Information Security And Risk Management

Information Security And Risk Management

 1. Discuss the difference between a Continuity of Operations Plan (COOP), a Business Continuity Plan (BCP), and a Disaster Recovery Plan (DRP).  You might want to start with the definitions from the NIST SP 800-34, located at http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf.  Section 3.5 discusses the different types of Plan Testing, Training, and Exercises.
Describe in 250 words with references.

Security Mechanisms – cyber security

“Security Mechanisms” Please respond to the following:

  • Use the Internet and Strayer Library to research (within the past 1 [1] year) various techniques that an organization uses to determine if someone has breached its security. Next, examine various techniques that an organization can use to determine whether or not it has been the object of a security attack. Determine which method is the most effective. Provide a rationale for your response.
  • Use the Internet to research a recent (within the past [1] year) cybersecurity / hacking attack on an organization. Next, describe (1) how the company discovered the attack and (2) the major repercussions of the attack. Recommend the three (3) most appropriate methods to prevent these types of attacks. Provide rationale for your response.

Establishing a Security Culture

Chapter 9 – Review the section on Establishing a Security Culture.  Review the methods to reduce the chances of a cyber threat noted in the textbook.  Research other peer-reviewed source and note additional methods to reduce cyber-attacks within an organization.
Chapter 10 – Review the section on the IT leader in the digital transformation era.  Note how IT professionals and especially leaders must transform their thinking to adapt to the constantly changing organizational climate.  What are some methods or resources leaders can utilize to enhance their change attitude?
 
(Information Technology and Organizational Learning)
The above submission should be two -pages in length (one page for each question) and adhere to APA formatting standards.
**Remember the APA cover page and the references (if required) do not count towards the page length**

Establishing a Security Culture

Chapter 9 – Review the section on Establishing a Security Culture.  Review the methods to reduce the chances of a cyber threat noted in the textbook.  Research other peer-reviewed source and note additional methods to reduce cyber-attacks within an organization.
Chapter 10 – Review the section on the IT leader in the digital transformation era.  Note how IT professionals and especially leaders must transform their thinking to adapt to the constantly changing organizational climate.  What are some methods or resources leaders can utilize to enhance their change attitude?
 
(Information Technology and Organizational Learning)
The above submission should be two -pages in length (one page for each question) and adhere to APA formatting standards.
**Remember the APA cover page and the references (if required) do not count towards the page length**

Risk Assessment

This will not be a technical risk assessment, but an assessment of your hypothetical organization/business. For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the “Framework for Improving Critical Infrastructure Cybersecurity,” located within the Course Materials. Then, include the following in a report:

  1. Describe when some controls cannot be implemented (such as on a personal laptop).
  2. Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme).
  3. Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment.
  4. Discern the likelihood of a cybersecurity breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).

Risk Assessment

This will not be a technical risk assessment, but an assessment of your hypothetical organization/business. For your organization/business, take the NIST Cybersecurity Framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria. Refer to the “Framework for Improving Critical Infrastructure Cybersecurity,” located within the Course Materials. Then, include the following in a report:

  1. Describe when some controls cannot be implemented (such as on a personal laptop).
  2. Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (e.g., create an identification authentication scheme).
  3. Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secured and compliant environment.
  4. Discern the likelihood of a cybersecurity breach within the compliant environment and the impact it might have on the organization (make sure to consider emerging risks, threats, and vulnerability).

Potential risks for Devil’s Canyon

Resource: Simulation Transcript
Refer to Devil’s Canyon, Part A in Week 4.
Using the potential risks for Devil’s Canyon you identified in Week 4, create a 3- to 4-page matrix to share with the team. In your matrix:

  • Briefly describe each of the identified risks/threats.
  • Analyze and evaluate the security controls that mitigate each of the risks/threats identified.
  • Provide a rationale for how each of the controls identified mitigates the risk to an acceptable level.
  • Research and describe the security technologies and security design that can be used to mitigate each of the identified information security risks.

Submit your assignment.

Potential risks for Devil’s Canyon

Resource: Simulation Transcript
Refer to Devil’s Canyon, Part A in Week 4.
Using the potential risks for Devil’s Canyon you identified in Week 4, create a 3- to 4-page matrix to share with the team. In your matrix:

  • Briefly describe each of the identified risks/threats.
  • Analyze and evaluate the security controls that mitigate each of the risks/threats identified.
  • Provide a rationale for how each of the controls identified mitigates the risk to an acceptable level.
  • Research and describe the security technologies and security design that can be used to mitigate each of the identified information security risks.

Submit your assignment.

Potential risks for Devil’s Canyon

Resource: Simulation Transcript
Refer to Devil’s Canyon, Part A in Week 4.
Using the potential risks for Devil’s Canyon you identified in Week 4, create a 3- to 4-page matrix to share with the team. In your matrix:

  • Briefly describe each of the identified risks/threats.
  • Analyze and evaluate the security controls that mitigate each of the risks/threats identified.
  • Provide a rationale for how each of the controls identified mitigates the risk to an acceptable level.
  • Research and describe the security technologies and security design that can be used to mitigate each of the identified information security risks.

Submit your assignment.

Intentional cybersecurity attack on the water utility’s SCADA system

This defense in depth discussion scenario is an intentional cybersecurity attack on the water utility’s SCADA system. It occurs during the fall after a dry summer in Fringe City. The water utility’s Information Technology (IT) person did not receive an expected pay raise and decides to reprogram the SCADA system to shut off the high-lift pumps. The operator’s familiarity with the SCADA system allows him to reprogram the alarms that typically notify operators of a high-lift pump failure. In addition, he prevents access to the SCADA system by others. A wildfire breaks out on the outskirts of the city. Please identify what type(s) of new countermeasures should have been implemented to prevent this cyber attack from occurring.
 
Note:
1. Proper citation(Last name, Year).
2. You must cite or quote every sentence that comes from another source with a properly APA formatted citation, all of the authors last name and year.