Question

Data breaches are commonplace in businesses. In spite of various kinds of software, tools, and other...

Data breaches are commonplace in businesses. In spite of various kinds of software, tools, and other resources used to secure data, the potential for internal and external threats still exist. However, the degree by which data breaches can affect an organization and its customers depends greatly on the response plan the organization has in place to address potential threats. Neglecting to have a plan or having a plan that is inadequate can affect the brand and reputation of the business as well as negatively influence the confidence and loyalty of the customers. As a result, for this assignment you will work in a group to create a security response plan that helps detect threats to data and identify procedures across the organization that will help minimize or contain potential damage.

For this assignment, create a word Security Response Plan based on either a fictitious company or one that actually exists. The plan should include a framework for the awareness, communication, and actions expected across all levels of an organization. Keep in mind, the plan is intended to be shared formally and proactively, and be made easily accessible during times of crisis.

Identify potential areas of risk and general goals for addressing each risk identified.

Describe the procedures for analyzing and addressing potential security breaches across the various parts of the organization (e.g., IT, Accounting, Human Resources, Operations, Legal, Public Relations, etc.).

Identify appropriate response team members in each department and a specific plan for notification.

Describe key performance indicators (KPIs) in order to evaluate the effectiveness and quality of the security plan. Identify goals for communicating the plan across the organization.

Homework Answers

Answer #1

Here, I would be devising a security policy for a fictitious organization so that there are ways in which many other organizations can also implement the same. Here are the things to do,

Cybersecurity:

As the years are passing by, security is growing as one of the most effective fields in the history of computers. There is a need of getting each one of the things secured with the help of internet security with ethical actions. There are many things happening on the web and promising safety without taking any tough measures is one of the impossible tasks nowadays. Hence, companies and individuals have moved to security tools and technologies to keep their information safe while connected to the internet.

Risk Assessment & Threat Vulnerability:

Nowadays, companies have moved on to the Agile or Rapid Application Development SDLC(Software Development Life Cycle) which has been resulting in reducing the development timeframe. Now, starting with the risk assessment, here we go,

  1. Collecting Information:
    • The collection of information is one of the major parts that plays in the security of the organization. The URL of the target must be accessible to gain information.
    • Information caught in wrong hands can turn out to be chaos for any organization. Hence, information must always be safeguarded with levels of security.
  2. Risk Profiling:
    • Checking the website for each and every type of risks/threats is a very important task and must be carried on with each and every module of the organization's availability in the internet space.
    • There must be things carried out like:
      • Automated threat scanning
      • Penetration Testing
      • Black Box Testing of the source codes
      • Assigning Risk Ratings to the Security Flaws
      • Reporting to higher Authorities
  3. Updating Technology:
    • In the current world scenario, it has become very important to update the technologies that are been actively used and must be balanced accordingly.
    • The use of older versions will come with a bunch of vulnerabilities and threats along with the destruction of certain aspects of the organization.
  4. Application Fingerprinting:
    • In an organization, there are certain things that must be checked for the known vulnerabilities and exposures. If there, one must always keep it the priority to overcome certain threats in order to run the organization smoothly.
    • The application fingerprinting consists of different levels of assessment. Here are some of the different scopes:
      • Defining Objectives
      • Devising Strategy to overcome threats
      • Role-Based Access Control Matrix
      • Choosing Appropriate Security Tools

Everyone must keep in mind that being safe on the internet is an integral part of the virtual life and must carry on managing the security each time there is any interference of threats or vulnerability. One must also stay updated if using any third-party application as there are many zero-day fixes coming in the applications which help us to stay immune to malware and viruses that have affected the software in the past time.

IT Risk Management:

IT Risk Management is one of the major fields in the information technology and gaining the risk-free software or hardware is the only target at which people look for. Hence, here are some of the key principles in which the human factors work in this field. Here we go,

  • The risk assessment is the technique in which the risks are minified using certain techniques. Hence, one of the certain task in it is to identify tasks which are being critical and expose hazards to the information.
  • Involving the complete workforce in the identification and conserving the risks through appropriate methods which do not have any effect later on.
  • To identify certain human failures which would further make the task tougher and also can lead to an accident with having performance issues at a certain level of use.
  • To regularly view the risk of assessing and also making the control measures work completely fine for each and every task.
  • The task that has been taken consists of risks, Hence, identifying the human failures in performing the tasks and also making the failures occurs less in the testing phase.
  • Controlling the risk from making the whole system failure is also one of the tasks that must be completely focused on as there are certain conditions when people fail in controlling the processes.

Hence, these are the role of the human factors in identifying, controlling and managing the IT Risk Management in order to make the process work without any abruptions.

Actions For Effective Risk Management Capabilities:

The actions that one must take in order to make the risk management effectiveness and up to the mark in management capabilities are as follows:

  • Preparing:
    • One must always prepare for the risks and also keep the systems checked for the vulnerabilities.
    • The best approach is to plan and make changes to the system as soon as the updates are launched to a particular system.
    • The planning must work accordingly so that the risks are being minified at the user's end.
  • Verifying & Eliciting:
    • Verifying each & every potential risk in the system and if found critical then eliciting the risk will ensure that the risks are eliminated properly.
    • The elimination of the risks is also being done on a certain level so that there are no further risks remaining in the system to check.
  • Analyzing gaps & Evaluating:
    • Analyzing for risks is the major activities that must be taken on the developing end because if a risk is analyzed in the earlier stage it is less destructive for the system.
    • Evaluating the level of the risks also become important for the users so as to make the risks less effective on the systems.

Hence, these are actions that could lead to the development of effective risk management capabilities.

Guidelines For Security Policies:

For the security policies, there are certain things to be always taken into consideration, we will discuss all of them as we dive in deep. So here we go,

  1. Knowing The Risks:
    • It is the most important part while creating security policies to know what risks are there in the system.
    • How the information is been manipulated at the client as well as the server end. Hence, making the process more secure as data is the part for which security is always compromised.
  2. Knowing The Wrongs Done By Others:
    • Knowing that the organizations who have been gone through the certain risks which reside in your system. Learning from the mistakes made by others is always the most effective way of setting guidelines.
    • The guidelines to the security policy consist of the most probable wrong things that each and every organization with similar risks are been doing.
  3. Keeping Legal requirements in mind:
    • Many times organizations completely forget about the legal requirements that are been required by the officials.
    • Hence, keeping the legal jurisdictions, data holdings and the location in which you reside is also most important.
    • Recently, this has been the case with Facebook's most controversial data theft.
  4. Setting the level of security:
    • The level of the security that is been planned must always be kept in mind with the level of risks that are been residing in the system.
    • Excessive security in the system can also cause hindrance to the smooth business operations and hence, overprotecting oneself can also be a cause to the problem.
  5. Training Employees Accordingly:
    • The training of the employees in a certain part of the security is also a major part of the security policy as the employees are the one who makes mistake.
    • So, if one trains their employee in such an order that they minimize the mistakes that are been made it will become great for the system.

Hence, these are the guidelines for creating an effective and functional security policy that must be implemented in each and every organization to stay away from the data breaches and maintain the organization's security and trust of the users too.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Job Analysis Methods There are various methods for analyzing jobs. Two methods of job analysis discussed...
Job Analysis Methods There are various methods for analyzing jobs. Two methods of job analysis discussed in this section are the position analysis questionnaire (PAQ) and the Occupational Information Network (O*NET). There is no "one best way" to analyze all jobs. Managers may not have the time to use these techniques exactly as they are intended for use. However, these methods are still useful because they provide a solid foundation for thinking about different approaches to job analysis. Job analysis...
FinTechCo Case Study Company Overview FinTechCo is a medium-sized financial services company comprising of 45 employees...
FinTechCo Case Study Company Overview FinTechCo is a medium-sized financial services company comprising of 45 employees with an annual revenue of $10 million. It has approximately 1000 customers comprising of private individuals and small companies. FinTechCo’s mission is to provide financial services and advice to its clients, to sell various products and services and offer consultation guidance regarding the information systems that support them. Problem Statement FinTechCo’s technical team were originally qualified financial planners who transitioned into technical roles and...
The project has been performing as planned, and the team members have been exhibiting increasing levels...
The project has been performing as planned, and the team members have been exhibiting increasing levels of trust between each other. The sponsor and the buyer have been satisfied with the delivery of business value, and user acceptance testing results are positive. A technical expert consulting with the team has expressed concerns that the team is not in agreement on the best way to deliver to the next review. If the project manager wants to support the team in reaching...
What tools could AA leaders have used to increase their awareness of internal and external issues?...
What tools could AA leaders have used to increase their awareness of internal and external issues? ???ALASKA AIRLINES: NAVIGATING CHANGE In the autumn of 2007, Alaska Airlines executives adjourned at the end of a long and stressful day in the midst of a multi-day strategic planning session. Most headed outside to relax, unwind and enjoy a bonfire on the shore of Semiahmoo Spit, outside the meeting venue in Blaine, a seaport town in northwest Washington state. Meanwhile, several members of...
provide 3-4 paragraphs post (team 2) 1-What are 4 key things you learned about the topic...
provide 3-4 paragraphs post (team 2) 1-What are 4 key things you learned about the topic from reading their paper? 2-How does the topic relate to you and your current or past job? 3-Critique the paper in terms of the organization and quality.1- Employee Stress and how it has an Adverse Effect on a Company This paper explores employee stress and how it has an adverse effect on a company, its employees and the organization. Job stress can have a...
Using the model proposed by Lafley and Charan, analyze how Apigee was able to drive innovation....
Using the model proposed by Lafley and Charan, analyze how Apigee was able to drive innovation. case:    W17400 APIGEE: PEOPLE MANAGEMENT PRACTICES AND THE CHALLENGE OF GROWTH Ranjeet Nambudiri, S. Ramnarayan, and Catherine Xavier wrote this case solely to provide material for class discussion. The authors do not intend to illustrate either effective or ineffective handling of a managerial situation. The authors may have disguised certain names and other identifying information to protect confidentiality. This publication may not be...
Sign In INNOVATION Deep Change: How Operational Innovation Can Transform Your Company by Michael Hammer From...
Sign In INNOVATION Deep Change: How Operational Innovation Can Transform Your Company by Michael Hammer From the April 2004 Issue Save Share 8.95 In 1991, Progressive Insurance, an automobile insurer based in Mayfield Village, Ohio, had approximately $1.3 billion in sales. By 2002, that figure had grown to $9.5 billion. What fashionable strategies did Progressive employ to achieve sevenfold growth in just over a decade? Was it positioned in a high-growth industry? Hardly. Auto insurance is a mature, 100-year-old industry...
In narrative essay format, I want you to address a business/organization case study using multiple concepts...
In narrative essay format, I want you to address a business/organization case study using multiple concepts from class. The case question and case text begin on page 5 of this document. You need to demonstrate their best understanding of management and organizational behavior theory, and the application of those ideas to improve the understanding of various issues. You need to clearly identify at least 3 distinct, substantive issues. For each issue you need to 1), identify evidence from the case...
Please read the article and answear about questions. Determining the Value of the Business After you...
Please read the article and answear about questions. Determining the Value of the Business After you have completed a thorough and exacting investigation, you need to analyze all the infor- mation you have gathered. This is the time to consult with your business, financial, and legal advis- ers to arrive at an estimate of the value of the business. Outside advisers are impartial and are more likely to see the bad things about the business than are you. You should...
3 SECURING THE WORKFORCE Diversity management in X-tech, a Japanese organisation This case is intended to...
3 SECURING THE WORKFORCE Diversity management in X-tech, a Japanese organisation This case is intended to be used as a basis for class discussion rather than as an illustration of the effective or ineffective handling of an administrative situation. The name of the company is disguised. INTRODUCTION In light of demographic concerns, in 2012, the Japanese government initiated an effort to change the work environment in order to secure the workforce of the future. Japan is world renowned for its...