspond to an dexterous level.Second, the psychological situation, since apart from customers, they are victims of cybercrime. This subject matter that we have to be especially sensitive, both in the provision of the service and in the relationship with the m.These two aspects have been the reason for the first meetings with the company since the relationship with the clients is fundamental.2.2 Working Methodology DESP approach. For the accomplishment of our work, and considering the framework of the relationship with the clients, the methodology used in the company is DESP approach. This methodology work consists of four phases Detect, Educate, Support, and Protect. Through it, we provide an integral service to our clients, following the guidelines of work of the main international regulations, on the experienceation of teaching security systems (Boehm, 1991 CLUSIF, 20081 Infosec Institute, 2016 ISO, 2016). Below we delimitate the main aspects of the work methodologyThe first stage of the work is the detection (Detect). This is probably the most challenging task because when a client needs help, you have to find the assertable vulnerabilities or mistakes that they have made and that have throw ined the hacker to enter to the sys tem. It is a crucial step, as all the solutions that might be employ depend on finding the problem. If the vulnerability exploited by a hacker is not detected, it impart not be possible to implement a solution. To make a good detection analysis, it is crucial to meet with clients, with the aim of identifying and recreating the steps followed by the hacker. For the realisation of this work, we use technical diagnostic toolkits, such as CrystalDiskInfo, which monitors the hard disks and reports the state of their health, then it returns all the S.M.A.R.T. information and shows how many an otherwise(prenominal) times the disk has been turned on and off (Hiyohiyo, 1998), or even the help of legal agencies (for example, the metropolitan police).The second stage of our methodology is education (Educate). At this stage, we develop an educational programme, suitable for all(prenominal) client. The purpose of this is to instruct the client so that he/she can come across why it happened (identification of vulnerabilities), and how to remedy it (development of information security systems). As we pointed out above, for the development of this educational phase, we must be patient with the client, and very clear and didactic in the teachings, as well as in the recreation of the computer attack. Therefore, for this task, it is necessary both, the understanding and empathy of the employee as the interest towards the client. muchover, we have to consider, that in many events the client does not have a high knowledge in IT, for which is essential that it is explained in a language and context that the client can understand and apply later what has been learned, always taking into account that the most important thing is that the user can apply these remedies or the solutions taught.As a means to accomplish this task, we have used digital and blended training tools and e-learning tutorials. These educational systems have helped customers learn the use of some software, for example, Zenmap. Zenmap is software from the company Nmap2, which adds an interactive graphical user interface so that the user can easily see the networks to which it is connected, the open ports and all the interactions between the computer and the network.The third stage of our methodology is Support. This stage is intended to help the client in future questions or doubts active what has been learned to protect themselves. Fui-Hoon et al. (2001), Boehm (2008) and ISO (2016) point out that this task is fine for the development of a computer security system. Cybercare considers this stage to be fundamental, unlike other consulting companies that do not give so much importance to the phase of support, in Cybercare we ensure that the customer has the best support possible. This is because if the client does not remember how to apply what they have learned to protect their System, they will repeat the same mistakes made previously. For the accomplishment of this stage, telephon e support is usually the most used medium, and combined with online assistance, in the clients system.The last step is protection (Protect). This is the stage in which the system is already protected and the customer has already applied the recommended guidelines to keep the System safe. Normally this is the last process, unless it is necessary to repeat any of the above, either due to new system vulnerabilities or bad habits and/or forgetting to follow practices to defend it. If this is success luxurianty completed it can be said that the system is protected and that the user is out of risk.2.3 Working within a team environmentFor the development of our work and the performance of the same, it has been done by working on a team. The importance to the business success of teamwork is well known in the literature (McDonough, 2000 Bakker and Schaufeli, 2008). In this sense, in Cybercare, we work as a Research Team, be team work the second pillar on which the methodological work is su pported. In this context, the coordination and interaction between the team members were very important, with the aim of finding solutions for our clients, which can satisfy them in all aspects both economic and practical security.My working group was Cybercare Business Research Team. The goal was to work on finding cybersecurity solutions for each client. The assignment of the tasks in our work team was based on the grapheme of products needed. Thus, each member of the group specialised in one type of product. In my case, I was responsible for the antivirus software. For this task, I elaborated a list with all the antivirus that were on the market and classified them considering two conditions, the price and the operating system of the client also for mobile devices, such as smartphones, PDAs, etc. The second product I had to research in my working group, was secure browsers. In order to perform this assignment, I had to find the best secure browsers that offered the most security and privacy to the user, for the various operating systems, which could allow them to navigate the network with the highest security possible.However, in our situation as students with not much experience in the organisation environment, it was difficult at first to be able to coordinate and divide the assignments properly. This is a fundamental element since in any professional environment the coordination of workers is a critical element, which is why we discover hard to learn from it. The situation among the teammates, given that we all have the same background (IT), made communication between us easier since in technical terms we all understood each other.2.4 notifications for employers, clients and team membersIn the implementation of our work methodology, a key element is the presentation of our results to employers, clients and members of the others groups. This methodology followed in Cybercare was considered critical, as Fincham (1999) points out, it facilitates the lear ning, the interaction and the trust between the company and the clients (Fincham, 1999 Nah et al. 2003). In addition, teamwork required that each member of the Research Business Team had to present at the meetings our results and recommendations, both in terms of solutions and products. Hence, I have made several presentations during my work with Cybercare. In these presentations I showed the characteristics, the prices and the time that would take to get the software or product to be in operation for the company.2.5 Find the right products for customersAs a member of the Cybercare Research Business Team, our work was based on the search for products that offered security for our clients. For this, we looked for products the most affordable as possible, preferably free, since in many cases the user or customer prioritises the software to be free or very low cost.One of the products to look for the clients was an antivirus and secure browsers. For this, we elaborated a comparative sp readsheet (Annexe 1), in which we explain the features of the antivirus and the secure browsers. We also prioritise the cost, thus obtaining two antiviruses per operating system (one free and another low cost but with features better than the free), and secure browsers by Operating System.For the realisation of this work, apart from the Internet search, we had to contact companies to ask about their products specification, for example, Panda Security. The objective was to clarify the various products and classify them both in security level and in cost.3. Academic ContextThe work placement is related to to my course in many ways. Firstly, it has allowed me to put into practice the knowledge acquired in the modules developed in my Bachelor. Especially, I would like to point out that the knowledge acquired in the CC6004 Network and Cloud Security, CS5001 Networks and Operating Systems and CC5004 Security in Computing modules, have been useful in the accomplishment of my work at Cyber care.Secondly, I had the possibility of interacting with other colleagues, of whom I have acquired knowledge in other areas, which I did not have prior knowledge, or in which my knowledge was superfluous. This is the case, for example, network security or software security.In addition to the implementation of the knowledge acquired in my BSc, I have had the probability to improve my capabilities and skills. Working in a company has helped me to supercharge first-hand in-depth knowledge, not only on customers needs but also on new working methodologies and learned to interact with other colleagues.4. Activities Evaluation4.1 Dealing with the client needsSince my experience in a company environment was not as extensive as some of my colleagues, I did not have the opportunity in prior working occasions to deal with clients needs. This, in turn, resulted in that I had to learn many things, which helped me develop my skills and abilities. Specifically, I have developed my client orient ation competencies, as the relationship with them was oriented towards the search for adequate protection solutions, in terms of money and time of implementation. Furthermore, I have improved my skills of interrelating with people, especially in dealing with clients. In this respect, we have to consider not only the classic supplier-customer interaction but also we had to qualify the clients psychological state, as the victim of a cyber-attack. This was helpful to see what the requirements in company environment are. As a result of this, I developed my personal skills, such as work and time management and organisational capabilities.4.2 DESP approachAs pointed out earlier, DESP approach follows the standards of consulting in the information sector. This system is very effective in solving cyberattack problems, which has required be able to detect, educate, implement and assist the client, developing and learning to better analyse systems and problems derived from malware or intrusi on to the system. This has allowed me to assimilate this methodology, as well as to know how and when to implement it properly and to learn the international standards of computer security.This experience has opened me the doors to a learning process and therefore an increase in my personal skills and abilities, which will allow me in the future to work in the consultancy sector. Windolf (1986) and Sparrow (2007) point out that in the recruitment of personnel in the consultancy sector the most valued capacities are to detect, educate, implement and help the client.4.3 Working within a team environmentThe next challenge for me has been group work. Although at university we have experiences in group work, for example, the cultivation of coursework. However, the experience of a professional job has enriched me in my skills both in a personal relationship and in management.The group work, has in first place, meant the need to plan and organise the tasks in the team. This interaction ha s been a very interesting experience, for example, analysing the criteria for dividing tasks and adjusting a work plan to the needs of the client.Additionally, in some tasks, I have developed the coordination role. This has allowed me to get in experience in the management of work teams. Having to learn, listen, coordinate, motivate, and lead a team.4.4 Presentations for employers, clients and team membersPersonally, before working at Cybercare, I did not have much experience in presentations in a business environment, outside the strictly academic. This experience has, therefore, helped me greatly to improve my presentation skills, in presentations with employers, clients, and team members.More in detail, the presentations meant the implementation of our communication skills, especially in the transmission of ideas, which have to be especially good to be able to express and convince the possible client about the solutions or products more suitable for their Computer security probl ems. In addition, considering that clients were not IT experts, we had to make a communication effort, to simplify some terms, for example, VPN, Network Sniffer, etc. In addition, attending presentations of other teams helped me to increase my knowledge in areas in which I had not much prior knowledge, such as Networks Sniffers products (this is the case of Wireshark, Nmap or Zenmap).4.5 Find the right products for customersAs already mentioned, much of the time working for the company was spent looking for the products and applications most appropriate to the needs of customers. The best example has been to search, analyse and classify the best antivirus that can be found on the market. This has required looking at all the antivirus for all operating systems, their functions, and features, considering aspects such as the price and the number of licenses that can be obtained for that price. So make a chart with the main features and prices. In order to be able to find products to re commend to customers, we had to acquire an exhaustive knowledge about the product and the market, besides identifying the needs of the customer or user.As a conclusion to this work, this helped me to understand that each customer has different necessities and therefore the product has to be adapted to these needs, thereby increasing my analytical skills greatly improved after this situation (see Table 2). Also, gain a thorough knowledge of antivirus.Table 2 Skills, Knowledge and Capabilities gather.SkillsCapabilitiesKnowledgeClientsPersonalInteractionOrientation to the clientsClient treatmentDESPPersonalConsultantWork MethodologyWorking TeamPersonalInteractionDirectionDefine and eradicate the problemNetworksTeam WorkSolutionsPersonalAnalyticsAnti-Virus,Secure BrowsersNetwork Sniffers5. ChallengesAs in all jobs, motivation is always a great ally in order to perform a task properly. At first you are very motivated to have achieved that position, but then irremediably with the passage of time is just falling into a routine, which ends up gradually losing your motivation, and instead of being something special that put one hundred percent, You end up just putting what you think is just necessary to complete the task.In my case, I always try to be motivated, with ideas, with previously read material to extend my knowledge on the field. But sometimes it is impossible to keep that motivation all the time. For example in my case, to get down to work, I have to travel an hour and a half between trains and the underground. At the beginning, I used that time to read the extra material, that could give me a better idea of the topic that was going to be working that day, but in the end, I end up not information on trains, usually for lack of motivation. This I think has been one of the great challenges for me, to keep the motivation to one hundred percent, to be able to take full advantage of the experience of working in the company Cybercare.Another great challenge that I had when it comes to successfully carry out the work with the organisation Cybercare, has been the product presentations. This was due to my lack of experience in professional presentations (not academic, since I have had numerous presentations at the University), since professional presentations require a more practical knowledge of the products (such as cost of a product, the availability, the time it would take to have such a product), plus you have to present only what is important, since the rest of the things you say will not serve to the company at all, therefore, they would not pay attention. This has been from my point of view the most difficult challenge, getting the audience (employers and clients) to pay attention and being able to convey the main characteristics of the product. Compared to presentations at an academic level, in which data, such as the history of the product, origin, how you ended up reaching that product, etc., are very important. In the presentation s at a business level, the important thing is why would the company invest in this product, which is what it makes it better than the rest of the product, and when will they have it.6. ConclusionIn conclusion, after working with Cybercare since last October (2016), I have noticed that I have improved in my personal, interrelation and leadership skills. Being in a business environment the demand by the employers is maximum, so you have to do your best to be able to meet deadlines, and correctly perform the tasks ordered.The Learning outcomes (LO) have helped me to set goals to meet. With the logbooks, I have been able to summarise what I have done during this time, and it has helped me to review the feedback of the employees so that I was able to improve every week.In general terms, the Work Related Module II module has helped me to put into practice my theoretical knowledge learned in the University and has prepared me for the business reality for when I finish my bachelor.Referenc esBakker, A.B. and Schaufeli, W.B. (2008). Positive organisational behavior Engaged employees in flourishing organizations. Journal of Organizational Behavior, 29(2), 147-154.Boehm, B.W. (1991). Software risk management principles and practices. IEEE Software Journal,8, 32-41.Boehm, B.W. (2008). Appraisal of the lastingness and Efficiency of an Information Security Management System Based on ISO 27001. SECURWARE, 8, 224-231.CLUSIF (2008). Risk Management. Concepts and Methods. Club de la Securite Infomatique, Paris, France.Fincham, R. (1999). The consultant-client relationship Critical perspectives on the management of organisational change. Journal of Management Studies, 36(3), 335-351.Fui-Hoon Nah, F., Lee-Shang Lau, J. and Kuang, J. (2001). Critical factors for successful implementation of enterprise systems. Business Process Management Journal, 7(3), 285-296.Hiyohiyo (1998) CrystalDiskInfo software crystal dew world. Available at http//crystalmark.info/software/CrystalDiskInf o/index-e.html (Accessed 12 January 2017).Infosec Institute (2016). IT Auditing and Controls Planning the IT Audit. Infosec Institute. http//resources.infosecinstitute.com/itac-planning/grefISO (2016). ISO/IEC 27001 Information security management. ISO. http//www.iso.org/iso/iso27001McDonough, E. F. (2000). Investigation of factors contributing to the success of crossfunctional teams. Journal of Product Innovation Management, 17(3), 221-235.Nah, F.H., Zuckweiler, K.M.and Lee-Shang Lau, J. (2003). ERP implementation chief information officers perceptions of critical success factors. foreign Journal of Human-Computer Interaction, 16(1), 5-22.Sparrow, P.R. (2007). Globalization of HR at function level four UK-based case studies of the international recruitment and selection process. The International Journal of Human Resource Management, 18(5), 845-867.Windolf, P. (1986). Recruitment, selection, and internal labour markets in Britain and Germany. Organization Studies, 7(3), 235-254. Annexe 1 Presentation on Antivirus and Secure browsersAnnexe 2 Presentation on Network SniffersAnnexe 3. Presentation on Network Ports (Windows)1 CLUSIF Club de la Scurit de lInformation Franais (https//clusif.fr/).2 Nmap Security (NMAP.ORG, https//nmap.org/zenmap/).