LEARN MORE...

Central Washington University Remediation Ineffective Missing Security Controls Essay

User Generated

Gpnzel

Science

Central Washington University

Description

As part of its due diligence efforts, the M&A team has determined that the following events contributed substantially to the bankruptcy of Island Banking services.

1. Company officers and managers were able to conduct criminal activities using company IT assets without detection.

2. The company did not have a disaster recovery / business continuity plan in place. It could not restart operations due to the loss of servers and workstations (seized by law enforcement agents).

3. Storage media for servers and workstations had not been backed up to an off premises location leaving the company with no way to recover from the law enforcement seizure of storage media as evidence.

The root cause for each event listed above was determined to be: ineffective and/or missing IT security controls.

You have been asked to perform a gap analysis to assist in the identification and selection of IT security controls which could be implemented to remediate the situation ("close the gaps"). The CCISO has requested that you use the NIST Cybersecurity Framework and the NIST Security and Privacy Controls Catalog (NIST SP 800-53) as your source for IT security controls.

Choose 3 to 5 families or categories of controls ("framework functions") which should be implemented to remediate the above deficiencies (at least one family, e.g. AU Audit and Accountability, or category, e.g. Recovery Planning, for each event). Describe how the selected controls will prevent or deter such events in the future ("close the gaps").

Format your response as a business memorandum. For each control family or category, you should provide the following information (see Domain 2 Section 1.1.2 in CCISO):

  • What it is
  • What it does
  • How the control performs its objective

You should have at least 5 strong paragraphs in your memo. Include citations and references (3 or more) to support your written work.

Post your memo in the body of a response to this thread. After you have done so, post two critiques and two or more follow-up or reply postings. Remember that your goal in writing critiques is to help your peer improve the content of his or her briefing paper. Writing critiques also helps you to develop your managerial skills (i.e. providing written feedback).

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Here you go buddy.Have a lovely day.👌

Running head: INFORMATION TECHNOLOGY SECURITY CONTROLS

Information Technology Security Controls
Student’s Name
Institutional Affiliation

1

INFORMATION TECHNOLOGY SECURITY CONTROLS

2

Information Technology Security Controls
Many organizations are faced with risks associated with information technology (IT).
These organizations have been struggling to find effective and efficient ways to counter these
risks which impact their operations. Island Banking services were hit to bankruptcy because
of ineffective IT security controls. The organization needs to understand the risks associated
with their security systems for them to get proper security controls to help eradicate these
risks (Austin et al., 2018). Therefore, carrying out a risk assessment of this organization
would be vital in addressing these risks. Lack of proper risk assessment would lead to attacks
such as the one Island Banking services encountered. The best sources of security controls
are the NIST Cybersecurity Framework and NIST Security and Privacy Controls Catalog
(NIST SP 800-53)
The NIST Cybersecurity Framework addresses the methods and procedures used in
risk management analysis in the system development process. The NIST Cybersecurity
Framework raises issues concerning security and factors affecting the development,
operation, design, and implementation of an information technology system (Scofield, 2016).
The framework organizes controls into families to provide control for an organization. Each
family controls a specific security control that is related to the overall security of that family.
Security controls included are policy, oversight, supervision, and automated mechanisms of
the information system. The contro...

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Plate Tectonic & Wilson cycle
1.  Research sources of information on the Web can include, but not limited to, books, articles, videos, and handou...
Chemistry Combination Reactions Questions
1) Which of the following are combination reactions? 1) CH4 (g) + O2 (g) → CO2 (g) + H2O (l) 2) CaO (s) + CO2 (g) → Ca...
CHM 1033 Reaction Conditions and Their Influence on Chemical Reactions Paper
Describe how chemical reactions are affected by reaction conditions according to the collision theory and provide examples...
help with report
help with report homework in biology about some topic  ...
how could you infer what type of volcano erupted in a given area based on the t
Volcanoes are generally not preserved in the geologic rock record as they are usually eroded away. However, the various ma...
Which of the following compounds is most likely an example of a base?, homework help
compound that forms as the result of a neutralization reaction compound that feels slippery compound that forms ...
Claustrum Revise
The claustrum is a thin, asymmetrical, sheet of neurons appended to the underside of the neocortex in the focal point of t...
2SO2(g) + O2(g) 2SO3(g) ∆H = -196 kJ/mol A temperature of 450 oC is used in this reaction. This is because the reaction...
Ecology
Ecology constitute the relationship between organisms to one another and to the environment around them. The earth is a pr...

Related Tags

climate change criminology weather conditions scientific method Heating and cooling appliances control experiment future of energy superfund sites oral glucose tolerance test USGS Hazards Genetic counseling radioactive material