Need immediate assistance

Anonymous
timer Asked: Oct 17th, 2018
account_balance_wallet $50

Question Description

Document attached explaining needs. Document to complete attached as well. Need completed as soon as possible.

Unformatted Attachment Preview

Cyber Elements Governance Policies, Processes, Standards Strategy Risk Management Risk Assessment--Execution Asset Security Information Security Management Communications and Network Identity and Access Management Security Architecture Security Technology Security Engineering Security Development Operations and Service Delivery Project Management Audit, Review, Monitoring Incident Response Legal and Regulatory Data Acquisition, Preservation, Analysis, Transfer Se cu rit y In fo rm at io n Senior Executive Inofmation Manager designated by Deputy Head. They are responsible for ensuring appropriate management direction. Departmental CIOs approve the Information Manager component of all departmental strategies, plans and initiatives and projects.The Chief Information Officer of the Government of Canada is responsible for providing strategic advice in relation to the management of information to the Secretary of the Treasury Board and, through the Secretary, to the President of the Treasury Board and to the Clerk of the Privy Council, and to deputy heads and Chief Information Officers. https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12754 5.1 Objective The objective of this policy is to achieve efficient and effective information management to support program and service delivery; foster informed decision making; facilitate accountability, transparency, and collaboration; and preserve and ensure access to information and records for the benefit of present and future generations. 5.2 Expected results 5.2.1 Government programs and services provide convenient access to relevant, reliable, comprehensive and timely information. The overarching strategic goals of service, value, security and agility, along with the IM-IT mission statement, set the direction for the GC Strategic Plan for IM-IT. The GC is committed to: •offering responsive and innovative IM-IT services that meet business needs, enhance the end-user experience and enable digital service delivery •making smart investments that ensure high-value and costeffectiveness •ensuring a secure, accessible and resilient enterprise infrastructure that enables the trusted delivery of programs and services •providing a connected and high-performing workforce that uses modern tools https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html The ITSG-33 guidelines suggest a set of activities at two levels within an organization; the departmental level and the information system level. •Departmental level – Activities to be integrated into the organization’s security program to plan, manage, assess and improve the management of IT security-related risks faced by the organization. These activities are described in detail in Annex 1 of ITSG-33 [Reference 5]. •Information System level – Activities to be integrated into an information system lifecycle to ensure IT security needs of supported business activities are met, appropriate security controls are implemented and operating as intended, and continued performance of the implemented security controls is assessed, reported back and acted upon to address any issues. These activities are described in detail in Annex 2 of ITSG-33 [Reference 6]. https://www.cse-cst.gc.ca/en/node/265/html/22814 Staff can use various information sources to assess the risk of a vulnerability and the associated patch in the context of their IT environment. One of the primary information sources is the vendor’s notification of the patch. The vulnerability and patch information published by the vendor will typically include: •a list of products and versions affected; •technical details on the vulnerability including an overview of how exploitation occurs; •typical consequences of exploitation (e.g., code execution, information disclosure, denial of service, etc.); •current exploitation status (i.e., whether the vulnerability is already being exploited); •the existence and details of any temporary workarounds; and •an overall measure of severity based on the above factors. Each vendor uses a different means of communicating the severity of a vulnerability. The severity may be derived from a standard such as the Common Vulnerability Scoring System (CVSS) or based on a vendor-defined categorization such as ‘Critical’ or ‘Important’. Regardless of the system the vendor uses, these severity ratings can allow IT staff to quickly conduct an initial assessment the potential exploitation of the vulnerability in their environment. In addition to individual vulnerability/patch details, some vendors publish a consolidated bulletin that also contains the vendor’s recommended deployment instructions. Information Technology security must be mantained to ensure safe department operations and bussinesses conducted. All departments are expected to have well established and defined mechanisms for allowing secure bussiness and information managemnet and respomding effectively to insidences that may affect information technology. The government also requires that department heads to share such informations with department heads once such incidences are detected and noted. The process should be well cordinated between these departments. The process should involve identification of the incidence like a virus or worm, response to the threat, reporting the incidence, recovery through restoration and implementation of security measures, and finally caring out a post analysis where the insidence is assessed and changes recommedned. http://www.tbs-sct.gc.ca/pol/doceng.aspx?id=12328 The best approach into information security management is the implementation of proactive measures that minimizes the risks and threats that may arise during information sharing and storage. Cybersecurity and aging IT are the major threats that should be adressed. Installation of proper IT infrastructures ensures processes, softwares and hardwares are present to ensure longterm sustainability. Such measures ensures protections of all Canada citizens accessing the government's digital services, of trustworthy services that allow submission of personal and bussiness information safely. https://www.canada.ca/en/treasury-boardsecretariat/topics/information-technology-projectmanagement/information-technology.html The Communications Security Establishement Canada (CSE) outlines twen top secutity practive that every department must align with to wipe out cyberheat threats made against networks of the Government of Canada. https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology-projectmanagement/information-management.html The GC ICAM will imporve the general secury of networks, applications, and systems of the GC to control privacy GChttps://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html Risks associated with cyber security have been curbed by appliying measures to reduce surfacing of internet-conne https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology-projectmanagement/project-management.html The Teasury Board (TB) oversees to ensure the Government Secutity Policy is adhered to by all the fedral departments hedaed by their deputies. Auditors review al the procedures, policies, standrads and directive related to IT security are in place and match with industry and govenment frameworks. There is configuration of systems that enforces user authentication before granting access. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/dt-nfrmtn-tchnlg-scrt2012/index-en.aspx The CCIRC reduces cyber risks that critcal services and systems of Canada face by making alerts and issuing advi https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12754 Te ch no lo gy In fo rm at io n The deputy head is incharge of information management. Each department is headed by the senior executive who is responsible of information technology. The senior executive in each department thus ensures that the information technology is accomodated in the system design and departmental programs. They also ensure that the right accountability structures are adopted throughout the departments defining the formats that information is created, collected and stored, and the structures to utilize when sharing such information across other federal departments. https://www.tbs-sct.gc.ca/pol/doceng.aspx?id=12754 Policies, processes and standards fomulated for the purpose of information management advocates for the integration of information technology. The aim is to ensure accessibility, usability and sharealability of the information over time and with changes in technology. Different standars, processes are expected to be adhered to by every employee when conducting their roles and in such instances information techonology is very useful as it offer expert services like library, records and data management which support thedepartments by enhancing information management. https://www.tbs- The strategic goal is to maintain an evolving information management IT that accommodate practices, processes and infrastructures that allows the adaption of current technologies, solutions and capbilities like the blockchain technology. The information management IT thus aims at developing amodern, accessible, interoperable and reliable environment. IT service portfolios and catalogues are also developed. Performance indicators that assesses ITsystem performance mainly on security, reliability, capacity and availability, are installed. Cloud computing is adapted for IT services thus Canadians enjoy on-demand computing. Different options of cloud services are offered which is in the form of public cloud services and private cloud services with safety and productivity being enhanced through cloud service broker. The target is two levels; departmental level and information system level to ensure sec urity and proper risk management. At the departmental level all activities involved at the level are integrated into the organization's set security program to help manage, improve and assess IT security-related risks. At the information system level, all activities are integrated with the current information system cycle thus facilitating the IT security needs are met. Risk may arise on an intalled information system and once the vendor notice the vulnerability they release patched to solve the problem. Department are encouraged to utilize the patches because it is one of the top security actions recommended. The department information management personels should thus assess the level of vulnerability and the nature of the patche before installing it, which help determine what is more risky, continue operating on a vulnerable system or installing a patch that is not fully assessed. The reaction should be first considering that adversaries have high expertize on exploiting such vulnerability and may cause damage within few hours. Temporary workaround could also be implemented like disabling the functinality that is vulnerable or using firewalls to block access to the service vulnerable until the patch is tested and installed. Graduated safeguards are recommended for every department relative to the type of IT assets and risks associated with the information they handle. Departments also should have IT processes that support security. Some of them includes; configuration management, problem reporting on a help desk, capacity planning, and systems support services. Active defense strategies should also be applied which mainly focuses on prevention, detection, response and recovery. Some of the prevention measures include; physical security within the IT security environment like the use of alrms, and use of storage, disposal and destruction of IT media.Technical safeguard may involve the use of specific security products that assure security, use of identification and authentification, cryptography, authorization and access control and the use of public key infrastructures. IT service portfolios and catalogues are developed to ennhance service management, cloud services adoption which also incorporate a cloud service broker. The public and private are offered the cloud services. Master data management program arre developed to enhance data and information management. Online infrastructure enhancement thus ensuring departments can release their data and information. With the Treasury Board in place, the Government of Canada plan to have a secure service with cloud built, modernized tachnology hardwre and sofware established to enhance efficient data and information sharing. https://www.canada.ca/en/treasury-boardsecretariat/services/information-technologyproject-management/informationmanagement.html The GC ICAM is mandated to offer GC-wide IT solution that will reduce cost, improve efficiency an enhance experience of endusers, and improve securty of the GC networks. Data and information are availed and made accessble to create opportunities and increas engagement and trust in activities of the government. https://www.canada.ca/en/treasury-boardsecretariat/services/information-technologyproject-management/projectmanagement.html IT is described in two ways; as a Strategic asset and as a Criticality enabler of the commitmet of the Government of Canada in the delivery of easily acessible and intergrated service to the citzens of Canada. There was no complete plan of the framework of IT security related to risk. There was no commplete and effective securty controls of IT identified. CCRIC utilizes its higly secured systems to reduce cyber risks to phones of service providers and banks as key systems of Canada. It works with provinces, municilaptities, international counterpats, erritoris, and private sector organizations as partners in dealing with cyber risks. The directive requires that the TBS, who is the Chief Information Officer, to ensure all O pe ra tio ns Each department has policies, standards, guidelines, tools, directives and procedures that defines the best practice that ensure safety of information. Such are known to all employees thus ensuring that not only the outcome of operations are facilitated but also accountability on how information is managed at every stage; creation, gathering and utility. https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12754 The policies, processes and standards are set to facilitate normal operations of duties while also integrating information management systems. Each personel is aware of the set standards which are mainly formed to facilitate and promote accountability and transparency, and thus must adhere to this standards. The policy on information management gives directives on what each personnel is expected of to ensure information safety and security without interfering with their normal operations or expected outcomes. https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12742 A master data management (MDM) is used which involves tools, governance, processes, rules and technology that are necessary in maintaining consistency and accurate master data. The approach aims at having a common critical data elements and developing strong governance around them. The MDM gets rid of inconsistencies and redudancy in data within an organization and helps maintain its quality and control. MDM thus ensures proper information management during operations within and across organizations and helps streamline data sharing and interoperability. Since risk management is integrated at the departmental and information system level, the process enhances the security control processes during operations. After the integration and installation of this systems, all IT operations are thus fully controlled during operations and can be moitored and maintained to meet the evolving security needs. Immediately a vulnerability is announced by a vendor, the department assess the level of risk involved and deploy the risk respond; in case of extreme risk the response should be within 48 hours, high risks should be responded to in 2 weeks, medium risks could be responded to during the main update or within three months while low risks could be responded to in the next major update or within an year. The patch released by the vendor should be immediately assessed before installation, this could be in steps through test groups from every department and if no fault is observed within 48hours the patch is rolled out to every part of the department. During the testing if the risk is high, the vulnerable feature is disabled. The security measures installed may affect normal operations even though the overal outcomes are positive. Like some members who have departmental approval may be restricted from using wireless devices, and users must turn off devices that have wireless voice transmission in meetings where sensitive information is being shared. The IT security thus introduces more complex measures and standards that certain personnels must adhere to, which enhances security in operation but also making it complex for such personnels during their normal operations. Some protections are however controlled at the departmental level rather than at personal level thus enhancing information technology security without interfering with their normal operations. The aim of information security management strategies is to enhance operations by the public when sharing data and information with the government or between two departments. The systems recommednded thus ensures such safety is high to build trust with the public on utilizing such channels of communication and information sharing. The operations that would be undertaken to ensure Canadian work in a modern workplace include developing open and accessible data opportunities for all uses, implemenation of investment goals by making reviews on investmen concepts, identifying and mitigating riskes associated the new systems preset in the innovated workplace, and measuring the progress of the new working environment. Development, implemetaion, and monitoring of cost effective, user friendly and more secure nerworks, systems and applicationd of for the GC. Key operations include dveleopemnt o f IT service catalogues and portfolios, reporting on significant areas of health peformance of the IT system, and inplementation of management tools for implementing IT service of an enterprise. Administrative operations are effectively an efficiently managed by IT in providing incorporated and easily accessible services to the citizens of Canada. Systems operations are meant to ensure that every department approves, uniquely identifies, reviews, and validates all users and IT activities they undertake. Operations in incidence response include CCIRC's communuicating and gieing feedback to those who report any cases of cyber attack or occurrence. CCIRC also works with partner in responding to incidents of occurrence of IT ralted risks. With partnership with other relevant bodies, CCIRC offers its partners with technical advice in responding to targeted attacks and recovering from the attacks. There is sharing of information as well as collaboration through access to a relaible forum. Offering advice and support in mitigating cyber activities is among the operations that CCRIC undertakes. Operations involved in the initiative in managiing information incude inforamtion gahering, analysis and disemination, and training and awareness creation in every B ...
Purchase answer to see full attachment

Tutor Answer

Professor_Aldin
School: Rice University

Attached.

Cyber Elements

Governance

Policies, Processes, Standards

Strategy

Risk Management

Risk Assessment--Execution

Asset Security

Information Security Management

Communications and Network

Identity and Access Management

Security Architecture
Security Technology
Security Engineering

Security Development
Operations and Service Delivery

Project Management

Audit, Review, Monitoring

Incident Response
Legal and Regulatory
Data Acquisition, Preservation, Analysis, Transfer

Se
cu
rit
y
In
fo
rm
at
io
n
The Government‟s in UK GCHQ has the general direction to
business to be been bolstered by particular items went for areas,
especially in any confusing or threats of cybercrime, or who have an
uncommon job to play in spreading cyber awareness. This year BIS
distributed digital security direction for the corporate back division in
association with the Institute for Chartered Bookkeepers in England
and Wales (ICAEW). The direction helps handle digital dangers
around mergers and acquisitions, buyouts and investment. BIS is
likewise working in association with the legitimate and bookkeeping
areas to enhance digital security cyber awareness. To help this in
October 2014 BIS, the ICAEW and the Law Society declared
another web-based instructional class to encourage legal advisors
and bookkeepers secure themselves, their customers and the
delicate data they hang on their clients
benefit.https://assets.publishing.service.gov.uk/government/uploads/
system/uploads/attachment_data/file/60961/uk-cyber-securitystrategy-final.pdf
Objective
1.This objective is to tackle cyber crime and be one of the most
secure places in the world to do business in cyberspace
2 Expected results
3. Government would firmly deveoped the tools and devices that
needs to employ in some areas that has prone in cyber crime
attack.
4 The compliance of resilient to cyber attacks
and better able to protect our interests in cyberspace

Towards the core strategies of GCHQ UK, the compliance is the
main goal. Complying all the policies and applying strategies to have
a secured inforation and data.• Work with the organizations that
possess and deal with our basic framework to guarantee key
information and frameworks keep on being sheltered and flexible.
• Establish another operational organization with the private part to
share data on dangers on the internet.
• Encourage industry-drove benchmarks and direction that are
promptly utilized and comprehended, and that assistance
organizations who are great at security make that an offering point.
• Help buyers and little firms explore the market by empowering the
advancement of clear pointers of good digital security items.
• Hold a vital summit with expert business administrations, including
back up plans, evaluators, and legal advisors to decide the job they
may play in advancing the better administration of cybersecurity.

Senior supervisors are progressively confronting another risk - the
administration knows about a particular hazard, does nothing about
it and afterward genuine misfortunes or blackouts happen, there
may well be the criminal obligation. The administration needs to
formally measure threats and vulnerabilities and to deliver hazard
models that would empower the figuring of an annualized misfortune
hope which thusly will permit the computation of expected
misfortune esteems with hazard decrease, related expenses, and
related money saving advantage/ROI. One of the key advantages
of. using this methodology implies that the administration can't be
blamed for tolerating hazard indiscriminately and
insensibly.https://www.cilexregulation.org.uk/~/media/pdf_document
s/cilex-regulation/resources/cilex_doc_1-_cyber_crime.pdf?la=en

Staff can use various information sources to assess the risk of a
vulnerability and the associated patch in the context of their IT
environment. One of the primary information sources is the vendor’s
notification of the patch.
The vulnerability and patch information published by the vendor will
typically include:
•a list of products and versions affected;
•technical details on the vulnerability including an overview of how
exploitation occurs;
•typical consequences of exploitation (e.g., code execution,
information disclosure, denial of service, etc.);
•current exploitation status (i.e., whether the vulnerability is already
being exploited);
•the existence and details of any temporary workarounds; and
•an overall measure of severity based on the above factors.
Each vendor uses a different means of communicating the severity
of a vulnerability. The severity may be derived from a standard such
as the Common Vulnerability Scoring System (CVSS) or based on a
vendor-defined categorization such as ‘Critical’ or ‘Important’.
Regardless of the system the vendor uses, these severity ratings
can allow IT staff to quickly conduct an initial assessment the
potential exploitation of the vulnerability in their environment.
In addition to individual vulnerability/patch details, some vendors
publish a consolidated bulletin that also contains the vendor’s
recommended deployment instructions.

Information Technology security must be mantained to ensure safe
department operations and bussinesses conducted. All departments
are expected to have well established and defined mechanisms for
allowing secure bussiness and information managemnet and
respomding effectively to insidences that may affect information
technology. The government also requires that department heads to
share such informations with department heads once such
incidences are detected and noted. The process should be well
cordinated between these departments. The process should involve
identification of the incidence like a virus or worm, response to the
threat, reporting the incidence, recovery through restoration and
implementation of security measures, and finally caring out a post
analysis where the insidence is assessed and changes
recommedned. http://www.tbs-sct.gc.ca/pol/doceng.aspx?id=12328

The best approach into information security management is the
implementation of proactive measures that minimizes the risks and
threats that may arise during information sharing and storage.
Cybersecurity and aging IT are the major threats that should be
adressed. Installation of proper IT infrastructures ensures
processes, softwares and hardwares are present to ensure longterm sustainability. Such measures ensures protections of all
Canada citizens accessing the government's digital services, of
trustworthy services that allow submission of personal and
bussiness information safely.
https://www.canada.ca/en/treasury-boardsecretariat/topics/information-technology-projectmanagement/information-technology.html
The Communications Security Establishement Canada (CSE)
outlines twen top secutity practive that every department must align
with to wipe out cyberheat threats made against networks of the
Government of Canada. https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html
https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology-projectmanagement/information-management.html

The GC ICAM will imporve the general secury of networks,
applications, and systems of the GC to control privacy
GChttps://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html
https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html
https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html

Risks associated with cyber security have been curbed by appliying measures to reduce surfacing of internet-conne
https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology/strategic-plan-20172021.html
https://www.canada.ca/en/treasury-boardsecretariat/services/information-technology-projectmanagement/project-management.html

The Teasury Board (TB) oversees to ensure the Government
Secutity Policy is adhered to by all the fedral departments hedaed
by their deputies. Auditors review al the procedures, policies,
standrads and directive related to IT security are in place and match
with industry and govenment frameworks. There is configuration of
systems that enforces user authentication before granting access.
https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/dt-nfrmtn-tchnlg-scrt2012/index-en.aspx

The CCIRC reduces cyber risks that critcal services and systems of Canada face by making alerts and issuing advi
https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12754

Te
ch
no
lo
gy
In
fo
rm
at
io
n
The assigned head deputy has roled an
important role in acomodating the whole IT
sector to generate business value and
reduce risks that are associated with IT. It is
important for IT manager because it
implements an organizational structure,
including specific roles and responsibilities of
information, business process and
applications and infrastructure. It helps to
manager in decisions rights and
accountability framework to inspire desirable
behaviors in use of
IT.https://assets.publishing.service.gov.uk/go
vernment/uploads/system/uploads/attachmen
t_data/file/60961/uk-cyber-security-strategyfinal.pdf

Policies, processes and standards fomulated
to help the UK be aware of yber crime and in
any digital security benefit...

flag Report DMCA
Review

Anonymous
Thanks, good work

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors