Security Capstone Final

User Generated

Yrkvunaare

Computer Science

Description

This week, you will finish the paper, including the incorporation of appropriate feedback that has been previously received. In addition, include detailed information about any laws and regulations (state, federal, or international) that apply to your topic.

New content

  • Discussion of overall integration of topic should be included, including laws, regulations, and standards that need to be met to implement the topic into an organization. Focus on existing laws and regulations.
  • Include a discussion about what industry certifications are applicable for the chosen topic, and discuss how and why a certification can help contribute to the accreditation of the topic.


-2 pages new content, revise the attached document so the table of contents actually works, organize it in a logical order, etc.

Unformatted Attachment Preview

Running head: INFORMATION SECURITY AND RISK MANAGEMENT CSS450: Information Security and Risk Management Raleigh Boots 13 June, 2018 1 INFORMATION SECURITY AND RISK MANAGEMENT 2 Table of Contents Guidelines for Effective Information Security Management System ............................................. 3 Data Governance ........................................................................................................................... 4 Network Security ............................................................................................................................ 5 Asset Security Management ......................................................................................................... 5 Complying with Security Regulations ............................................................................................ 6 Introduction to Data Governance………………………………………………………………6 Background …………………...………………………………………………………………....7 Data Governance…………………………………………………………………………………7 Importance of data classification and its application……………………………………….....8 Integration of information security and risk management into security program………….8 References ..................................................................................................................................... 16 INFORMATION SECURITY AND RISK MANAGEMENT 3 Guidelines for Effective Information Security Management System The corporate bodies must put in place proper information security management policies. This will help the management in staying safe from unnecessary inconveniences caused by loss and misplacement of documents. The policies and procedures are meant to offer guidance to the employees and employers on how to go about the legal provisions regarding information security management. The Information Security Act comes up with the security standards for both individuals and corporations. The Act was drafted and enacted to protect people and companies from unfair exploitation by unscrupulous dealers. In a world where information is key, it is important to come with a clear legal arrangement. The most important step in safeguarding information is to ensure a high level of confidentiality. The Information Technology Laboratory sets standards which must be met by the stakeholders. The institution comes up with test, test method, reference data, evidence of implementation and analysis to assist in the coming up and us of effective technology. The standard guidelines are normally as a result of quality consultation among the relevant agencies. The establishment of the relationship between the security standards and the guidelines are as a result of collaboration between the private and the public sector. The process of risk management must put into due consideration the risk that the U.S is exposed to, in terms of the security of the delicate and sensitive state information. Therefore, the private users of the cyberspace must subject themselves to proper guidance. This will help them in avoiding acts that may put the country’s security information at risk (Chenoweth, 2005). INFORMATION SECURITY AND RISK MANAGEMENT 4 Introduction to Data Governance Data governance refers to the general usability, readiness, integrity and security of the data in a company. For a data governance arrangement to be complete, there is always the need to have a governance council. The council will help in coming up with the rules and the procedures on how to implement them. In the current technological dispensation, management of information security is taking over the place of IT. The previous years had always paid most of the attention to the IT. The implementation of information security was left to the IT experts and the technicians. The problem with such an approach was that it left so much gap on the governance procedures. However, over the time, the security management standards have transformed and as such witnessed massive improvements. The current data governance majorly used the ISO standards. Such standards have been used by so many organizations all over the world (Humphreys, 2008). Data governance a very vital component of the information risk management process. The social media platforms have in most instances tricked people into sharing their personal details. Such details are often converted into useful data. The data are used by both the corporate bodies and state agencies to further various agenda. Unfortunately, the conversation on data governance is one which has always been swept under the carpet by those parties that are unfairly benefiting from the unscrupulous act. To remedy the situation, it is important that the social media platforms be monitored on the manner in which they handle people’s personal details. The law must strike the delicate balance between individual’s right to privacy and state security. Neither of the concepts should be used at the expense of the other. Such a legal clarity will help in exposing the cyber criminals. INFORMATION SECURITY AND RISK MANAGEMENT 5 Network Security The design of network security is to offer protection to the integrity and usability the media data. The network security makes use of both the software and hardware technologies. The moment there is adequate security then the network becomes easily accessible. The security system singles out different kinds of threats and consequently stops then from reaching the network (Cohen, 1997). Network security plays a very pivotal role in the information security risk management system. The moment unwanted viruses end up accessing an individual’s cyber space, then there is the great risk vital documents and details getting eaten away. The loss of information can result to serious financial losses should they involve delicate financial records. Furthermore, the amount of work put in coming up with a new set of information and documents will obviously involve more resources, in terms of time and labor. Network security works through a combination of various defenses in the end and the network in general (Cohen, 1997). Asset Security Management There will always be need to mitigate the IT security risks. Security threat is dreaded by al the organizations all over the world. There are several approaches which can be taken in security asset management. These are: Usage of inventory: The inventory can used to single out all the malicious. The inventory software must be used in all the segments of the business. Once the information is used on a regular basis, the workers will be estopped from using prohibited software. The unauthorized software can always be identified and done away with. INFORMATION SECURITY AND RISK MANAGEMENT 6 Avoiding risky applications: Such applications may contain virus that may end up being too destructive in the long run. The malicious software can be prevented through the deployed. Moreover, it is possible to deploy the software behind the firewall. The organization will in the long run have effective control over the information management process. Promoting rationalization and standardization: This entails doing aware with the dormant and old soft wares. Such soft wares may turn into viruses and thus prove too messy. Complying with Security Regulations The current data governance majorly used the ISO standards. Such standards have been used by so many organizations all over the world. The Information Security Act comes up with the security standards for both individuals and corporations. The Act was drafted and enacted to protect people and companies from unfair exploitation by unscrupulous dealers. In a world where information is key, it is important to come with a clear legal arrangement. The data governance council assists in complying with the security regulations (Kelley, 2009). Data Governance by Concept Every company no matter how small or large it needs to put in place a plan that ensures that its information asset is secured. This makes it necessary for a company to establish an information security and risk management team that manages and control all information assets concerning that company. A security and risk management program provides a framework on how to protect a company's data assets and also projects the risks that a company exposes itself to threats for failing to protect its data as well as outlining the policies on how to handle such risks when they occur. INFORMATION SECURITY AND RISK MANAGEMENT 7 Information security and risk management is simply the process of handling uncertainties linked through usage of information technology. It comprises identification, assessment, and treatment of such risks to the discretion, honesty, and accessibility assets to an organization. The primary objective is to treat the risks in regard to the total risk tolerance to an organization itself. There should no expectations of complete eradication of the risks but instead the efforts should be driven towards identifying and achieving a suitable risk level for the respective organization. The act of securing information by an institution or an organization is alarmed with the privacy truth and the handiness of data in whichever method data could be required. Such forms of data include electronic and print media among other forms used in the data governance (Ab Rahman, & Choo, 2015). Data security is vital to the extent to an organization's reliance on data innovation. At the point when an organization's data is presented to risk, the utilization of data security technology is inevitable. Current data security innovations, however, manages just a little portion of the issue of information risk. Further, it is evident that data security innovations do not reduce data risk adequately. Subsequently, data governance has gone through critical changes for over 50 years. Research shows that data arose from lock boxes of incongruent bequest transactional systems while data governance then developed to be a different and complex discipline supported by radical hardware and software. Data management has undergone through downturns in 1990, 2001 and 2008 which has helped it match forward and increase quicker in spending than information technology (Khatri, & Brown, (2010). The extent to which data has managed as an essential asset in an organization has passed through diverse eras as follows; the solicitation era, Enterprise depository era and finally the era of policy. INFORMATION SECURITY AND RISK MANAGEMENT 8 Apparently, during the ancient days of communication, militant commanders knew the importance of utilizing various mechanisms to protect the confidentiality of messages and to have some means of detecting information tempering. In the mid-19th century, more complex classifications were developed to enable administrations to handle their data according to a certain degree of sensitivity (Ab Rahman & Choo, 2015). For instance, the multi-tier systems used to communicate during the Second World War. The modern-day procedure-based approach to information administration frameworks is derived from the work published by W. Edwards Demming and the entire universe of Total Quality Management. Edward's holistic and processbased approach to the assembling sector of the economy was at first overlooked (Khatri, & Brown, (2010). However, this approach was at long last embraced by many manufacturing businesses after the rapid advancement in the quality of products from Japan in the 1960s. Despite the perspective that the approach was only applicable in production-related businesses, the approach ideas have since been effectively applied in various environments which are not production related in nature. The information security and risk management is an instance of applying the administration framework applied model to the discipline of Information Security (Khatri, & Brown, (2010). The unmatched credits to this occurrence of management systems include the following attributes. Firstly, risk management connected to data and in view of measurements of secrecy, uprightness, and accessibility (Schwalbe, 2015). Additionally, Total Quality Management applied to data security forms and in view of measurements of productivity and adequacy. Moreover, a checking and announcing model in view of reflection layers that channel and total operational points of interest for administration introduction. It is also an organized approach towards coordinating individuals, process, and innovation to outfit undertaking data security administrations. INFORMATION SECURITY AND RISK MANAGEMENT 9 Meanwhile, the branch of data management has established and advanced fundamentally. It provides frequent sections for specialism, containing safeguarding systems and unified groundwork, fortifying applications and databanks, safety testing, statistics structures scrutinizing, business development positioning, automated record release, and computerized offence act investigation. Data security experts are exceptionally steady in their business (Schwalbe, 2015). Starting at 2013 in excess of 80 percent of experts had no adjustment in boss or work over a time of a year, and the quantity of experts is anticipated to ceaselessly develop in excess of eleven percent every year onwards. At the center of data security are data confirmation, the act of ensuring the secrecy, honesty, and accessibility of data, guaranteeing that data is not interrupted in any capacity when basic issues arise. These issues incorporate catastrophic events and disasters, computer malpractices and physical robbery. While paper-based business tasks are as yet common, requiring their own particular arrangement of data security rehearses, enterprise advanced initiatives are progressively being stressed, with data confirmation presently being managed by information technology (IT) security experts (Ab Rahman, & Choo, 2015). These specialists apply data security to innovation. It is advantageous to notice that a PC does not necessarily mean a homework area. A PC is any device with a CPU and memory capacity (Kao, & Lee, 2014). Such devices can move from nonnetworked autonomous devices such as calculators to structured portable reckoning devices, for instance, mobile phones and tablets. Information Technology safety consultants are fairly regularly found in any noteworthy foundation as of the natural surroundings and the value of the data established by large business organizations (Schwalbe, 2015). The IT experts are responsible for securing the bigger part of the technology within the business from malicious arithmetical attacks that regularly attempt to obtain rudimentary secretive data or regulation of the inner outlines. INFORMATION SECURITY AND RISK MANAGEMENT 10 The end result of context foundation stage is a clear data security risk mitigation approach. Basically, it is almost impossible to undertake a risk management activity without such a document. However, in more often occasions, specialized risk management solutions are actualized without such procedure (Schwalbe, K., 2015). In the event these occasions happen, it is extremely possible that such strategies are not lined up with company's main goal and high-level hazard administration approach. It is also possible that numerous hazards related parameters are not set and therefore, no legitimate choices can be made in view of the yield of such executed solutions (Kao, & Lee, 2014). Henceforth, this implies only the false sense of security. The risk management approach ought to clarify how an association surveys data security danger, reacts to such dangers and screens dangers. Contemporary, all protection frameworks apply data innovation (IT) in some shape, which should be strong from computerized foes. This infers cybersecurity relates to munitions structures and stages, for example, (C4ISR) Command, Control, Communications, Computers, and Intelligence, Surveillance, and Reconnaissance structures and data frameworks. Cybersecurity is a fundamental requirement for the Department of Defense and is a critical piece of preserving the United States' specific prevalence (Ab Rahman, & Choo, 2015). The Department of Defense starting previously changed a couple of its approaches to insistently pressure the consolidation of cyber safety into its achievement activities to guarantee solid systems (Kao, & Lee, 2014). This manual is proposed to help Suite Executives in the capable and fiscally clever blend of cyber security into their structures, according to the revived Department of Defense techniques such as Department of Defense Instruction RMF, Cyber Security and Operation of the Defense Acquisition System. Background INFORMATION SECURITY AND RISK MANAGEMENT 11 Basically, Information Security Risk Management (ISRM) is a main concern to every organization around the world. Despite the fact that the number of existing ISRM strategies is immense, companies have continued to invest heavily in making new ISRM techniques keeping with the sole objective of capturing all the possible dangers of their intricate data frameworks accurately. This process remains a critical knowledge-intensive one for all companies. In most cases, however, the process is tended to in a specially appointed way. The presence of a methodical approach to the advancement of new or enhanced ISRM strategies and techniques would upgrade the adequacy of the procedure Kao (M. C., & Lee, 2014). In any organization, the loss of any information that is crucial may lead to damages to the organization. The information security and risk management programs secure documents that contain information providing guidelines and procedures that guide the operations of the organization. Failure to establish a practical plan to guarantee the safety of a company's information exposes it to risks. For instance, the Information Security Act states the security standards for individuals as well as corporations. This policy protects individuals and also organizations information from malicious and unauthorized dealers. Data Governance by Definition This refers to the availability, usability, validity and the safety of a company's data. With the dispensation of greatly advanced technology, most organization's data management team have resulted in the adoption of information technology to secure their information (Daily, et al., 2013). However, as a result of cybercrimes such as information phishing, there is need to develop effective counteractive measures such as developing cybercrime laws to govern the accessing and sharing of personal as well as organizations' data. INFORMATION SECURITY AND RISK MANAGEMENT 12 Importance of Data Classification and Its Application The main goal of classifying data in to enhance easy and efficient access at the time of retrieval. Information labeling ensures the safety of information as it is tagged according to the defined levels such as restricted, public, confidential and even internal use only. Information classification is useful in healthcare facilities to ensure confidentiality of patients' information thus ensuring the privacy of the patients. Integration of Information Security and Risk Management into Security Program Data security, however regularly saw as an arrangement of specific issues, must be held onto as a corporate administration duty that includes hazard administration, detailing controls, testing and preparing, and official responsibility (Schwalbe, 2015). It requires the dynamic commitment of all managers and the board of governance. Moreover, a task force of corporate governance for the national cyber security partnership has been developed to improve the data management techniques. The task force report provides governance policies and controls that may include the identification of cyber security roles and the duties of the management structures risk management establishment as well as quality assurance to the information users. Risk Assessment Data management has undergone various changes for almost 5 decades. Numerous studies reveal that data originated from lock cases of different endowment transactional schemes while data supremacy then advanced to be a diverse and compound discipline reinforced by essential hardware and software (Farn, Lin, & Fung, 2004). Data Management therefore helps to tie together the exact data apt for hovering an organization’s assurance and confidence in its data. Apparently, INFORMATION SECURITY AND RISK MANAGEMENT 13 there are also risks related to data and its actions. Value apprehension is much wanted; a steadiness between recognitions of paybacks with operational management of Risk is requisite to permit these profits (Humphreys, 2008). Although data security in many organizations is restricted to sanctifying it by way of a function, there is an indispensable need for allowing a risk managing function to surety of the execution of the controls and program. Data risk is the likelihood for a firm loss correlated to the control, administration and safety of data. In data governance, the following are the risks it may be exposed to: Seller Lock-in which mainly defines a clash with a software while the facility vendor who hold your files as a negotiating chip and inhibits you from retrieving it, data exploitation where data becomes corrupted in line for data putrefaction hence affecting the firm’s processes, dark data when an organization carelessly gathers obscure information that becomes messy and pricey to manage, data remanence where an organization fortuitously arranges equipment short of right spreading and degaussing, compliance when a business inadvertently offers buyer particulars to an intermediary thus profaning local guidelines and finally the data breach in regard to a business losing its intact customer records to a progressive insistent threat (Cohen, 1997). The databank is vended to frequent firms exposing your clients to threats and pressure. This leads to obligation, branding damage and governing investigations. Competence Based Planning is a broadly contained technique in protection in an intention to plan for any deliberate fluctuations. The principle is mainly to account for risks upfront instead of discounting it (Cohen, 1997). The principle will be of significance especially in stemming out issues of risks like data corruption, seller-in-lock, data breach etc. INFORMATION SECURITY AND RISK MANAGEMENT 14 The use of inventory will aid to select all the mischievous incidents in the file system. The software will be required to be used in all the sectors of the firm to avoid some risks like data manipulation, dark data issues and so forth. When the information is used regularly, the employees will be prevented from exhausting forbidden software which could interfere with the records thus safeguarding the firm from the risks of data remanence or compliance (Cohen, 1997). The unofficial software will be identified always and dealt with accordingly. Safety Regulations compliance which will meet the required ISO standards will be of great importance in safeguarding the firm from such risks since they have applied by many firms worldwide. The Act entitled to Information Security provides the safekeeping ideals for both firms and individuals. The Act was conscripted and sanctioned to guard individuals and corporations from partial manipulation by immoral dealers thus reducing the incidence of risks such as data corruption, data permanence (Cohen, 1997). Methodology like TOGAF can be applied which will help list individuals, method, and material proportions for a specified ability. Data Security provides valued understandings; best applies and references to create a resounding firm case rationalization for either implementation of a data management program or making of remedial and renovated changes to the existing program. Normally, two approaches can be vital for the execution of an asset management package: established policies or established performance (Schwalbe, 2015). The programs which are Policy-based have a tendency to backing a lasting, life-cycle methodology to assessing venture remunerations and costs. The decision made may be grounded on past funding reference point, tactical-based ruptures, or transaction-making instead on recent performance intents or goals. The program will as well describe the guidelines and general primacies for an agency's substructure management. INFORMATION SECURITY AND RISK MANAGEMENT 15 On the other hand, the programs based on performance back the conservancy of prevailing freeway assets through the usage of acknowledged methods and aims. They permit decision makers to find the ideal balance between accessibility and deployment of any asset at any set interval established on the instantaneous performance actions listed to current firm approach (Farn, Lin, & Fung, 2004). The absence of performance effectiveness actions for preservation, setup, and production, conversely, has occasioned to performance tactics founded further on management of budget cost instead on management of asset performance. As I sum up, it is apparent that in so as to improve data security, it is obligatory to ascertain the organization assets, liabilities, pressures and lastly the controls in order to handle the risks discussed in the entire paper linked to data management and risk compliance. Effectiveness in such doing in the firm allow valuation, execution and communication proposal on the management of asset security. Conclusion In conclusion, it is evident that in order to achieve data management or governance, it is required to identify the assets of an organization, its vulnerabilities, threats and finally the controls so as to be able to address such risks associated with information security and risk management. Immediately when that is done in an organization, assessment, treatment and communication is done to enhance effective handling on such risks. INFORMATION SECURITY AND RISK MANAGEMENT 16 References Chenoweth, J. (2005). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Journal of Information Privacy and Security, 1(1), pp.43-44. Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), pp.247-255. INFORMATION SECURITY AND RISK MANAGEMENT 17 Cohen, F. (1997). Managing network security — Part 5: Risk management or risk analysis. Network Security, 1997(4), pp.15-19. Kelley, B. (2009). Small concerns: nanotech regulations and risk management. SPIE Newsroom. Daily, C. M., Dalton, D. R., & Cannella Jr, A. A. (2013). Corporate governance: Decades of dialogue and data. Academy of management review, 28(3), 371-382. Kao, M. C., & Lee, Y. W. (2014). U.S. Patent No. 8,694,772. Washington, DC: U.S. Patent and Trademark Office. Schwalbe, K. (2015). Information technology project management. Cengage Learning Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45-69. Khatri, V., & Brown, C. V. (2010). Designing data governance. Communications of the ACM, 53(1), 148-152. Farn, K. J., Lin, S. K., & Fung, A. R. W. (2004). A study on information security management system evaluation—assets, threat and vulnerability. Computer Standards & Interfaces, 26(6), 501-513.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: INFORMATION SECURITY AND RISK MANAGEMENT

CSS450: Information Security and Risk Management
Raleigh Boots
13 June, 2018

1

INFORMATION SECURITY AND RISK MANAGEMENT

2

Table of Contents
Guidelines for Effective Information Security Management System ...................................... 4
Introduction to Data Governance................................................................................................ 5
Network Security ............................................................................................................................ 6
Asset Security Management ........................................................................................................... 6
Complying with Security Regulations ............................................................................................ 7
Data Governance by Concept…………………………………………………………………...7
Background …………………...………………………………………………………………..12
Data Governance by definition…………………………………………………………………..12
Importance of data classification and its application………………………………………...13
Integration of information security and risk management into security program………...13

INFORMATION SECURITY AND RISK MANAGEMENT

3

Risk assessment---------------------------------------------------------------------------------------------14
Implementation---------------------------------------------------------------------------------------------16
Industry certification--------------------------------------------------------------------------------------------------------18
Conclusion----------------------------------------------------------------------------------------------------19
References .................................................................................................................................... 20

INFORMATION SECURITY AND RISK MANAGEMENT

4

Guidelines for Effective Information Security Management System
The corporate bodies must put in place proper information security management policies.
This will help the management in staying safe from unnecessary inconveniences caused by loss
and misplacement of documents. The policies and procedures are meant to offer guidance to the
employees and employers on how to go about the legal provisions regarding information security
management.
The Information Security Act comes up with the security standards for both individuals
and corporations. The Act was drafted and enacted to protect people and companies from unfair
exploitation by unscrupulous dealers. In a world where information is key, it is important to
come with a clear legal arrangement. The most important step in safeguarding information is to
ensure a high level of confidentiality.
The Information Technology Laboratory sets standards which must be met by the
stakeholders. The institution comes up with test, test method, reference data, evidence of
implementation and analysis to assist in the coming up and us of effective technology.
The standard guidelines are normally as a result of quality consultation among the
relevant agencies. The establishment of the relationship between the security standards and the
guidelines are as a result of collaboration between the private and the public sector.
The process of risk management must put into due consideration the risk that the U.S is
exposed to, in terms of the security of the delicate and sensitive state information. Therefore, the
private users of the cyberspace must subject themselves to proper guidance. This will help them
in avoiding acts that may put the country’s security information at risk (Chenoweth, 2005).

INFORMATION SECURITY AND RISK MANAGEMENT

5

Introduction to Data Governance
Data governance refers to the general usability, readiness, integrity and security of the
data in a company. For a data governance arrangement to be complete there is always the need to
have a governance council. The council will help in coming up with the rules and the procedures
on how to implement them.
In the current technological dispensation, management of information security is taking
over the place of IT. The previous years had always paid most of the attention to the IT. The
implementation of information security was left to the IT experts and the technicians. The
problem with such an approach was that it left so many gaps on the governance procedures.
However, over the time, the security management standards have transformed and as such
witnessed massive improvements. The current data governance majorly used the ISO standards.
Such standards have been used by so many organizations all over the world (Humphreys, 2008).
Data governance is a very vital component of the information risk management process.
The social media platforms have in most instances tricked people into sharing their personal
details. Such details are often converted into useful data. The data are used by both the corporate
bodies and state agencies to further various agenda. Unfortunately, the conversation on data
governance is one which has always been swept under the carpet by those parties that are
unfairly benefiting from the unscrupulous act. To remedy the situation, it is important that the
social media platforms be monitored on the manner in which they handle people’s personal
details. The law must strike the delicate balance between individual’s right to privacy and state
security. Neither of the concepts should be used at the expense of the other. Such a legal clarity
will help in exposing the cyber criminals.

INFORMATION SECURITY AND RISK MANAGEMENT

6

Network Security
The design of network security is to offer protection to the integrity and usability the
media data. The network security makes use of both the software and hardware technologies.
The moment there is adequate security then the network becomes easily accessible. The security
system singles out different kinds of threats and consequently stops then from reaching the
network (Cohen, 1997).
Network security plays a very pivotal role in the information security risk management
system. The moment unwanted viruses end up accessing an individual’s cyber space, and then
there is the great risk vital documents and details getting eaten away. The loss of information can
result to serious financial losses should they involve delicate financial records. Furthermore, the
amount of work put in coming up with a new set of information and documents will obviously
involve more resources, in terms of time and lab...


Anonymous
Great! 10/10 would recommend using Studypool to help you study.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags