Security Capstone Part 4

At this point you should be mostly finished with your overview and background information on your chosen topic. Next, you will conduct a risk assessment for that topic. Include discussion on what you see as the stereotypical risks that your topic introduces and what safeguards would you implement in response to these risks. Address the following:Include at least 5â??7 different risks.Include 2â??3 different safeguards for each identified risk.Add the discussion about the implementation plan and communication plan to the Asset Security Management section.-3 pages of content-APA, need 2 new references not already in the paper-Really focus in on defense in depth and layered security on top of the above.-Add in a little history for the topic-Last weeks project included for reference
css450_boots_ip3.docx

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Security Capstone Part 4
Just from $13/Page
Order Essay

Running head: INFORMATION SECURITY AND RISK MANAGEMENT
CSS450: Information Security and Risk Management
Raleigh Boots
22 May, 2018
1
INFORMATION SECURITY AND RISK MANAGEMENT
2
Table of Contents
Guidelines for Effective Information Security Management System ……………………………………… 3
Data Governance …………………………………………………………………………………………………………… 4
Network Security ……………………………………………………………………………………………………………. 5
Asset Security Management …………………………………………………………………………………………… 5
Complying with Security Regulations ……………………………………………………………………………….. 6
Introduction to Data Governance������������������������6
Background â?¦â?¦â?¦â?¦â?¦â?¦â?¦…â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦….7
Data Governance�������������������������������7
Importance of data classification and its applicationâ?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦â?¦…..8
Integration of information security and risk management into security program����.8
References ……………………………………………………………………………………………………………………. 13
INFORMATION SECURITY AND RISK MANAGEMENT
3
Guidelines for Effective Information Security Management System
The corporate bodies must put in place proper information security management policies. This
will help the management in staying safe from unnecessary inconveniences caused by loss and
misplacement of documents. The policies and procedures are meant to offer guidance to the
employees and employers on how to go about the legal provisions regarding information security
management.
The Information Security Act comes up with the security standards for both individuals and
corporations. The Act was drafted and enacted to protect people and companies from unfair
exploitation by unscrupulous dealers. In a world where information is key, it is important to
come with a clear legal arrangement. The most important step in safeguarding information is to
ensure a high level of confidentiality.
The Information Technology Laboratory sets standards which must be met by the stakeholders.
The institution comes up with test, test method, reference data, evidence of implementation and
analysis t assist in the coming up and us of effective technology.
The standard guidelines are normally as a result of quality consultation among the relevant
agencies. The establishment of the relationship between the security standards and the guidelines
are as a result of collaboration between the private and the public sector.
The process of risk management must put into due consideration the risk that the U.S is exposed
to, in terms of the security of the delicate and sensitive state information. Therefore, the private
users of the cyberspace must subject themselves to proper guidance. This will help them in
avoiding acts that may put the countryâ??s security information at risk (Chenoweth, 2005).
INFORMATION SECURITY AND RISK MANAGEMENT
4
Data Governance
Data governance refers to the general usability, readiness, integrity and security of the data in a
company. For a data governance arrangement to be complete, there is always the need to have a
governance council. The council will help in coming up with the rules and the procedures on
how to implement them.
In the current technological dispensation, management of information security is taking over the
place of IT. The previous years had always paid most of the attention to the IT. The
implementation of information security was left to the IT experts and the technicians. The
problem with such an approach was that it left so much gap on the governance procedures.
However, over the time, the security management standards have transformed and as such
witnessed massive improvements. The current data governance majorly used the ISO standards.
Such standards have been used by so many organizations all over the world (Humphreys, 2008).
Data governance a very vital component of the information risk management process. The social
media platforms have in most instances tricked people into sharing their personal details. Such
details are often converted into useful data. The data are used by both the corporate bodies and
state agencies to further various agenda. Unfortunately, the conversation on data governance is
one which has always been swept under the carpet by those parties that are unfairly benefiting
from the unscrupulous act. To remedy the situation, it is important that the social media
platforms be monitored on the manner in which they handle peopleâ??s personal details. The law
must strike the delicate balance between individualâ??s right to privacy and state security. Neither
of the concepts should be used at the expense of the other. Such a legal clarity will help in
exposing the cyber criminals.
INFORMATION SECURITY AND RISK MANAGEMENT
5
Network Security
The design of network security is to offer protection to the integrity and usability the media data.
The network security makes use of both the software and hardware technologies. The moment
there is adequate security then the network becomes easily accessible. The security system
singles out different kinds of threats and consequently stops then from reaching the network
(Cohen, 1997).
Network security plays a very pivotal role in the information security risk management system.
The moment unwanted viruses end up accessing an individualâ??s cyber space, then there is the
great risk vital documents and details getting eaten away. The loss of information can result to
serious financial losses should they involve delicate financial records. Furthermore, the amount
of work put in coming up with a new set of information and documents will obviously involve
more resources, in terms of time and labor. Network security works through a combination of
various defenses in the end and the network in general (Cohen, 1997).
Asset Security Management
There will always be need to mitigate the IT security risks. Security threat is dreaded by al the
organizations all over the world. There are several approaches which can be taken in security
asset management. These are:
Usage of inventory: The inventory can used to single out all the malicious. The inventory
software must be used in all the segments of the business. Once the information is used on a
regular basis, the workers will be estopped from using prohibited software. The unauthorized
software can always be identified and done away with.
INFORMATION SECURITY AND RISK MANAGEMENT
6
Avoiding risky applications: Such applications may contain virus that may end up being too
destructive in the long run. The malicious software can be prevented through the deployed.
Moreover, it is possible to deploy the software behind the firewall. The organization will in the
long run have effective control over the information management process.
Promoting rationalization and standardization: This entails doing aware with the dormant and old
soft wares. Such soft wares may turn into viruses and thus prove too messy.
Complying with Security Regulations
The current data governance majorly used the ISO standards. Such standards have been used by
so many organizations all over the world. The Information Security Act comes up with the
security standards for both individuals and corporations. The Act was drafted and enacted to
protect people and companies from unfair exploitation by unscrupulous dealers. In a world where
information is key, it is important to come with a clear legal arrangement. The data governance
council assists in complying with the security regulations (Kelley, 2009).
Introduction to Data Governance
Every company no matter how small or large it needs to put in place a plan that ensures that its
information asset is secured. This makes it necessary for a company to establish an information
security and risk management team that manages and control all information assets concerning
that company. A security and risk management program provides a framework on how to protect
a company’s data assets and also projects the risks that a company exposes itself to threats for
failing to protect its data as well as outlining the policies on how to handle such risks when they
occur.
INFORMATION SECURITY AND RISK MANAGEMENT
7
Background
Basically, Information Security Risk Management (ISRM) is a main concern to every
organization around the world. Despite the fact that the number of existing ISRM strategies is
immense, companies have continued to invest heavily in making new ISRM techniques keeping
with the sole objective of capturing all the possible dangers of their intricate data frameworks
accurately. This process remains a critical knowledge-intensive one for all companies. In most
cases, however, the process is tended to in a specially appointed way. The presence of a
methodical approach to the advancement of new or enhanced ISRM strategies and techniques
would upgrade the adequacy of the procedure Kao (M. C., & Lee, 2014).
In any organization, the loss of any information that is crucial may lead to damages to the
organization. The information security and risk management programs secure documents that
contain information providing guidelines and procedures that guide the operations of the
organization. Failure to establish a practical plan to guarantee the safety of a company’s
information exposes it to risks. For instance, the Information Security Act states the security
standards for individuals as well as corporations. This policy protects individuals and also
organizations information from malicious and unauthorized dealers.
Data Governance
This refers to the availability, usability, validity and the safety of a company’s data. With the
dispensation of greatly advanced technology, most organization’s data management team have
resulted in the adoption of information technology to secure their information (Daily, et al., 2013).
However, as a result of cybercrimes such as information phishing, there is need to develop
INFORMATION SECURITY AND RISK MANAGEMENT
8
effective counteractive measures such as developing cybercrime laws to govern the accessing and
sharing of personal as well as organizations’ data.
Importance of Data Classification and Its Application
The main goal of classifying data in to enhance easy and efficient access at the time of retrieval.
Information labeling ensures the safety of information as it is tagged according to the defined
levels such as restricted, public, confidential and even internal use only. Information
classification is useful in healthcare facilities to ensure confidentiality of patients’ information
thus ensuring the privacy of the patients.
Integration of Information Security and Risk Management into Security Program
Data security, however regularly saw as an arrangement of specific issues, must be held onto as a
corporate administration duty that includes hazard administration, detailing controls, testing and
preparing, and official responsibility (Schwalbe, 2015). It requires the dynamic commitment of all
managers and the board of governance. Moreover, a task force of corporate governance for the
national cyber security partnership has been developed to improve the data management
techniques. The task force report provides governance policies and controls that may include the
identification of cyber security roles and the duties of the management structures risk management
establishment as well as quality assurance to the information users.
Introduction to Data Governance
Information security and risk management is simply the process of handling uncertainties linked
through usage of information technology. It comprises identification, assessment, and treatment of
such risks to the discretion, honesty, and accessibility assets to an organization. The primary
INFORMATION SECURITY AND RISK MANAGEMENT
9
objective is to treat the risks in regard to the total risk tolerance to an organization itself. There
should no expectations of complete eradication of the risks but instead the efforts should be driven
towards identifying and achieving a suitable risk level for the respective organization.
The act of securing information by an institution or an organization is alarmed with the privacy
truth and the handiness of data in whichever method data could be required. Such forms of data
include electronic and print media among other forms used in the data governance (Ab Rahman,
& Choo, 2015). Data security is vital to the extent to an organization’s reliance on data innovation.
At the point when an organization’s data is presented to risk, the utilization of data security
technology is inevitable. Current data security innovations, however, manages just a little portion
of the issue of information risk. Further, it is evident that data security innovations do not reduce
data risk adequately.
Subsequently, data governance has gone through critical changes for over 50 years. Research
shows that data arose from lock boxes of incongruent bequest transactional systems while data
governance then developed to be a different and complex discipline supported by radical hardware
and software. Data management has undergone through downturns in 1990, 2001 and 2008 which
has helped it match forward and increase quicker in spending than information technology (Khatri,
& Brown, (2010). The extent to which data has managed as an essential asset in an organization
has passed through diverse eras as follows; the solicitation era, Enterprise depository era and
finally the era of policy.
Apparently, during the ancient days of communication, militant commanders knew the importance
of utilizing various mechanisms to protect the confidentiality of messages and to have some means
of detecting information tempering. In the mid-19th century, more complex classifications were
INFORMATION SECURITY AND RISK MANAGEMENT
10
developed to enable administrations to handle their data according to a certain degree of sensitivity
(Ab Rahman & Choo, 2015). For instance, the multi-tier systems used to communicate during the
Second World War. The modern-day procedure-based approach to information administration
frameworks is derived from the work published by W. Edwards Demming and the entire universe
of Total Quality Management. Edward’s holistic and process-based approach to the assembling
sector of the economy was at first overlooked (Khatri, & Brown, (2010). However, this approach
was at long last embraced by many manufacturing businesses after the rapid advancement in the
quality of products from Japan in the 1960s.
Despite the perspective that the approach was only applicable in production-related businesses, the
approach ideas have since been effectively applied in various environments which are not
production related in nature. The information security and risk management is an instance of
applying the administration framework applied model to the discipline of Information Security
(Khatri, & Brown, (2010). The unmatched credits to this occurrence of management systems
include the following attributes. Firstly, risk management connected to data and in view of
measurements of secrecy, uprightness, and accessibility (Schwalbe, 2015). Additionally, Total
Quality Management applied to data security forms and in view of measurements of productivity
and adequacy. Moreover, a checking and announcing model in view of reflection layers that
channel and total operational points of interest for administration introduction. It is also an
organized approach towards coordinating individuals, process, and innovation to outfit
undertaking data security administrations.
Meanwhile, the branch of data management has established and advanced fundamentally. It
provides frequent sections for specialism, containing safeguarding systems and unified
groundwork, fortifying applications and databanks, safety testing, statistics structures scrutinizing,
INFORMATION SECURITY AND RISK MANAGEMENT
11
business development positioning, automated record release, and computerized offence act
investigation. Data security experts are exceptionally steady in their business (Schwalbe, 2015).
Starting at 2013 in excess of 80 percent of experts had no adjustment in boss or work over a time
of a year, and the quantity of experts is anticipated to ceaselessly develop in excess of eleven
percent every year onwards.
At the center of data security are data confirmation, the act of ensuring the secrecy, honesty, and
accessibility of data, guaranteeing that data is not interrupted in any capacity when basic issues
arise. These issues incorporate catastrophic events and disasters, computer malpractices and
physical robbery. While paper-based business tasks are as yet common, requiring their own
particular arrangement of data security rehearses, enterprise advanced initiatives are progressively
being stressed, with data confirmation presently being managed by information technology (IT)
security experts (Ab Rahman, & Choo, 2015). These specialists apply data security to innovation.
It is advantageous to notice that a PC does not necessarily mean a homework area. A PC is any
device with a CPU and memory capacity (Kao, & Lee, 2014). Such devices can move from nonnetworked autonomous devices such as calculators to structured portable reckoning devices, for
instance, mobile phones and tablets. Information Technology safety consultants are fairly regularly
found in any noteworthy foundation as of the natural surroundings and the value of the data
established by large business organizations (Schwalbe, 2015). The IT experts are responsible for
securing the bigger part of the technology within the business from malicious arithmetical attacks
that regularly attempt to obtain rudimentary secretive data or regulation of the inner outlines.
The end result of context foundation stage is a clear data security risk mitigation approach.
Basically, it is almost impossible to undertake a risk management activity without such a
document. However, in more often occasions, specialized risk management solutions are
INFORMATION SECURITY AND RISK MANAGEMENT
12
actualized without such procedure (Schwalbe, K., 2015). In the event these occasions happen, it is
extremely possible that such strategies are not lined up with company’s main goal and high-level
hazard administration approach. It is also possible that numerous hazards related parameters are
not set and therefore, no legitimate choices can be made in view of the yield of such executed
solutions (Kao, & Lee, 2014). Henceforth, this implies only the false sense of security. The risk
management approach ought to clarify how an association surveys data security danger, reacts to
such dangers and screens dangers.
Contemporary, all protection frameworks apply data innovation (IT) in some shape, which should
be strong from computerized foes. This infers cybersecurity relates to munitions structures and
stages, for example, (C4ISR) Command, Control, Communications, Computers, and Intelligence,
Surveillance, and Reconnaissance structures and data frameworks. Cybersecurity is a fundamental
requirement for the Department of Defense and is a critical piece of preserving the United States’
specific prevalence (Ab Rahman, & Choo, 2015). The Department of Defense starting previously
changed a couple of its approaches to insistently pressure the consolidation of cyber safety into its
achievement activities to guarantee solid systems (Kao, & Lee, 2014). This manual is proposed
to help Suite Executives in the capable and fisc …
Purchase answer to see full
attachment

GradeAcers
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

Order your essay today and save 15% with the discount code DISCOUNT15