SlideShare a Scribd company logo

E’s Data Security Company Strategic Security Plan – 2015.docx

Download as DOCX, PDF
M
mydrynan

E’s Data Security Company Strategic Security Plan – 2015 Table of Contents 1 EXECUTIVE SUMMARY 3 1.1 Introduction 3 1.2 Objectives 3 1.3 Determine company position 4 2 INTRODUCTION TO SECURITY 4 2.1 Develop 4 2.2 Information Security Employee Responsibilities 4 2.3 Establish Oversight Authority for Information Security 4 2.4 Establish Reporting Procedures for Leaders 5 2.5 Review of Pertinent or Sensitive Data 5 2.6 Purge Unneeded Data 5 3.3 Unauthorized Systems Access – 6 4.3 Educate employees on cyber threats and trends 6 5 EMERGENCY SITUATIONS 7 5.1 Chain of Command 7 5.2 Communications plan 7 5.3 Safety and Security Drills 7 6. SECURITY RISK MANAGEMENT 7 7 REFERENCES 9 1 EXECUTIVE SUMMARY Per APA, Always Use Times new Roman 12 Font… E’s Data Security Company was established in 2010. It is an organization that provides data security and network solutions to the state and local government of the US Virgin Islands. An executive summary is much more than just one sentence… Add much more detail here… I suggest you eliminate the executive summary and start with your introduction.. 1.1 Introduction In April 2014 E’s Data Security Company began its first phase of implementing a security plan for use within the company. This began what began?? Add more clarity here… by hiring its first Chief Information Security Officer (CISO) for the sole purpose of creating a security program for IT purposes (Scalet, 2006). Initially, the efforts of this plan were focused on obtaining the proper staffing to provide support in the implementation of this plan. It is imperative to understand that the development of an IT Security Program is an ongoing process that is ever-evolving, and a shared responsibility (M.U.S.E., n.d.). By coordinating efforts with local, state, and federal government entities, this plan creates a comprehensive opportunity to address the need for such a plan. Due to the fact that this organization serves a small community, the planning process will mainly rely principally on informal relationships. The formalization of this planning process varies based on the frequency of a particular hazard and its impact on the community. 1.2 Objectives This plan is presented and lists a set of goals for oversight and program implementation. A. Implement and maintain policies and procedures for data security. B. Implement and maintain procedures to test system resilience. C. Implement and maintain education for employees regarding system vulnerabilities. D. Implement and maintain physical security procedures. E. Implement, maintain and review policies for emergency response(s). 1.3 Determine company position In order tTo determine where the organization stands, an external and internal audit will be conducted to determine its competency (Entrepreneurs, 2011). What is the purpose of this section?? 2 INTRODUCTION TO SECURITY 2.1 Develop – In collaboration with government agencies, the strategic plan ...

Education
1 of 8
E’s Data Security Company Strategic Security Plan – 2015 Table of Contents 1 EXECUTIVE SUMMARY 3 1.1 Introduction 3 1.2 Objectives 3 1.3 Determine company position 4 2 INTRODUCTION TO SECURITY 4 2.1 Develop 4 2.2 Information Security Employee Responsibilities 4 2.3 Establish Oversight Authority for Information Security 4 2.4 Establish Reporting Procedures for Leaders 5 2.5 Review of Pertinent or Sensitive Data 5 2.6 Purge Unneeded Data 5 3.3 Unauthorized Systems Access – 6 4.3 Educate employees on cyber threats and trends 6 5 EMERGENCY SITUATIONS 7 5.1 Chain of Command 7 5.2 Communications plan 7
5.3 Safety and Security Drills 7 6. SECURITY RISK MANAGEMENT 7 7 REFERENCES 9 1 EXECUTIVE SUMMARY Per APA, Always Use Times new Roman 12 Font… E’s Data Security Company was established in 2010. It is an organization that provides data security and network solutions to the state and local government of the US Virgin Islands. An executive summary is much more than just one sentence… Add much more detail here… I suggest you eliminate the executive summary and start with your introduction.. 1.1 Introduction In April 2014 E’s Data Security Company began its first phase of implementing a security plan for use within the company. This began what began?? Add more clarity here… by hiring its first Chief Information Security Officer (CISO) for the sole purpose of creating a security program for IT purposes (Scalet, 2006). Initially, the efforts of this plan were focused on obtaining the proper staffing to provide support in the implementation of this plan. It is imperative to understand that the development of an IT Security Program is an ongoing process that is ever-evolving, and a shared responsibility (M.U.S.E., n.d.). By coordinating efforts with local, state, and federal government entities, this plan creates a comprehensive opportunity to address the need for such a plan. Due to the fact that this organization serves a small community, the planning process will mainly rely principally on informal relationships. The formalization of this planning process varies based on the frequency of a particular hazard and its impact on the community.
1.2 Objectives This plan is presented and lists a set of goals for oversight and program implementation. A. Implement and maintain policies and procedures for data security. B. Implement and maintain procedures to test system resilience. C. Implement and maintain education for employees regarding system vulnerabilities. D. Implement and maintain physical security procedures. E. Implement, maintain and review policies for emergency response(s). 1.3 Determine company position In order tTo determine where the organization stands, an external and internal audit will be conducted to determine its competency (Entrepreneurs, 2011). What is the purpose of this section?? 2 INTRODUCTION TO SECURITY 2.1 Develop – In collaboration with government agencies, the strategic planning for this organization will be integrated. How so?? Explain… 2.2 Information Security Employee Responsibilities – All employees will be required to complete an annual course on security awareness. These courses, developed by FEMA will serve to inform employees of their responsibilities for the information within their purview (FEMA, n.d.). Additionally, an in-house training program will be developed to ensure that each employee has an understanding of how to fulfill their responsibilities within their department. 2.3 Establish Oversight Authority for Information Security – The heads of all the departments within this organization have responsibilities directly related to security planning. The unique characteristics of each department regarding their size, programs, practices, and resources will determine their risk environment. Once this information is obtained by any department head, it is required that a formal notice of the violation be given to the CISO for further investigation. The CISO has the authority to enforce the requirements of the information security policies. The CISO also has the authority to authorize and/or implement new IT services, systems shut
down, or delegation of authority to a service provider or department head that possesses the capability to remedy any violations. 2.4 Establish Reporting Procedures for Leaders– The heads of every department will serve as the initial point of contact regarding any form of violation. It is imperative that these individuals are informed so that the proper procedures are implemented. Every department head is required to submit a quarterly assessment and progress report of their department to the CISO. Additionally, all information is to be reviewed by the Security Advisory Committee (SAC), President and Executive Committee on a regular basis. 2.5 Review of Pertinent or Sensitive Data– Data inventory will be conducted by the department heads in conjunction with the CISO. This data what data?? will be reviewed bi-annually, categorized, and handled appropriately. Why is this important?? 2.6 Purge Unneeded Data – All sensitive data that is no longer needed will be purged – while any required data more than six months old would be archived according to organizational policy. Any data that remains will be protected. 3 SYSTEMS ACCESS3.1 Implement badge system for staff – An access card system will be implemented. All employees will be required to utilize their issued cards to gain access to authorized work areas. In addition, these cards are required to be utilized to gain access to the network along with a 7-digit security key.3.2 Implement policies and procedures for badging system – The policies for the badging system will be outlined during a training course prior to issuance. 3.3 Unauthorized Systems Access – The unauthorized access to any system or restricted area within the facility will be reported to the CISO, department head, and lead security officer immediately. An investigation will be conducted into the violation and as a precaution all key passcodes will be changed. A comprehensive and detailed report will be submitted to the
President, Board, and Security team upon completion. Additionally, a determination will be made on whether or not to update the system firmware, etc. 4 SURVEILLANCE AND SECURITY 4.1 Implementation of a surveillance system throughout entire facility – In conjunction with the badging system, a comprehensive surveillance system will be installed throughout the facility for safety and security purposes. This service what service?? will be provided by a third party company, Top Dog Security. This system what system?? will include the utilization of a CCTV system that will also be monitored by Top Dog Security. 4.2 Integrate door locking mechanisms throughout the facility – In an effort to further limit access throughout the facility, all access doors will be outfitted with a key card access mechanism. 4.3 Educate employees on cyber threats and trends – All personnel are required to complete a training course on systems security and cyber threats. Subsequent updates will be disseminated via the CISO and/or department heads via email or muster format. These updates will be based on current trends and threats. 5 EMERGENCY SITUATIONS 5.1 Chain of Command - The most critical part of this section is to notify the agency or organization who handles a specific function required. For example, if there is a fire in the building, the fire department will be notified immediately and then the most immediately available manager. Subsequent notifications will be made, as deemed necessary. A written statement will be submitted via the chain of command within an hour after the incident is addressed. 5.2 Communications plan – The standards for communications are dependent upon the interoperability between responding organizations. The process for managing incident information will be outlined based on the individual departments.
5.3 Safety and Security Drills - All drills will be followed in accordance with the Emergency Operations Plan (EOP). Specific guidelines for systems security will be outlined by the CISO in conjunction with the department heads. These drills will be conducted bi-annually and an after action report will be completed to determine if any modifications are needed. 6. SECURITY RISK MANAGEMENT An integral part of any successful plan is risk management. This is evident in all organizations, whether in the public or private sector. The process of risk management is ever- evolving and includes constant analyzing for controlling security risks. Failure to mitigate security risks could be a detriment to any department and could hinder its ability to achieve its strategic goals. 7 REFERENCES References Entrepreneurs. (October 25, 2011). Five steps to a strategic plan. Retrieved from web site: http://www.forbes.com/sites/aileron/2011/10/25/five-steps-to-a- strategic-plan/ FEMA. (September 16, 2014). 2014-2018 FEMA strategic plan. Retrieved from web site: http://www.fema.gov/media- library/assets/documents/96981 M.U.S.E. (n.d.). Sections and components of strategic plans.
Retrieved from CTU Online – Phase Materials. Scalet, Sarah D. (March 1, 2006). A 13-point plan for starting a strategic security group. Retrieved from web site: http://www.csoonline.com/article/2119643/strategic-planning- erm/a-13-point-plan-for-starting-a-strategic-security-group.html Strengths: Overall, you did a good job with your IP 4; A good description of the data security company; I would have liked to have seen you add overall economic impact of significant damage to a major business to the local economy in the event of a critical incident; I liked that you used several good sources and that is a strength to continue going forward in future classes; Opportunities for improvement: Do not forget to consider other threats outside of natural disasters within your core components of the strategic plan in greater detail; Are there any definitions or acronyms that could be explained in your plan?? What about collaborative partnerships? The plan should designate various agencies and roles and responsibilities such as the State Fusion Center that can provide information sharing, crime trends and/or threats; Any annexes that you would consider?? Remember, annexes are supporting documentation for specific contingency and part of a plan; A few minor grammar errors; pretty good organization and your paper flowed nicely as previously mentioned; I did not see that you followed the template provided for you in the classroom that highlighted areas such as a purpose, scope, and terms section as part of the introduction; The main concept was to focus in on one particular site to draft a site security plan for that entity; Additional Comments: To achieve security and resilience, critical infrastructure partners must collectively identify priorities, articulate clear goals, mitigate risk, measure progress, and adapt based on feedback and the changing environment; The community involved in managing risks to
critical infrastructure is wide-ranging, composed of partnerships among owners and operators; Federal, State, local, tribal, and territorial governments; regional entities; non-profit organizations; and academia. Managing the risks from significant threat and hazards to physical and cyber critical infrastructure requires an integrated approach across this diverse community;

Recommended

Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx (CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docxjoyjonna282
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.pptMuhammad Mazhar
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 

Recommended

Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docx (CDC IT Security Staff BCP Policy) ([CSIA 413,).docx
(CDC IT Security Staff BCP Policy) ([CSIA 413,).docxjoyjonna282
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.pptMuhammad Mazhar
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxL11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxStevenTharp2
 
NFA Interpretive Notice on Info Security
NFA Interpretive Notice on Info SecurityNFA Interpretive Notice on Info Security
NFA Interpretive Notice on Info SecurityWesley Moore
 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge DeliverableCurtis Brazzell
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxSALU18
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017Josef Sulca Cueva
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
Ecm
EcmEcm
EcmSBH10Slide
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docxhyacinthshackley2629
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureThilak Pathirage -Senior IT Gov and Risk Consultant
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptxAvniJain836319
 
Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Sal Velasco
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
 
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxCSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxmydrynan
 

More Related Content

Similar to E’s Data Security Company Strategic Security Plan – 2015.docx

Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxL11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxStevenTharp2
 
NFA Interpretive Notice on Info Security
NFA Interpretive Notice on Info SecurityNFA Interpretive Notice on Info Security
NFA Interpretive Notice on Info SecurityWesley Moore
 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge DeliverableCurtis Brazzell
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxSALU18
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docxhyacinthshackley2629
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Sal Velasco
 

Similar to E’s Data Security Company Strategic Security Plan – 2015.docx (20)

Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxL11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptx
 
NFA Interpretive Notice on Info Security
NFA Interpretive Notice on Info SecurityNFA Interpretive Notice on Info Security
NFA Interpretive Notice on Info Security
 
2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable2019 SANS Holiday Hack Challenge Deliverable
2019 SANS Holiday Hack Challenge Deliverable
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docxABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
ABC Healthcare LimitedIncidence Response Policy1. Purpose. T.docx
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
Ecm
EcmEcm
Ecm
 
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
800-37.pptx
800-37.pptx800-37.pptx
800-37.pptx
 
Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Example of fisma compliance analysis.1
Example of fisma compliance analysis.1
 

More from mydrynan

CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxmydrynan
 
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxCSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxmydrynan
 
CSI Paper Grading Rubric- (worth a possible 100 points) .docx
CSI Paper Grading Rubric- (worth a possible 100 points) .docxCSI Paper Grading Rubric- (worth a possible 100 points) .docx
CSI Paper Grading Rubric- (worth a possible 100 points) .docxmydrynan
 
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docx
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docxCSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docx
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docxmydrynan
 
CSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docx
CSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docxCSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docx
CSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docxmydrynan
 
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docx
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docxCSE422 Section 002 – Computer Networking Fall 2018 Ho.docx
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docxmydrynan
 
CSCI  132  Practical  Unix  and  Programming   .docx
CSCI  132  Practical  Unix  and  Programming   .docxCSCI  132  Practical  Unix  and  Programming   .docx
CSCI  132  Practical  Unix  and  Programming   .docxmydrynan
 
CSCI 714 Software Project Planning and EstimationLec.docx
CSCI 714 Software Project Planning and EstimationLec.docxCSCI 714 Software Project Planning and EstimationLec.docx
CSCI 714 Software Project Planning and EstimationLec.docxmydrynan
 
CSCI 561Research Paper Topic Proposal and Outline Instructions.docx
CSCI 561Research Paper Topic Proposal and Outline Instructions.docxCSCI 561Research Paper Topic Proposal and Outline Instructions.docx
CSCI 561Research Paper Topic Proposal and Outline Instructions.docxmydrynan
 
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docx
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docxCSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docx
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docxmydrynan
 
CryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docx
CryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docxCryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docx
CryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docxmydrynan
 
CSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docx
CSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docxCSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docx
CSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docxmydrynan
 
CSCE 1040 Homework 2 For this assignment we are going to .docx
CSCE 1040 Homework 2 For this assignment we are going to .docxCSCE 1040 Homework 2 For this assignment we are going to .docx
CSCE 1040 Homework 2 For this assignment we are going to .docxmydrynan
 
CSCE509–Spring2019Assignment3updated01May19DU.docx
CSCE509–Spring2019Assignment3updated01May19DU.docxCSCE509–Spring2019Assignment3updated01May19DU.docx
CSCE509–Spring2019Assignment3updated01May19DU.docxmydrynan
 
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docx
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docxCSCI 2033 Elementary Computational Linear Algebra(Spring 20.docx
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docxmydrynan
 
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docx
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docxCSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docx
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docxmydrynan
 
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docx
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docxCSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docx
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docxmydrynan
 
CSC-321 Final Writing Assignment In this assignment, you .docx
CSC-321 Final Writing Assignment In this assignment, you .docxCSC-321 Final Writing Assignment In this assignment, you .docx
CSC-321 Final Writing Assignment In this assignment, you .docxmydrynan
 
Cryptography is the application of algorithms to ensure the confiden.docx
Cryptography is the application of algorithms to ensure the confiden.docxCryptography is the application of algorithms to ensure the confiden.docx
Cryptography is the application of algorithms to ensure the confiden.docxmydrynan
 
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docx
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docxCSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docx
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docxmydrynan
 

More from mydrynan (20)

CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
 
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docxCSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
CSIS 100CSIS 100 - Discussion Board Topic #1One of the object.docx
 
CSI Paper Grading Rubric- (worth a possible 100 points) .docx
CSI Paper Grading Rubric- (worth a possible 100 points) .docxCSI Paper Grading Rubric- (worth a possible 100 points) .docx
CSI Paper Grading Rubric- (worth a possible 100 points) .docx
 
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docx
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docxCSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docx
CSIA 413 Cybersecurity Policy, Plans, and ProgramsProject #4 IT .docx
 
CSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docx
CSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docxCSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docx
CSI 170 Week 3 AssingmentAssignment 1 Cyber Computer CrimeAss.docx
 
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docx
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docxCSE422 Section 002 – Computer Networking Fall 2018 Ho.docx
CSE422 Section 002 – Computer Networking Fall 2018 Ho.docx
 
CSCI  132  Practical  Unix  and  Programming   .docx
CSCI  132  Practical  Unix  and  Programming   .docxCSCI  132  Practical  Unix  and  Programming   .docx
CSCI  132  Practical  Unix  and  Programming   .docx
 
CSCI 714 Software Project Planning and EstimationLec.docx
CSCI 714 Software Project Planning and EstimationLec.docxCSCI 714 Software Project Planning and EstimationLec.docx
CSCI 714 Software Project Planning and EstimationLec.docx
 
CSCI 561Research Paper Topic Proposal and Outline Instructions.docx
CSCI 561Research Paper Topic Proposal and Outline Instructions.docxCSCI 561Research Paper Topic Proposal and Outline Instructions.docx
CSCI 561Research Paper Topic Proposal and Outline Instructions.docx
 
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docx
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docxCSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docx
CSCI 561 DB Standardized Rubric50 PointsCriteriaLevels of .docx
 
CryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docx
CryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docxCryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docx
CryptographyLesson 10© Copyright 2012-2013 (ISC)², Inc. Al.docx
 
CSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docx
CSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docxCSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docx
CSCI 352 - Digital Forensics Assignment #1 Spring 2020 .docx
 
CSCE 1040 Homework 2 For this assignment we are going to .docx
CSCE 1040 Homework 2 For this assignment we are going to .docxCSCE 1040 Homework 2 For this assignment we are going to .docx
CSCE 1040 Homework 2 For this assignment we are going to .docx
 
CSCE509–Spring2019Assignment3updated01May19DU.docx
CSCE509–Spring2019Assignment3updated01May19DU.docxCSCE509–Spring2019Assignment3updated01May19DU.docx
CSCE509–Spring2019Assignment3updated01May19DU.docx
 
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docx
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docxCSCI 2033 Elementary Computational Linear Algebra(Spring 20.docx
CSCI 2033 Elementary Computational Linear Algebra(Spring 20.docx
 
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docx
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docxCSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docx
CSCE 3110 Data Structures & Algorithms Summer 2019 1 of .docx
 
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docx
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docxCSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docx
CSCI 340 Final Group ProjectNatalie Warden, Arturo Gonzalez, R.docx
 
CSC-321 Final Writing Assignment In this assignment, you .docx
CSC-321 Final Writing Assignment In this assignment, you .docxCSC-321 Final Writing Assignment In this assignment, you .docx
CSC-321 Final Writing Assignment In this assignment, you .docx
 
Cryptography is the application of algorithms to ensure the confiden.docx
Cryptography is the application of algorithms to ensure the confiden.docxCryptography is the application of algorithms to ensure the confiden.docx
Cryptography is the application of algorithms to ensure the confiden.docx
 
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docx
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docxCSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docx
CSc3320 Assignment 6 Due on 24th April, 2013 Socket programming .docx
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 

E’s Data Security Company Strategic Security Plan – 2015.docx

  • 1. E’s Data Security Company Strategic Security Plan – 2015 Table of Contents 1 EXECUTIVE SUMMARY 3 1.1 Introduction 3 1.2 Objectives 3 1.3 Determine company position 4 2 INTRODUCTION TO SECURITY 4 2.1 Develop 4 2.2 Information Security Employee Responsibilities 4 2.3 Establish Oversight Authority for Information Security 4 2.4 Establish Reporting Procedures for Leaders 5 2.5 Review of Pertinent or Sensitive Data 5 2.6 Purge Unneeded Data 5 3.3 Unauthorized Systems Access – 6 4.3 Educate employees on cyber threats and trends 6 5 EMERGENCY SITUATIONS 7 5.1 Chain of Command 7 5.2 Communications plan 7
  • 2. 5.3 Safety and Security Drills 7 6. SECURITY RISK MANAGEMENT 7 7 REFERENCES 9 1 EXECUTIVE SUMMARY Per APA, Always Use Times new Roman 12 Font… E’s Data Security Company was established in 2010. It is an organization that provides data security and network solutions to the state and local government of the US Virgin Islands. An executive summary is much more than just one sentence… Add much more detail here… I suggest you eliminate the executive summary and start with your introduction.. 1.1 Introduction In April 2014 E’s Data Security Company began its first phase of implementing a security plan for use within the company. This began what began?? Add more clarity here… by hiring its first Chief Information Security Officer (CISO) for the sole purpose of creating a security program for IT purposes (Scalet, 2006). Initially, the efforts of this plan were focused on obtaining the proper staffing to provide support in the implementation of this plan. It is imperative to understand that the development of an IT Security Program is an ongoing process that is ever-evolving, and a shared responsibility (M.U.S.E., n.d.). By coordinating efforts with local, state, and federal government entities, this plan creates a comprehensive opportunity to address the need for such a plan. Due to the fact that this organization serves a small community, the planning process will mainly rely principally on informal relationships. The formalization of this planning process varies based on the frequency of a particular hazard and its impact on the community.
  • 3. 1.2 Objectives This plan is presented and lists a set of goals for oversight and program implementation. A. Implement and maintain policies and procedures for data security. B. Implement and maintain procedures to test system resilience. C. Implement and maintain education for employees regarding system vulnerabilities. D. Implement and maintain physical security procedures. E. Implement, maintain and review policies for emergency response(s). 1.3 Determine company position In order tTo determine where the organization stands, an external and internal audit will be conducted to determine its competency (Entrepreneurs, 2011). What is the purpose of this section?? 2 INTRODUCTION TO SECURITY 2.1 Develop – In collaboration with government agencies, the strategic planning for this organization will be integrated. How so?? Explain… 2.2 Information Security Employee Responsibilities – All employees will be required to complete an annual course on security awareness. These courses, developed by FEMA will serve to inform employees of their responsibilities for the information within their purview (FEMA, n.d.). Additionally, an in-house training program will be developed to ensure that each employee has an understanding of how to fulfill their responsibilities within their department. 2.3 Establish Oversight Authority for Information Security – The heads of all the departments within this organization have responsibilities directly related to security planning. The unique characteristics of each department regarding their size, programs, practices, and resources will determine their risk environment. Once this information is obtained by any department head, it is required that a formal notice of the violation be given to the CISO for further investigation. The CISO has the authority to enforce the requirements of the information security policies. The CISO also has the authority to authorize and/or implement new IT services, systems shut
  • 4. down, or delegation of authority to a service provider or department head that possesses the capability to remedy any violations. 2.4 Establish Reporting Procedures for Leaders– The heads of every department will serve as the initial point of contact regarding any form of violation. It is imperative that these individuals are informed so that the proper procedures are implemented. Every department head is required to submit a quarterly assessment and progress report of their department to the CISO. Additionally, all information is to be reviewed by the Security Advisory Committee (SAC), President and Executive Committee on a regular basis. 2.5 Review of Pertinent or Sensitive Data– Data inventory will be conducted by the department heads in conjunction with the CISO. This data what data?? will be reviewed bi-annually, categorized, and handled appropriately. Why is this important?? 2.6 Purge Unneeded Data – All sensitive data that is no longer needed will be purged – while any required data more than six months old would be archived according to organizational policy. Any data that remains will be protected. 3 SYSTEMS ACCESS3.1 Implement badge system for staff – An access card system will be implemented. All employees will be required to utilize their issued cards to gain access to authorized work areas. In addition, these cards are required to be utilized to gain access to the network along with a 7-digit security key.3.2 Implement policies and procedures for badging system – The policies for the badging system will be outlined during a training course prior to issuance. 3.3 Unauthorized Systems Access – The unauthorized access to any system or restricted area within the facility will be reported to the CISO, department head, and lead security officer immediately. An investigation will be conducted into the violation and as a precaution all key passcodes will be changed. A comprehensive and detailed report will be submitted to the
  • 5. President, Board, and Security team upon completion. Additionally, a determination will be made on whether or not to update the system firmware, etc. 4 SURVEILLANCE AND SECURITY 4.1 Implementation of a surveillance system throughout entire facility – In conjunction with the badging system, a comprehensive surveillance system will be installed throughout the facility for safety and security purposes. This service what service?? will be provided by a third party company, Top Dog Security. This system what system?? will include the utilization of a CCTV system that will also be monitored by Top Dog Security. 4.2 Integrate door locking mechanisms throughout the facility – In an effort to further limit access throughout the facility, all access doors will be outfitted with a key card access mechanism. 4.3 Educate employees on cyber threats and trends – All personnel are required to complete a training course on systems security and cyber threats. Subsequent updates will be disseminated via the CISO and/or department heads via email or muster format. These updates will be based on current trends and threats. 5 EMERGENCY SITUATIONS 5.1 Chain of Command - The most critical part of this section is to notify the agency or organization who handles a specific function required. For example, if there is a fire in the building, the fire department will be notified immediately and then the most immediately available manager. Subsequent notifications will be made, as deemed necessary. A written statement will be submitted via the chain of command within an hour after the incident is addressed. 5.2 Communications plan – The standards for communications are dependent upon the interoperability between responding organizations. The process for managing incident information will be outlined based on the individual departments.
  • 6. 5.3 Safety and Security Drills - All drills will be followed in accordance with the Emergency Operations Plan (EOP). Specific guidelines for systems security will be outlined by the CISO in conjunction with the department heads. These drills will be conducted bi-annually and an after action report will be completed to determine if any modifications are needed. 6. SECURITY RISK MANAGEMENT An integral part of any successful plan is risk management. This is evident in all organizations, whether in the public or private sector. The process of risk management is ever- evolving and includes constant analyzing for controlling security risks. Failure to mitigate security risks could be a detriment to any department and could hinder its ability to achieve its strategic goals. 7 REFERENCES References Entrepreneurs. (October 25, 2011). Five steps to a strategic plan. Retrieved from web site: http://www.forbes.com/sites/aileron/2011/10/25/five-steps-to-a- strategic-plan/ FEMA. (September 16, 2014). 2014-2018 FEMA strategic plan. Retrieved from web site: http://www.fema.gov/media- library/assets/documents/96981 M.U.S.E. (n.d.). Sections and components of strategic plans.
  • 7. Retrieved from CTU Online – Phase Materials. Scalet, Sarah D. (March 1, 2006). A 13-point plan for starting a strategic security group. Retrieved from web site: http://www.csoonline.com/article/2119643/strategic-planning- erm/a-13-point-plan-for-starting-a-strategic-security-group.html Strengths: Overall, you did a good job with your IP 4; A good description of the data security company; I would have liked to have seen you add overall economic impact of significant damage to a major business to the local economy in the event of a critical incident; I liked that you used several good sources and that is a strength to continue going forward in future classes; Opportunities for improvement: Do not forget to consider other threats outside of natural disasters within your core components of the strategic plan in greater detail; Are there any definitions or acronyms that could be explained in your plan?? What about collaborative partnerships? The plan should designate various agencies and roles and responsibilities such as the State Fusion Center that can provide information sharing, crime trends and/or threats; Any annexes that you would consider?? Remember, annexes are supporting documentation for specific contingency and part of a plan; A few minor grammar errors; pretty good organization and your paper flowed nicely as previously mentioned; I did not see that you followed the template provided for you in the classroom that highlighted areas such as a purpose, scope, and terms section as part of the introduction; The main concept was to focus in on one particular site to draft a site security plan for that entity; Additional Comments: To achieve security and resilience, critical infrastructure partners must collectively identify priorities, articulate clear goals, mitigate risk, measure progress, and adapt based on feedback and the changing environment; The community involved in managing risks to
  • 8. critical infrastructure is wide-ranging, composed of partnerships among owners and operators; Federal, State, local, tribal, and territorial governments; regional entities; non-profit organizations; and academia. Managing the risks from significant threat and hazards to physical and cyber critical infrastructure requires an integrated approach across this diverse community;