SlideShare a Scribd company logo

CHAPTER 4Developing a Risk Management PlanCopyright

Download as DOCX, PDF
W
WilheminaRossi174

CHAPTER 4 Developing a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Learning Objective(s) and Key Concepts Describe the components of and approaches to effective risk management in an organization. Fundamental components of a risk management plan Objectives, boundaries, and scope of a risk management plan Importance of assigning responsibilities in a risk management plan Significance of planning, scheduling, documentation, and reporting Steps of the NIST Risk Management Framework Learning Objective(s) Key Concepts Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Objectives of a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com A list of threats A list of vulnerabilities Costs associated with risks A list of recommendations to reduce the risks Costs associated with recommendations A cost-benefit analysis (CBA) One or more reports Implementing a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Document management decisions Document and track implementation of accepted recommendations Create a plan of action and milestones (POAM) Objectives Examples Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identifying threats Identifying vulnerabilities Identifying assets Assigning responsibilities Objectives Examples (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identifying the costs of an outage/noncompliance Providing recommendations Identifying the costs of recommendations Providing a CBA Objectives Examples (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Documenting accepted recommendations Tracking implementation Creating a POAM Scope of a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identify the boundaries of the plan Avoid scope creep Identify stakeholders Create a change control board Draft a scope statement Scope Examples Website Creating a risk management plan to secure a website: Scope includes: Security of the server hosting the website Security of the website itself Availability of the website Integrity of the website’s data Stakeholders include: Vice president of sales Information technology (IT) support department head Written approval is required for all activities outside the scope of this plan HIPAA Compliance Creating a risk management plan to ensure HIPAA compliance: Scope includes: Identifying all health data Storing health data Using health data Transmitt ...

Education
1 of 38
CHAPTER 4 Developing a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Learning Objective(s) and Key Concepts Describe the components of and approaches to effective risk management in an organization. Fundamental components of a risk management plan Objectives, boundaries, and scope of a risk management plan Importance of assigning responsibilities in a risk management plan Significance of planning, scheduling, documentation, and reporting Steps of the NIST Risk Management Framework Learning Objective(s) Key Concepts Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Objectives of a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
Learning Company. www.jblearning.com A list of threats A list of vulnerabilities Costs associated with risks A list of recommendations to reduce the risks Costs associated with recommendations A cost-benefit analysis (CBA) One or more reports Implementing a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Document management decisions Document and track implementation of accepted recommendations
Create a plan of action and milestones (POAM) Objectives Examples Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identifying threats Identifying vulnerabilities Identifying assets Assigning responsibilities Objectives Examples (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identifying the costs of an outage/noncompliance Providing recommendations
Identifying the costs of recommendations Providing a CBA Objectives Examples (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Documenting accepted recommendations Tracking implementation Creating a POAM Scope of a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identify the boundaries of the plan Avoid scope creep Identify stakeholders
Create a change control board Draft a scope statement Scope Examples Website Creating a risk management plan to secure a website: Scope includes: Security of the server hosting the website Security of the website itself Availability of the website Integrity of the website’s data Stakeholders include: Vice president of sales Information technology (IT) support department head Written approval is required for all activities outside the scope of this plan HIPAA Compliance Creating a risk management plan to ensure HIPAA compliance: Scope includes: Identifying all health data Storing health data Using health data Transmitting health data Stakeholders include: Chief Information Officer (CIO) Human resources (HR) department head Written approval is required for all activities outside the scope of this plan
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Assigning Responsibilities Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Responsibilities can be assigned to: Risk management PM Stakeholders Departments or department heads Executive officers, such as the CIO or CFO Individual responsibilities: Identifying risk Assessing risk
Identifying risk mitigation steps Reporting Responsibilities Examples Website The IT department is responsible for providing: A list of threats A list of vulnerabilities A list of recommended solutions Costs for each of the recommended solutions The sales department is responsible for providing: Direct costs of all outages that last 15 minutes or longer Indirect costs of all outages that last 15 minutes or longer The CFO will: Validate the data provided by the IT and sales departments Complete a CBA HIPAA Compliance The HR department is responsible for providing: A list of all health information sources Inspection results for all data sources regarding HIPPA compliance How the data is stored, protected, and transmitted A list of existing and needed HIPAA policies A list of recommended solutions to ensure HIPPA compliance Costs for each of the recommended solutions Costs associated with noncompliance The IT department is responsible for providing: Identification of access controls used for data A list of recommended solutions to ensure compliance with HIPAA Costs for each of the recommended solutions
The CFO will: Validate the data provided by the IT and sales departments Complete a CBA Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Using Affinity Diagrams Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Describing Procedures and Schedules for Accomplishment Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Include a recommended solution for any threat or vulnerability, with a goal of mitigating the associated risk The solution will often include multiple steps Describe each step in detail Include a timeline for completion of each step Remember:
Management is responsible for choosing the controls to implement Management is responsible for residual risk Procedures Examples Website Mitigating the risk of denial of service (DoS) attacks: Recommendation—Upgrade the firewall. Justification—The current firewall is a basic router; it does not provide advanced firewall capabilities Procedures—The following steps can be used to upgrade the new firewall: Start firewall logging Create a firewall policy Purchase a firewall appliance Install the firewall Configure the firewall Test the firewall before going live Bring the firewall online HIPAA Compliance Procedures for mitigating the risk of HIPPA noncompliance: Recommendation—Increase awareness of HIPAA Justification—Make clear that noncompliance can result in fines totaling $25,000 a year for mistakes Procedures—Use the following steps to increase awareness: Require all employees to read and comply with HIPAA policies Provide training to all employees on HIPAA compliance
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Reporting Requirements Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Present recommendations Document management response to recommendations Document and track implementation of accepted recommendations Create a plan of action and milestones (POAM) Presenting Recommendations Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Report should include: Findings
Reports are often summarized in risk statements Use risk statements to communicate a risk and the resulting impact Recommendation cost and time frame Cost-benefit analysis (CBA) Findings Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Cause—The threat Criteria—The criteria that will allow the threat to succeed Inadequate manpower Unmanaged firewall No intrusion detection system (IDS) Operating system not updated
Antivirus software not installed and updated Effect—Often an outage of some type Findings (Cont.) Website cause and effect diagram Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Findings (Cont.) HIPAA compliance cause and effect diagram Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Recommendation Cost and Time Frame Each item should include the cost and timeframe required to implement it Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Example list of recommendations included in the website risk management plan
Upgrade firewall Purchase and install IDS Create a plan to keep the system updated Install antivirus software on server Update antivirus software Add one IT administrator Cost-Benefit Analysis (CBA) CBA should include two items: Cost of the recommendation, including any anticipated ongoing costs Projected benefits in terms of dollars Example of a CBA for a website recommendation: Recommendation Cost of the recommendation Background Loss before recommendation Expected loss with recommendation Benefit of the recommendation CBA = Loss before recommendation − Loss after recommendation − Cost of recommendation
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Risk Statements Used to communicate a risk and the resulting impact Often written using “if/then” Should be matched to the scope and objectives of the project Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Documenting Management Response to Recommendations Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Accept Management can approve the recommendation Defer Management can defer a recommendation Modify Management can modify a recommendation
Documenting and Tracking Implementation of Accepted Recommendations The documentation doesn’t need to be extensive; it could be a simple document listing the recommendation and the decision, for example: Recommendation to purchase antivirus software Accepted. Software is to be purchased as soon as possible. Recommendation to hire an IT administrator Deferred. IT department needs to provide clearer justification for this. In the interim, the IT department is authorized to use overtime to ensure security requirements are met. Recommendation to purchase SS75 firewall Modified. Two SS75 firewalls are to be purchased as soon as possible. These two firewalls will be configured as a DMZ. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Plan of Action and Milestones (POAM) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Is a living document A document used to track progress Used to assign responsibility and to allow management follow - up
Charting the Progress of a Risk Management Plan The milestone plan chart lists only major milestones Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Charting the Progress of a Risk Management Plan (Cont.) A Gantt chart shows a full project schedule Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Charting the Progress of a Risk Management Plan (Cont.) The critical path chart identifies critical tasks to be managed Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Steps of the NIST Risk Management Framework (RMF) Seven-step process that combines security and risk management as part of a systems development life cycle: Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
Learning Company. www.jblearning.com Prepare Categorize Select Implement Assess Authorize Monitor Summary Fundamental components of a risk management plan Objectives, boundaries, and scope of a risk management plan Importance of assigning responsibilities in a risk management plan Significance of planning, scheduling, documentation, and reporting Steps of the NIST Risk Management Framework Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
10/8/2020 30 CHAPTER 3 Understanding and Maintaining Compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Learning Objective(s) and Key Concepts Identify compliance laws, standards, best practices, and policies of risk management. Compliance laws that affect information technology (IT) systems Regulations related to compliance Organizational policies for compliance Standards and guidelines for compliance Learning Objective(s) Key Concepts Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
U.S. Compliance Laws Federal Information Security Modernization Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX) Family Educational Rights and Privacy Act (FERPA) Children’s Internet Protection Act (CIPA) Children’s Online Privacy Protection Act (COPPA) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com U.S. Compliance Laws and Their ApplicabilityLawApplicabilityFISMAFederal agenciesHIPPAAny organization handling medical dataGLBABanks, brokerage companies, and insurance companiesSOXAll publicly traded companiesFERPAEducational institutionsCIPASchools and libraries using E-Rate discountsCOPPAWebsites or online services directed at children under 13 and you collect personal information from them Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Health Insurance Portability and Accountability Act Covers any organization that handles health data Medical facilities Insurance companies Any company with a health plan if employees handle health data HIPPA Compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
Learning Company. www.jblearning.com Assessment Risk analysis Plan creation Plan implementation Continuous monitoring Gramm-Leach-Bliley Act (GLBA) Also known as the Financial Services Modernization Act Most of GLBA relates to how banking and insurance institutions can merge Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Financial Privacy Rule Requires companies to notify customers about privacy practice Explains how the bank or company collects and shares data
Safeguards Rule Requires companies to have a security plan to protect customer information Ensures data isn’t released without authorization; ensures data integrity Companies must use a risk management plan, provide security training Sarbanes-Oxley (SOX) Act Applies to publicly traded companies Designed to hold company executives and board members personally responsible for financial data Chief executive officers (CEOs) and chief financial officers (CFOs) must be able to: Verify accuracy of financial statements Prove the statements are accurate Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Family Educational Rights and Privacy Act (FERPA) Protects the privacy of student records, which includes education and health data Applies to all schools that receive funding from the U.S. Department of Education:
State or local educational agencies Institutions of higher education Community colleges Schools or agencies that offer a preschool program All other education institutions For students under 18, parent can inspect records and request corrections Protects student personally identifiable information (PII) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Children’s Internet Protection Act (CIPA) Designed to limit access to offensive content from school and library computers Covers schools and libraries that receive funding from the E- Rate program Requires schools and libraries to block or filter Internet access to pictures that are obscene or harmful to minors Requires schools and libraries to: Adopt and enforce a policy to monitor online activity of minors Implement an Internet safety policy that addresses: Access by minors to inappropriate content Safety and security of minors when using email and chat rooms Unauthorized access Unlawful activities by minors online Unauthorized use of minors’ personal information Measures restricting minors’ access to harmful materials Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Children’s Online Privacy Protection Act (COPPA) Designed to protect the privacy of children under 13 Sites must require parental consent to collect or use personal information of young website users Sites must post: Contents of privacy policy When and how to seek verifiable consent from a parent or guardian Responsibility of a website operator regarding children’s privacy and safety online, including restrictions on the types and methods of marketing that targets those under 13 Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Regulations Related to Compliance Securities and Exchange Commission (SEC) Federal Trade Commission (FTC) Protects consumers Prevents anticompetitive practices Evaluates economic impact of actions Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Federal Trade Commission (FTC)
Bureau of Consumer Protection Bureau of Competition Bureau of Economics U.S. Compliance Regulatory Agencies Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Federal Deposit Insurance Corporation (FDIC) Department of Homeland Security (DHS) State Attorney General (AG) U.S. Attorney General (U.S. AG) Organizational Policies for Compliance Fiduciary Refers to a relationship of trust Could be a person who is trusted to hold someone else’s assets Trusted person has the responsibility to act in the other person’s
best interests and avoid conflicts of interest Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Organizational Policies for Compliance (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Examples of trust relationships: An attorney and a client A CEO and a board of directors Shareholders and a board of directors Fiduciary is expected to take extra steps: Due diligence Due care Organizational policy could include:
Mandatory vacations Job rotation Separation of duties Acceptable use Standards and Guidelines for Compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Payment Card Industry Data Security Standard (PCI DSS) National Institute of Standards and Technology (NIST) Generally Accepted Information Security Principles (GAISP) Control Objectives for Information and Related Technology (COBIT) International Organization for Standardization (ISO)
Standards and Guidelines for Compliance (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com International Electrotechnical Commission (IEC) Information Technology Infrastructure Library (ITIL) Capability Maturity Model Integration (CMMI) General Data Protection Regulation (GDPR) Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Payment Card Industry Data Security Standard Created by Payment Card Industry Security Standards Council American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. Key pieces of data: Name Credit card number Expiration date Security code Merchants using credit cards are required to comply Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
Learning Company. www.jblearning.com Payment Card Industry Data Security Standard (Cont.)GoalsProcess StepsBuild and maintain a secure network that is PCI compliantInstall and maintain a firewall Do not use defaults, such as default passwordsProtect cardholder dataProtect stored data Encrypt transmissionsMaintain a vulnerability management programUse and update antivirus software Develop and maintain secure systemsImplement strong access control measuresRestrict access to data Use unique logins for each user Don’t share usernames and passwords Restrict physical accessRegularly monitor and test networksTrack and monitor all access to systems and data Regularly test securityMaintain an information security policyMaintain a security policy Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Payment Card Industry Data Security Standard (Cont.) Build and maintain a secure network that is PCI compliant Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Assess
Report Remediate National Institute of Standards and Technology (NIST) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Promotes U.S. innovation and competitiveness Hosts the Information Technology Laboratory (ITL) Special publications, SP 800-30: Guide for Conducting Risk Assessments Generally Accepted Information Security Principles (GAISP) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Includes two major sections: Pervasive principles
Broad functional principles Control Objectives for Information and Related Technology (COBIT) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Meet stakeholder needs Cover the enterprise end to end Apply a single integrated framework Enable a holistic approach Separate governance from management Control Objectives for Information and Related Technology (Cont.) Adapted from COBIT 5 for Risk ©2013 ISACA. All rights reserved. Used with permission.
Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com International Organization for Standardization (ISO) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ISO 27002 Security Techniques ISO 31000 Principles and Guidelines on Implementation ISO 73 Risk Management—Vocabulary International Electrotechnical Commission (IEC) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Meet the requirements of the global market
Ensure maximum use of its standards Assess and improve products and services covered by its standards Aid in interoperability of systems Increase the efficiency of processes Aid in improvement of human health and safety Aid in protection of the environment Information Technology Infrastructure Library (ITIL) ITIL life cycle: Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Capability Maturity Model Integration (CMMI) Primary areas of interest:
Product and service development Service establishment, management, and delivery Product and service acquisition Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Level 5 Optimized Level 4 Defined Level 2 Managed Level 1 Initial Level 0 Nonexistent
Quantitatively Managed Level 3 General Data Protection Regulation (GDPR) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Regulates how companies protect the personal data of EU citizens and those in the European Economic Area (EEA) Applies to all businesses that deal with the personal data of individuals living in the EU or EEA Key changes to GDPR in 2018: Increased territorial scope (extraterritorial applicability) Penalties Consent Data subject rights
Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Phase 1 Initiate and Plan Phase 2 Make Certification and Accreditation Decisions Phase 4 Maintain ATO/Review Phase 5 Decommission Implement and Validate
Phase 3 Summary Compliance laws that affect information technology (IT) systems Regulations related to compliance Organizational policies for compliance Standards and guidelines for compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com 10/8/2020 30 DISUCSSION – Intro to Data Mining Chapter 7 : Cluster Analysis: Basic Concepts and Algorithms This week we also discuss the concepts in chapter seven, which deals with the basic concepts and algorithms of cluster analysis. After reading chapter seven answer the following questions: · What is K-means from a basic standpoint?
· What are the various types of clusters and why is the distinction important? · What are the strengths and weaknesses of K-means? · What is a cluster evaluation? Select at least two types of cluster evaluations, discuss the concepts of each method. Reference: TextBook : 1) Data Mining: Concepts and Techniques Author: Jiawei Han, Jian Pei, Micheline Kamber Date: 2011 2) Križanić, S. (2020). Educational data mining using cluster analysis and decision tree technique: A case study . International Journal of Engineering Business Management, 12, 184797902090867–. Discussion – Info Security and Risk Management Chapter 3 - Access Controls in Microsoft Windows Chapter 4 - Microsoft Windows Encryption Tools and Technologies In week 2, analyze the difference between intentional and unintentional threats. You must use at least one scholarly resource. Every discussion posting must be properly APA formatted. PPT attached Text Book: Title: Managing Risk in Information Systems ISBN: 9781284193602 Authors: Darril Gibson, Andy Igonor Publisher: Jones & Bartlett Learning Publication Date: 2021 Edition: 3rd edition
Assignment – Intro to Data Mining Chapter 7 : Cluster Analysis: Basic Concepts and Algorithms After reviewing the case study this week by Krizanic (2020), answer the following questions in essay format. · What is the definition of data mining that the author mentions? How is this different from our current understanding of data mining? · What is the premise of the use case and findings? · What type of tools are used in the data mining aspect of the use case and how are they used? · Were the tools used appropriate for the use case? Why or why not? In an APA7 formatted essay answer all questions above. There should be headings to each of the questions above as well. Ensure there are at least two-peer reviewed sources to support your work. The paper should be at least two pages of content (this does not include the cover page or reference page). Reference: TextBook : 1) Križanić, S. (2020). Educational data mining using cluster analysis and decision tree technique: A case study . International Journal of Engineering Business Management, 12, 184797902090867–. PFA document.

Recommended

CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren Li
DaneWarren
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
Alexey Chekanov
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
 
SEC Bootcamp with Deloitte
SEC Bootcamp with DeloitteSEC Bootcamp with Deloitte
SEC Bootcamp with Deloitte
GreenBiz Group
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09
Tammy Clark
 

Recommended

CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
EstelaJeffery653
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren Li
DaneWarren
 
2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical2023-it-roadmap-for-cybersecurity-techcnical
2023-it-roadmap-for-cybersecurity-techcnical
Jack585826
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
Alexey Chekanov
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
 
SEC Bootcamp with Deloitte
SEC Bootcamp with DeloitteSEC Bootcamp with Deloitte
SEC Bootcamp with Deloitte
GreenBiz Group
 
Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09Supplement To Student Guide Seminar 03 A 3 Nov09
Supplement To Student Guide Seminar 03 A 3 Nov09
Tammy Clark
 
A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022
chinuroula
 
Creating a Business Case for Big Data
Creating a Business Case for Big DataCreating a Business Case for Big Data
Creating a Business Case for Big Data
Perficient, Inc.
 
Chief Inofrmation / Technology Summit
Chief Inofrmation / Technology SummitChief Inofrmation / Technology Summit
Chief Inofrmation / Technology Summit
guested3c50
 
B P G005 Johnson 091807
B P G005 Johnson 091807B P G005 Johnson 091807
B P G005 Johnson 091807
Dreamforce07
 
TCG Svcs Pres 2011
TCG Svcs Pres 2011TCG Svcs Pres 2011
TCG Svcs Pres 2011
mcourton
 
Successful Change Management with ERM
Successful Change Management with ERMSuccessful Change Management with ERM
Successful Change Management with ERM
Aggregage
 
Saaba reflection group 2
Saaba reflection group 2Saaba reflection group 2
Saaba reflection group 2
salif2015
 
Sept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project ManagementSept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project Management
Haroon Abbu
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
SALES97
 
Problem And Purpose Of A Project
Problem And Purpose Of A ProjectProblem And Purpose Of A Project
Problem And Purpose Of A Project
Christina Valadez
 
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future... Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Wellingtone
 
Business Alignment
Business AlignmentBusiness Alignment
Business Alignment
Michael Galo
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
Tammy Clark
 
Ayuntamiento de Granada_ADRAP_RPS.pptx
Ayuntamiento de Granada_ADRAP_RPS.pptxAyuntamiento de Granada_ADRAP_RPS.pptx
Ayuntamiento de Granada_ADRAP_RPS.pptx
ssuserf3b884
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
InvestorSymantec
 
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docxTechnical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
mattinsonjanel
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
InvestorSymantec
 
Exploring the Cost of Developing a Financial Literacy Software
Exploring the Cost of Developing a Financial Literacy SoftwareExploring the Cost of Developing a Financial Literacy Software
Exploring the Cost of Developing a Financial Literacy Software
NdimensionLabs1
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
Jim Kaplan CIA CFE
 
Green audit
Green auditGreen audit
Green audit
gajananh999
 
Senior Seminar in Business Administration BUS 499Coope.docx
Senior Seminar in Business Administration BUS 499Coope.docxSenior Seminar in Business Administration BUS 499Coope.docx
Senior Seminar in Business Administration BUS 499Coope.docx
WilheminaRossi174
 
Select two countries that have been or currently are in confli.docx
Select two countries that have been or currently are in confli.docxSelect two countries that have been or currently are in confli.docx
Select two countries that have been or currently are in confli.docx
WilheminaRossi174
 

More Related Content

Similar to CHAPTER 4Developing a Risk Management PlanCopyright

Chief Inofrmation / Technology Summit
Chief Inofrmation / Technology SummitChief Inofrmation / Technology Summit
Chief Inofrmation / Technology Summit
guested3c50
 
TCG Svcs Pres 2011
TCG Svcs Pres 2011TCG Svcs Pres 2011
TCG Svcs Pres 2011
mcourton
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
SALES97
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
Tammy Clark
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
InvestorSymantec
 
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docxTechnical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
mattinsonjanel
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
InvestorSymantec
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
Jim Kaplan CIA CFE
 

Similar to CHAPTER 4Developing a Risk Management PlanCopyright (20)

A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022A Comprehensive Guide to US CMA Syllabus 2022
A Comprehensive Guide to US CMA Syllabus 2022
 
Creating a Business Case for Big Data
Creating a Business Case for Big DataCreating a Business Case for Big Data
Creating a Business Case for Big Data
 
Chief Inofrmation / Technology Summit
Chief Inofrmation / Technology SummitChief Inofrmation / Technology Summit
Chief Inofrmation / Technology Summit
 
B P G005 Johnson 091807
B P G005 Johnson 091807B P G005 Johnson 091807
B P G005 Johnson 091807
 
TCG Svcs Pres 2011
TCG Svcs Pres 2011TCG Svcs Pres 2011
TCG Svcs Pres 2011
 
Successful Change Management with ERM
Successful Change Management with ERMSuccessful Change Management with ERM
Successful Change Management with ERM
 
Saaba reflection group 2
Saaba reflection group 2Saaba reflection group 2
Saaba reflection group 2
 
Sept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project ManagementSept 2008 Presentation Quality & Project Management
Sept 2008 Presentation Quality & Project Management
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
 
Problem And Purpose Of A Project
Problem And Purpose Of A ProjectProblem And Purpose Of A Project
Problem And Purpose Of A Project
 
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future... Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
 
Business Alignment
Business AlignmentBusiness Alignment
Business Alignment
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
 
Ayuntamiento de Granada_ADRAP_RPS.pptx
Ayuntamiento de Granada_ADRAP_RPS.pptxAyuntamiento de Granada_ADRAP_RPS.pptx
Ayuntamiento de Granada_ADRAP_RPS.pptx
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
 
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docxTechnical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
Technical Paper Risk AssessmentGlobal Finance, Inc. Netwo.docx
 
Symantec Corporate Presentation
Symantec Corporate PresentationSymantec Corporate Presentation
Symantec Corporate Presentation
 
Exploring the Cost of Developing a Financial Literacy Software
Exploring the Cost of Developing a Financial Literacy SoftwareExploring the Cost of Developing a Financial Literacy Software
Exploring the Cost of Developing a Financial Literacy Software
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Green audit
Green auditGreen audit
Green audit
 

More from WilheminaRossi174

Senior Seminar in Business Administration BUS 499Coope.docx
Senior Seminar in Business Administration BUS 499Coope.docxSenior Seminar in Business Administration BUS 499Coope.docx
Senior Seminar in Business Administration BUS 499Coope.docx
WilheminaRossi174
 
Select two countries that have been or currently are in confli.docx
Select two countries that have been or currently are in confli.docxSelect two countries that have been or currently are in confli.docx
Select two countries that have been or currently are in confli.docx
WilheminaRossi174
 
Serial KillersFor this assignment you will review a serial kille.docx
Serial KillersFor this assignment you will review a serial kille.docxSerial KillersFor this assignment you will review a serial kille.docx
Serial KillersFor this assignment you will review a serial kille.docx
WilheminaRossi174
 
SESSION 1Michael Delarosa, Department ManagerWhat sugg.docx
SESSION 1Michael Delarosa, Department ManagerWhat sugg.docxSESSION 1Michael Delarosa, Department ManagerWhat sugg.docx
SESSION 1Michael Delarosa, Department ManagerWhat sugg.docx
WilheminaRossi174
 
Sheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docx
Sheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docxSheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docx
Sheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docx
WilheminaRossi174
 
Selecting & Implementing Interventions – Assignment #4.docx
Selecting & Implementing Interventions – Assignment #4.docxSelecting & Implementing Interventions – Assignment #4.docx
Selecting & Implementing Interventions – Assignment #4.docx
WilheminaRossi174
 
Seediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxSeediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docx
WilheminaRossi174
 
Shared Reading FrameworkFollow this framework when viewing the v.docx
Shared Reading FrameworkFollow this framework when viewing the v.docxShared Reading FrameworkFollow this framework when viewing the v.docx
Shared Reading FrameworkFollow this framework when viewing the v.docx
WilheminaRossi174
 
Self-disclosureDepth of reflectionResponse demonstrates an in.docx
Self-disclosureDepth of reflectionResponse demonstrates an in.docxSelf-disclosureDepth of reflectionResponse demonstrates an in.docx
Self-disclosureDepth of reflectionResponse demonstrates an in.docx
WilheminaRossi174
 
Sheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docx
Sheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docxSheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docx
Sheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docx
WilheminaRossi174
 
Seemingly riding on the coattails of SARS-CoV-2, the alarming sp.docx
Seemingly riding on the coattails of SARS-CoV-2, the alarming sp.docxSeemingly riding on the coattails of SARS-CoV-2, the alarming sp.docx
Seemingly riding on the coattails of SARS-CoV-2, the alarming sp.docx
WilheminaRossi174
 
SHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docx
SHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docxSHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docx
SHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docx
WilheminaRossi174
 
See discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docxSee discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docx
WilheminaRossi174
 
Segmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxSegmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docx
WilheminaRossi174
 
Select a local, state, or national public policy that is relev.docx
Select a local, state, or national public policy that is relev.docxSelect a local, state, or national public policy that is relev.docx
Select a local, state, or national public policy that is relev.docx
WilheminaRossi174
 
School of Community and Environmental HealthMPH Program .docx
School of Community and Environmental HealthMPH Program .docxSchool of Community and Environmental HealthMPH Program .docx
School of Community and Environmental HealthMPH Program .docx
WilheminaRossi174
 
School Effects on Psychological Outcomes During Adolescence.docx
School Effects on Psychological Outcomes During Adolescence.docxSchool Effects on Psychological Outcomes During Adolescence.docx
School Effects on Psychological Outcomes During Adolescence.docx
WilheminaRossi174
 
Search the gene belonging to the accession id you selected in week 2.docx
Search the gene belonging to the accession id you selected in week 2.docxSearch the gene belonging to the accession id you selected in week 2.docx
Search the gene belonging to the accession id you selected in week 2.docx
WilheminaRossi174
 

More from WilheminaRossi174 (20)

Senior Seminar in Business Administration BUS 499Coope.docx
Senior Seminar in Business Administration BUS 499Coope.docxSenior Seminar in Business Administration BUS 499Coope.docx
Senior Seminar in Business Administration BUS 499Coope.docx
 
Select two countries that have been or currently are in confli.docx
Select two countries that have been or currently are in confli.docxSelect two countries that have been or currently are in confli.docx
Select two countries that have been or currently are in confli.docx
 
Serial KillersFor this assignment you will review a serial kille.docx
Serial KillersFor this assignment you will review a serial kille.docxSerial KillersFor this assignment you will review a serial kille.docx
Serial KillersFor this assignment you will review a serial kille.docx
 
SESSION 1Michael Delarosa, Department ManagerWhat sugg.docx
SESSION 1Michael Delarosa, Department ManagerWhat sugg.docxSESSION 1Michael Delarosa, Department ManagerWhat sugg.docx
SESSION 1Michael Delarosa, Department ManagerWhat sugg.docx
 
Sheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docx
Sheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docxSheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docx
Sheet11a & 1b.RESDETAILRes NumCheck InCheck OutCust IDCustFNameCus.docx
 
Selecting & Implementing Interventions – Assignment #4.docx
Selecting & Implementing Interventions – Assignment #4.docxSelecting & Implementing Interventions – Assignment #4.docx
Selecting & Implementing Interventions – Assignment #4.docx
 
Seediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docxSeediscussions,stats,andauthorprofilesforthispublicati.docx
Seediscussions,stats,andauthorprofilesforthispublicati.docx
 
Shared Reading FrameworkFollow this framework when viewing the v.docx
Shared Reading FrameworkFollow this framework when viewing the v.docxShared Reading FrameworkFollow this framework when viewing the v.docx
Shared Reading FrameworkFollow this framework when viewing the v.docx
 
Self-disclosureDepth of reflectionResponse demonstrates an in.docx
Self-disclosureDepth of reflectionResponse demonstrates an in.docxSelf-disclosureDepth of reflectionResponse demonstrates an in.docx
Self-disclosureDepth of reflectionResponse demonstrates an in.docx
 
Sheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docx
Sheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docxSheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docx
Sheet1Excel for Finance Majorsweek 1week 2week 3week 4week 5week 6.docx
 
Seemingly riding on the coattails of SARS-CoV-2, the alarming sp.docx
Seemingly riding on the coattails of SARS-CoV-2, the alarming sp.docxSeemingly riding on the coattails of SARS-CoV-2, the alarming sp.docx
Seemingly riding on the coattails of SARS-CoV-2, the alarming sp.docx
 
See the attachment of 1 Article belowPlease answer all the que.docx
See the attachment of 1 Article belowPlease answer all the que.docxSee the attachment of 1 Article belowPlease answer all the que.docx
See the attachment of 1 Article belowPlease answer all the que.docx
 
SHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docx
SHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docxSHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docx
SHAPING SCHOOL CULTURE BY LIVING THE VISION AND MISSIONNameI.docx
 
Select a healthcare legislature of interest. Discuss the historica.docx
Select a healthcare legislature of interest. Discuss the historica.docxSelect a healthcare legislature of interest. Discuss the historica.docx
Select a healthcare legislature of interest. Discuss the historica.docx
 
See discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docxSee discussions, stats, and author profiles for this publicati.docx
See discussions, stats, and author profiles for this publicati.docx
 
Segmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docxSegmented Assimilation Theory and theLife Model An Integrat.docx
Segmented Assimilation Theory and theLife Model An Integrat.docx
 
Select a local, state, or national public policy that is relev.docx
Select a local, state, or national public policy that is relev.docxSelect a local, state, or national public policy that is relev.docx
Select a local, state, or national public policy that is relev.docx
 
School of Community and Environmental HealthMPH Program .docx
School of Community and Environmental HealthMPH Program .docxSchool of Community and Environmental HealthMPH Program .docx
School of Community and Environmental HealthMPH Program .docx
 
School Effects on Psychological Outcomes During Adolescence.docx
School Effects on Psychological Outcomes During Adolescence.docxSchool Effects on Psychological Outcomes During Adolescence.docx
School Effects on Psychological Outcomes During Adolescence.docx
 
Search the gene belonging to the accession id you selected in week 2.docx
Search the gene belonging to the accession id you selected in week 2.docxSearch the gene belonging to the accession id you selected in week 2.docx
Search the gene belonging to the accession id you selected in week 2.docx
 

Recently uploaded

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 

Recently uploaded (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 

CHAPTER 4Developing a Risk Management PlanCopyright

  • 1. CHAPTER 4 Developing a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Learning Objective(s) and Key Concepts Describe the components of and approaches to effective risk management in an organization. Fundamental components of a risk management plan Objectives, boundaries, and scope of a risk management plan Importance of assigning responsibilities in a risk management plan Significance of planning, scheduling, documentation, and reporting Steps of the NIST Risk Management Framework Learning Objective(s) Key Concepts Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Objectives of a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
  • 2. Learning Company. www.jblearning.com A list of threats A list of vulnerabilities Costs associated with risks A list of recommendations to reduce the risks Costs associated with recommendations A cost-benefit analysis (CBA) One or more reports Implementing a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Document management decisions Document and track implementation of accepted recommendations
  • 3. Create a plan of action and milestones (POAM) Objectives Examples Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identifying threats Identifying vulnerabilities Identifying assets Assigning responsibilities Objectives Examples (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identifying the costs of an outage/noncompliance Providing recommendations
  • 4. Identifying the costs of recommendations Providing a CBA Objectives Examples (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Documenting accepted recommendations Tracking implementation Creating a POAM Scope of a Risk Management Plan Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Identify the boundaries of the plan Avoid scope creep Identify stakeholders
  • 5. Create a change control board Draft a scope statement Scope Examples Website Creating a risk management plan to secure a website: Scope includes: Security of the server hosting the website Security of the website itself Availability of the website Integrity of the website’s data Stakeholders include: Vice president of sales Information technology (IT) support department head Written approval is required for all activities outside the scope of this plan HIPAA Compliance Creating a risk management plan to ensure HIPAA compliance: Scope includes: Identifying all health data Storing health data Using health data Transmitting health data Stakeholders include: Chief Information Officer (CIO) Human resources (HR) department head Written approval is required for all activities outside the scope of this plan
  • 6. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Assigning Responsibilities Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Responsibilities can be assigned to: Risk management PM Stakeholders Departments or department heads Executive officers, such as the CIO or CFO Individual responsibilities: Identifying risk Assessing risk
  • 7. Identifying risk mitigation steps Reporting Responsibilities Examples Website The IT department is responsible for providing: A list of threats A list of vulnerabilities A list of recommended solutions Costs for each of the recommended solutions The sales department is responsible for providing: Direct costs of all outages that last 15 minutes or longer Indirect costs of all outages that last 15 minutes or longer The CFO will: Validate the data provided by the IT and sales departments Complete a CBA HIPAA Compliance The HR department is responsible for providing: A list of all health information sources Inspection results for all data sources regarding HIPPA compliance How the data is stored, protected, and transmitted A list of existing and needed HIPAA policies A list of recommended solutions to ensure HIPPA compliance Costs for each of the recommended solutions Costs associated with noncompliance The IT department is responsible for providing: Identification of access controls used for data A list of recommended solutions to ensure compliance with HIPAA Costs for each of the recommended solutions
  • 8. The CFO will: Validate the data provided by the IT and sales departments Complete a CBA Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Using Affinity Diagrams Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Describing Procedures and Schedules for Accomplishment Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Include a recommended solution for any threat or vulnerability, with a goal of mitigating the associated risk The solution will often include multiple steps Describe each step in detail Include a timeline for completion of each step Remember:
  • 9. Management is responsible for choosing the controls to implement Management is responsible for residual risk Procedures Examples Website Mitigating the risk of denial of service (DoS) attacks: Recommendation—Upgrade the firewall. Justification—The current firewall is a basic router; it does not provide advanced firewall capabilities Procedures—The following steps can be used to upgrade the new firewall: Start firewall logging Create a firewall policy Purchase a firewall appliance Install the firewall Configure the firewall Test the firewall before going live Bring the firewall online HIPAA Compliance Procedures for mitigating the risk of HIPPA noncompliance: Recommendation—Increase awareness of HIPAA Justification—Make clear that noncompliance can result in fines totaling $25,000 a year for mistakes Procedures—Use the following steps to increase awareness: Require all employees to read and comply with HIPAA policies Provide training to all employees on HIPAA compliance
  • 10. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Reporting Requirements Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Present recommendations Document management response to recommendations Document and track implementation of accepted recommendations Create a plan of action and milestones (POAM) Presenting Recommendations Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Report should include: Findings
  • 11. Reports are often summarized in risk statements Use risk statements to communicate a risk and the resulting impact Recommendation cost and time frame Cost-benefit analysis (CBA) Findings Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Cause—The threat Criteria—The criteria that will allow the threat to succeed Inadequate manpower Unmanaged firewall No intrusion detection system (IDS) Operating system not updated
  • 12. Antivirus software not installed and updated Effect—Often an outage of some type Findings (Cont.) Website cause and effect diagram Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Findings (Cont.) HIPAA compliance cause and effect diagram Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Recommendation Cost and Time Frame Each item should include the cost and timeframe required to implement it Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Example list of recommendations included in the website risk management plan
  • 13. Upgrade firewall Purchase and install IDS Create a plan to keep the system updated Install antivirus software on server Update antivirus software Add one IT administrator Cost-Benefit Analysis (CBA) CBA should include two items: Cost of the recommendation, including any anticipated ongoing costs Projected benefits in terms of dollars Example of a CBA for a website recommendation: Recommendation Cost of the recommendation Background Loss before recommendation Expected loss with recommendation Benefit of the recommendation CBA = Loss before recommendation − Loss after recommendation − Cost of recommendation
  • 14. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Risk Statements Used to communicate a risk and the resulting impact Often written using “if/then” Should be matched to the scope and objectives of the project Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Documenting Management Response to Recommendations Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Accept Management can approve the recommendation Defer Management can defer a recommendation Modify Management can modify a recommendation
  • 15. Documenting and Tracking Implementation of Accepted Recommendations The documentation doesn’t need to be extensive; it could be a simple document listing the recommendation and the decision, for example: Recommendation to purchase antivirus software Accepted. Software is to be purchased as soon as possible. Recommendation to hire an IT administrator Deferred. IT department needs to provide clearer justification for this. In the interim, the IT department is authorized to use overtime to ensure security requirements are met. Recommendation to purchase SS75 firewall Modified. Two SS75 firewalls are to be purchased as soon as possible. These two firewalls will be configured as a DMZ. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Plan of Action and Milestones (POAM) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Is a living document A document used to track progress Used to assign responsibility and to allow management follow - up
  • 16. Charting the Progress of a Risk Management Plan The milestone plan chart lists only major milestones Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Charting the Progress of a Risk Management Plan (Cont.) A Gantt chart shows a full project schedule Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Charting the Progress of a Risk Management Plan (Cont.) The critical path chart identifies critical tasks to be managed Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Steps of the NIST Risk Management Framework (RMF) Seven-step process that combines security and risk management as part of a systems development life cycle: Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
  • 17. Learning Company. www.jblearning.com Prepare Categorize Select Implement Assess Authorize Monitor Summary Fundamental components of a risk management plan Objectives, boundaries, and scope of a risk management plan Importance of assigning responsibilities in a risk management plan Significance of planning, scheduling, documentation, and reporting Steps of the NIST Risk Management Framework Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
  • 18. 10/8/2020 30 CHAPTER 3 Understanding and Maintaining Compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Learning Objective(s) and Key Concepts Identify compliance laws, standards, best practices, and policies of risk management. Compliance laws that affect information technology (IT) systems Regulations related to compliance Organizational policies for compliance Standards and guidelines for compliance Learning Objective(s) Key Concepts Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
  • 19. U.S. Compliance Laws Federal Information Security Modernization Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX) Family Educational Rights and Privacy Act (FERPA) Children’s Internet Protection Act (CIPA) Children’s Online Privacy Protection Act (COPPA) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com U.S. Compliance Laws and Their ApplicabilityLawApplicabilityFISMAFederal agenciesHIPPAAny organization handling medical dataGLBABanks, brokerage companies, and insurance companiesSOXAll publicly traded companiesFERPAEducational institutionsCIPASchools and libraries using E-Rate discountsCOPPAWebsites or online services directed at children under 13 and you collect personal information from them Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Health Insurance Portability and Accountability Act Covers any organization that handles health data Medical facilities Insurance companies Any company with a health plan if employees handle health data HIPPA Compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
  • 20. Learning Company. www.jblearning.com Assessment Risk analysis Plan creation Plan implementation Continuous monitoring Gramm-Leach-Bliley Act (GLBA) Also known as the Financial Services Modernization Act Most of GLBA relates to how banking and insurance institutions can merge Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Financial Privacy Rule Requires companies to notify customers about privacy practice Explains how the bank or company collects and shares data
  • 21. Safeguards Rule Requires companies to have a security plan to protect customer information Ensures data isn’t released without authorization; ensures data integrity Companies must use a risk management plan, provide security training Sarbanes-Oxley (SOX) Act Applies to publicly traded companies Designed to hold company executives and board members personally responsible for financial data Chief executive officers (CEOs) and chief financial officers (CFOs) must be able to: Verify accuracy of financial statements Prove the statements are accurate Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Family Educational Rights and Privacy Act (FERPA) Protects the privacy of student records, which includes education and health data Applies to all schools that receive funding from the U.S. Department of Education:
  • 22. State or local educational agencies Institutions of higher education Community colleges Schools or agencies that offer a preschool program All other education institutions For students under 18, parent can inspect records and request corrections Protects student personally identifiable information (PII) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Children’s Internet Protection Act (CIPA) Designed to limit access to offensive content from school and library computers Covers schools and libraries that receive funding from the E- Rate program Requires schools and libraries to block or filter Internet access to pictures that are obscene or harmful to minors Requires schools and libraries to: Adopt and enforce a policy to monitor online activity of minors Implement an Internet safety policy that addresses: Access by minors to inappropriate content Safety and security of minors when using email and chat rooms Unauthorized access Unlawful activities by minors online Unauthorized use of minors’ personal information Measures restricting minors’ access to harmful materials Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
  • 23. Children’s Online Privacy Protection Act (COPPA) Designed to protect the privacy of children under 13 Sites must require parental consent to collect or use personal information of young website users Sites must post: Contents of privacy policy When and how to seek verifiable consent from a parent or guardian Responsibility of a website operator regarding children’s privacy and safety online, including restrictions on the types and methods of marketing that targets those under 13 Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Regulations Related to Compliance Securities and Exchange Commission (SEC) Federal Trade Commission (FTC) Protects consumers Prevents anticompetitive practices Evaluates economic impact of actions Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Federal Trade Commission (FTC)
  • 24. Bureau of Consumer Protection Bureau of Competition Bureau of Economics U.S. Compliance Regulatory Agencies Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Federal Deposit Insurance Corporation (FDIC) Department of Homeland Security (DHS) State Attorney General (AG) U.S. Attorney General (U.S. AG) Organizational Policies for Compliance Fiduciary Refers to a relationship of trust Could be a person who is trusted to hold someone else’s assets Trusted person has the responsibility to act in the other person’s
  • 25. best interests and avoid conflicts of interest Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Organizational Policies for Compliance (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Examples of trust relationships: An attorney and a client A CEO and a board of directors Shareholders and a board of directors Fiduciary is expected to take extra steps: Due diligence Due care Organizational policy could include:
  • 26. Mandatory vacations Job rotation Separation of duties Acceptable use Standards and Guidelines for Compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Payment Card Industry Data Security Standard (PCI DSS) National Institute of Standards and Technology (NIST) Generally Accepted Information Security Principles (GAISP) Control Objectives for Information and Related Technology (COBIT) International Organization for Standardization (ISO)
  • 27. Standards and Guidelines for Compliance (Cont.) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com International Electrotechnical Commission (IEC) Information Technology Infrastructure Library (ITIL) Capability Maturity Model Integration (CMMI) General Data Protection Regulation (GDPR) Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Payment Card Industry Data Security Standard Created by Payment Card Industry Security Standards Council American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. Key pieces of data: Name Credit card number Expiration date Security code Merchants using credit cards are required to comply Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend
  • 28. Learning Company. www.jblearning.com Payment Card Industry Data Security Standard (Cont.)GoalsProcess StepsBuild and maintain a secure network that is PCI compliantInstall and maintain a firewall Do not use defaults, such as default passwordsProtect cardholder dataProtect stored data Encrypt transmissionsMaintain a vulnerability management programUse and update antivirus software Develop and maintain secure systemsImplement strong access control measuresRestrict access to data Use unique logins for each user Don’t share usernames and passwords Restrict physical accessRegularly monitor and test networksTrack and monitor all access to systems and data Regularly test securityMaintain an information security policyMaintain a security policy Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Payment Card Industry Data Security Standard (Cont.) Build and maintain a secure network that is PCI compliant Protect cardholder data Maintain a vulnerability management program Implement strong access control measures Regularly monitor and test networks Maintain an information security policy Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Assess
  • 29. Report Remediate National Institute of Standards and Technology (NIST) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Promotes U.S. innovation and competitiveness Hosts the Information Technology Laboratory (ITL) Special publications, SP 800-30: Guide for Conducting Risk Assessments Generally Accepted Information Security Principles (GAISP) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Includes two major sections: Pervasive principles
  • 30. Broad functional principles Control Objectives for Information and Related Technology (COBIT) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Meet stakeholder needs Cover the enterprise end to end Apply a single integrated framework Enable a holistic approach Separate governance from management Control Objectives for Information and Related Technology (Cont.) Adapted from COBIT 5 for Risk ©2013 ISACA. All rights reserved. Used with permission.
  • 31. Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com International Organization for Standardization (ISO) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ISO 27002 Security Techniques ISO 31000 Principles and Guidelines on Implementation ISO 73 Risk Management—Vocabulary International Electrotechnical Commission (IEC) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Meet the requirements of the global market
  • 32. Ensure maximum use of its standards Assess and improve products and services covered by its standards Aid in interoperability of systems Increase the efficiency of processes Aid in improvement of human health and safety Aid in protection of the environment Information Technology Infrastructure Library (ITIL) ITIL life cycle: Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Capability Maturity Model Integration (CMMI) Primary areas of interest:
  • 33. Product and service development Service establishment, management, and delivery Product and service acquisition Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Level 5 Optimized Level 4 Defined Level 2 Managed Level 1 Initial Level 0 Nonexistent
  • 34. Quantitatively Managed Level 3 General Data Protection Regulation (GDPR) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Regulates how companies protect the personal data of EU citizens and those in the European Economic Area (EEA) Applies to all businesses that deal with the personal data of individuals living in the EU or EEA Key changes to GDPR in 2018: Increased territorial scope (extraterritorial applicability) Penalties Consent Data subject rights
  • 35. Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Phase 1 Initiate and Plan Phase 2 Make Certification and Accreditation Decisions Phase 4 Maintain ATO/Review Phase 5 Decommission Implement and Validate
  • 36. Phase 3 Summary Compliance laws that affect information technology (IT) systems Regulations related to compliance Organizational policies for compliance Standards and guidelines for compliance Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com 10/8/2020 30 DISUCSSION – Intro to Data Mining Chapter 7 : Cluster Analysis: Basic Concepts and Algorithms This week we also discuss the concepts in chapter seven, which deals with the basic concepts and algorithms of cluster analysis. After reading chapter seven answer the following questions: · What is K-means from a basic standpoint?
  • 37. · What are the various types of clusters and why is the distinction important? · What are the strengths and weaknesses of K-means? · What is a cluster evaluation? Select at least two types of cluster evaluations, discuss the concepts of each method. Reference: TextBook : 1) Data Mining: Concepts and Techniques Author: Jiawei Han, Jian Pei, Micheline Kamber Date: 2011 2) Križanić, S. (2020). Educational data mining using cluster analysis and decision tree technique: A case study . International Journal of Engineering Business Management, 12, 184797902090867–. Discussion – Info Security and Risk Management Chapter 3 - Access Controls in Microsoft Windows Chapter 4 - Microsoft Windows Encryption Tools and Technologies In week 2, analyze the difference between intentional and unintentional threats. You must use at least one scholarly resource. Every discussion posting must be properly APA formatted. PPT attached Text Book: Title: Managing Risk in Information Systems ISBN: 9781284193602 Authors: Darril Gibson, Andy Igonor Publisher: Jones & Bartlett Learning Publication Date: 2021 Edition: 3rd edition
  • 38. Assignment – Intro to Data Mining Chapter 7 : Cluster Analysis: Basic Concepts and Algorithms After reviewing the case study this week by Krizanic (2020), answer the following questions in essay format. · What is the definition of data mining that the author mentions? How is this different from our current understanding of data mining? · What is the premise of the use case and findings? · What type of tools are used in the data mining aspect of the use case and how are they used? · Were the tools used appropriate for the use case? Why or why not? In an APA7 formatted essay answer all questions above. There should be headings to each of the questions above as well. Ensure there are at least two-peer reviewed sources to support your work. The paper should be at least two pages of content (this does not include the cover page or reference page). Reference: TextBook : 1) Križanić, S. (2020). Educational data mining using cluster analysis and decision tree technique: A case study . International Journal of Engineering Business Management, 12, 184797902090867–. PFA document.