Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Risks, Standards, and Procedures / Enterprise Security Strategy Plan Instruction

ID: 3882189 • Letter: R

Question

Risks, Standards, and Procedures / Enterprise Security Strategy Plan

Instructions: Create a post discussing the Scenario. In NO LESS than 400 words, answer the following questions.

SCENARIO:

You just became the lead security person at a small company. Assume normal setup, e-mail, company Web site, internal servers, and so forth. Although your title is not chief security officer (CSO), you report directly to the chief information officer (CIO). The person who was previously in your position moved out of state and does not respond to calls or e-mails. The CIO tells you, "You have 90 days to get that area together! I want to see your high-level approach by Monday morning." You have three inexperienced but energetic people on your team, and it is Friday afternoon.

a) What are the 4 key actions you need to take within the first 90 days (or sooner) and explain why for each?

b) Who will be involved and the reasons why?

c) Include a full explanation of the benefits of taking these actions provided for questions A & B.

Explanation / Answer

If you have any problems with the answer or want me to edit the answer, just let me know in the comments and I will try to get on to it as soon as possible. Do give a positive rating if you think this answer helped.

The course of action needs to be able to respond to all the challenges in the previous model of security appropriately. Therefore for the first phase of the beginning, the system will be tested for any imperfections and any exploits that could cause the system to fall. Only after this assessment process the next steps will be developed and taken into consideration. The staff needs to be taken into account before implementing the level of security because it should be easy for them to maintain and implement.

Second steps would be to categorize and prioritize the infrastructure and machines required for further development of the new architecture and the tools that need to be implemented.

Thirdly the staff needs to be trained and updated and new security protocols need to be set to be followed by them. This should include the penalties for compromising the integrity of the system.

In the last phase, goals will be created, that would help the security team realize the scope of their responsibilities and risks and the stretching the plan for further flexibility will be performed.

In the first phase all the members of the team will be consulted because it is important to clear the scope of problem and the larger amount of data collected would be easier to reference the requirements of the system.

Only the managers would be included in this phase as this is a scope of the upper level of the chain and all the decisions need to be taken with the view of the goals in mind.

In the third phase the entire staff needs to participate, including the members and the managers.

In the fourth step, the managers needs to be involved while creating the standard goals of the company and then include other workers and employees later.

In the first 90 days, the phases needs division and each division needs to be focused on after the previous steps are cleared. The clearest path to this is:-

Realize/assess-upgrade/reimplement-training/staffing/planning/goals

Following this structure any security plan could be constructed for any level by a company of any size. With a trained staff, infrastructure catered to specification and a clear goal in mind. The best solution could be created for the situation. This can include things like server security implementation, security and encryption of data, security training and drills.

The team of the four employees at our disposal can be utilized by providing them with various designated roles and duties, this would include a system analyst (check the system for stability and errors), a penetration tester (maintain the integrity of the system and create strategies for protecting against specific attacks), a network engineer (to create and maintain network policies and implement them on a system wide level around the entire organization) and a hardware technician (to maintain the hardware at the required specification of the team).

These roles would provide the team an edge as far as security is considered because these roles follow the major steps and processes that are present to fend a cyber attack or penetration successfully.

Please do not repost the answer outside of your own personal use.


Related Questions

Risk Management for Bars, Taverns, Restaurants and Nightclubs Bars, taverns, res
Question #390601
Risk Management in Emerging Markets Emerging markets pose different challenges f
Question #449876
Risk Management: Reed and Bogardus (2012) writes that “many HR risks can be mana
Question #2746726
Risk Outcome of Heritable Disease Report Addresses Course Outcomes 2 and 4: 2. r
Question #166133
Risk Premium with collateral: k - i = (1 + i)/gamma + p - p gamma - (1 + i) wher
Question #2742681
Risk Premium with collateral: k -i = (1 + i)/gamma + p - p gamma - (1 + i) where
Question #2742669
Risk Ratios 1. Receivables turnover ratio 26.4 times 2. Average collection perio
Question #2594121
Risk Stratification Case Study Practice: Joe is a Joe is a 49 year old male who
Question #3509360
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Risks, Predispositions, Notes of Concern Patient Intake Form Medical History (Hx
Next
Risks, Standards, and Procedures / Enterprise Security Strategy Plan Instruction

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.