1
Running head: IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAINING PLAN STRATEGY
Identity management and security awareness training plan strategy 4
Identity management and security awareness training plan strategy
Student’s name
Institutional affiliation
Security Plan for the Organization
A good security awareness training in IT puts focus on problems that are broader, that do not give themselves to only technology solutions (Long, 2010). The training can be split into two main groups; one, the general security training is suitable for the entire employees despite their work role. Two, the group specific training in security centers on specific skills which are significant to only a section of the organization.
General Security Training:
1. Procedures and policies education.
2. Information on the person to be contacted when an employee thinks that she or he has recognized a security risk or threat.
3. Rules for handling information that is confidential.
Group specific training:
1. Regarding the IT operations employees: There should be training in business continuity and disaster recovery planning (Willemssen, 2000).
2. Concerning development organization: Training for design, architecture or coding should be performed.
3. For the staff of finance in the organization, training in fraud detection should be offered.
In conclusion, a security awareness training program that is properly implemented does not only give the Human Resource department with documentation that is necessary for following actions against the staff who disrespect security practices, but also minimizes the amount of penalizing actions (Webel, 2004).
References
Long, J. (2010). Global information security factors. International Journal of Information Security and Privacy (IJISP), 4(2), 49-60.
Webel, B. (2004). The Economic Impact of Cyber-Attacks. Congressional Research Service, Government and Finance Division. Washington DC: The Library of Congress.
Willemssen, J. (2000). "FAA Computer Security". GAO/T-AIMD-00-330. Presented at Committee on Science, House of Representatives.
Running head: FORENSICS AND CSIRT 1
SECURITY PLAN 5
Forensics and CSIRT
Name
Institution
SECURITY PLAN
Abstract.
CSIRT, commonly known as a Computer Security Incident Response Team, refers to an organization mandated with the responsibility of reviewing, receiving and correction of security incidence related to computers for governments, Corporate and religious institutions or even paid clients(Stein, 2009). This paper shows the forensics and CSIRT plan strategy for the organization.
Introduction.
Network administrators are given the responsibility to maintain computer networks. Security is an important requirement in the organizations systems, as these have an impact on day to day activities. Unauthorized access to organizations critical information is detrimental to its operations and could be used to cause the failure of the .
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1. 1
Running head: IDENTITY MANAGEMENT AND SECURITY
AWARENESS TRAINING PLAN STRATEGY
Identity management and security awareness training plan
strategy 4
Identity management and security awareness training plan
strategy
Student’s name
Institutional affiliation
Security Plan for the Organization
A good security awareness training in IT puts focus on problems
that are broader, that do not give themselves to only technology
solutions (Long, 2010). The training can be split into two main
groups; one, the general security training is suitable for the
entire employees despite their work role. Two, the group
specific training in security centers on specific skills which are
significant to only a section of the organization.
General Security Training:
1. Procedures and policies education.
2. Information on the person to be contacted when an employee
thinks that she or he has recognized a security risk or threat.
3. Rules for handling information that is confidential.
Group specific training:
1. Regarding the IT operations employees: There should be
2. training in business continuity and disaster recovery planning
(Willemssen, 2000).
2. Concerning development organization: Training for design,
architecture or coding should be performed.
3. For the staff of finance in the organization, training in fraud
detection should be offered.
In conclusion, a security awareness training program that is
properly implemented does not only give the Human Resource
department with documentation that is necessary for following
actions against the staff who disrespect security practices, but
also minimizes the amount of penalizing actions (Webel, 2004).
References
Long, J. (2010). Global information security factors.
International Journal of Information Security and Privacy
(IJISP), 4(2), 49-60.
Webel, B. (2004). The Economic Impact of Cyber-Attacks.
Congressional Research Service, Government and Finance
Division. Washington DC: The Library of Congress.
Willemssen, J. (2000). "FAA Computer Security". GAO/T-
AIMD-00-330. Presented at Committee on Science, House of
Representatives.
Running head: FORENSICS AND CSIRT 1
SECURITY PLAN 5
3. Forensics and CSIRT
Name
Institution
SECURITY PLAN
Abstract.
CSIRT, commonly known as a Computer Security Incident
Response Team, refers to an organization mandated with the
responsibility of reviewing, receiving and correction of security
incidence related to computers for governments, Corporate and
religious institutions or even paid clients(Stein, 2009). This
paper shows the forensics and CSIRT plan strategy for the
organization.
Introduction.
Network administrators are given the responsibility to maintain
computer networks. Security is an important requirement in the
organizations systems, as these have an impact on day to day
activities. Unauthorized access to organizations critical
information is detrimental to its operations and could be used to
cause the failure of the organization as a whole.
Basic risk assessment
The main risk facing the organization is the risk of access to
organizations records and sensitive data by unauthorized
persons. Confidentiality in information systems enables the
limited access to documents and information. This is always
ensured by the use of identification cards or passwords. The
main methods of attack used are hacking and use of an insider
in the organization. Main assets to be destroyed by unauthorized
users are organizational data and destruction of organization
copyrights and patents(Davis, 2011).
Proactive Security planning.
4. The organizations network administrator should therefor e
ensures that known vulnerabilities are patched on hosts on a
network that has no connection to any external network. This
strategy enables detection of anything that may interfere with
the smooth running of the network systems and control frequent
system breakdowns. Policies to ensure that the organizations
security system is effective include the use of passwords and
strict administrative policies to ensure all the personnel are
careful on information dissemination.
The floor plan of the target environment
Threats facing the organization, apart from unauthorized access
into the organization system are such as cyber-attacks and the
risk of losing funds to cyber criminals. These risks are both
detrimental to the organization and should be looked into to
ensure the continued profitability of the enterprise(Collen, G
and Erika M, 2012). Current gaps include; untrustworthy
employees and lack of skills to effect policies to protect the
organizations security system. These vulnerability gaps should
be looked into in order to affect necessary policies.
Emergency plans shouldbe put in place for both bomb threats
and fire risks. In the case of bomb threats, organization
personnel should be trained on the required response under such
circumstances. In the case of a fire, extinguishers should be
place in all strategic areas in the organization for higher safety
levels. Files should be consistently backed up to ensure their
ease in retrieval in case they are lost due to misplacements of
theft in the organization. Monitoring the implementation of the
security plan is critical to ensure all activities are well
implemented and put into practice to achieve desired results.
Conclusion
Organization security is the most important element to ensure
that the data, assets and critical areas in the organization are
well protected and monitored. Finances should be set aside to
ensure this area is not neglected and that the correct
implementation of laid out plans is facilitated effectively and
efficiently.
5. References
Colleen Garton & Erika McCulloch. (2012). Fundamentals of
Technology Project Management. Chicago: MC Press.
Davis, G. (2011). IPad & iPhone administrator's guide:
enterprise deployment strategies and security solutions. New
York: McGraw-Hill.
Stein, R. J. (2009). Internet safety. New York: H.W. Wilson Co.
Running Head: ENTERPRISE RISK ASSESSMENT, AUDIT
AND CYBER LAW 1
ENTERPRISE RISK ASSESMENT, AUDIT AND CYBER LAW
3
6. Enterprise Risk Assessment, Audit
Student’s Name
Institutional Affiliation
ENTERPRISE RISK ASSESMENT, AUDIT AND CYBER LAW
Introduction
The main aim of any security plan is to eliminate the threats of
external malfeasance which always comes in the form of
information theft, hacking and other nefarious activities which
are custom made to hinder an organization’s continuous growth.
Any organization that involves itself in business, whether local
or international must find a way of preserving its wide-ranging
digital records so that they can achieve 100% data protection
(Colleen Garton & Erika McCulloch 2012).
The proactive security plan involves the development of
security policies and controls, types of security policies and
password policies and administrative responsibilities. Also there
is a provision for emergency plan in case disasters like
terrorism attacks or fire strike. These emergency plan will
prevent data loss in case these events take place. Technologies
to keep the security plan working in the event of failure include
the monitor implementation, performing off-site data back-up
and storage and back-up laptops and desktops (Davis, 2011).
The field of modern information security lay emphasis on a
multilayered approach to maintaining system integrity,
comprising the use of firewalls, cryptographic algorithms,
access regulations and other protection procedures, but giving
rise to effective blockages to deliver physical security which is
always the main priority of the enterprise risk assessment plan
(Stein, 2009).
7. References
Colleen Garton & Erika McCulloch. (2012). Fundamentals of
Technology Project Management. Chicago: MC Press.
Davis, G. (2011). IPad & iPhone administrator's guide:
enterprise deployment strategies and security solutions. New
York: McGraw-Hill.
Stein, R. J. (2009). Internet safety. New York: H.W. Wilson Co.
Running Head: BUSINESS CONTINUITY AND DISASTER
RECOVERY PLAN 1
BUSINESS CONTINUITY AND DISASTER RECOVERY
PLAN 3
Business Continuity and Disaster Recovery Plan Strategy
Student’s Name
Institutional Affiliation
BUSINESS CONTINUITY AND DISASTER RECOVERY
PLAN STRATEGY
Introduction
A disaster recovery plan is a documented procedure to recover
and protect IT infrastructure in the event of disaster. There are
different types of disasters which can be categorized into two,
8. that is, natural and man-made disasters. The organization
heavily relies on information technology to run its operations
and therefore, this disaster recovery plan will increasingly be
connected with the recovery of IT systems data, assets and
facilities (Stein, 2009).
Emergency plan and disaster response
The plan should involve the following procedures, preventive
measures, detective measures and corrective measures. The
preventive measures are a set of documented procedures to
circumvent any man-made threat to the IT systems through the
internet. Issues like hacking and threat of destruction through
natural disasters. This is done by cloud back-up where
information will be stored and nothing will be able to destroy it
there (Davis, 2011).
The corrective measure in case data is lost and it was backed up
in the cloud will be restoring it. This involves a series of
procedures that IT technicians can perform and authentication
from various organization stakeholders to authorize such an
operation. Back up will prevent the organization from not
operating in case disasters strike.
Detective measures are suitable to detect any threat that’s
impending to destroy the data. A detective measure could be
fire alarms and smoke detectors which will detect fire. The
corrective measure here will be the installation of fire
sprinklers and the triggering of the fire alarm to alert the fire
fighter (Colleen Garton & Erika McCulloch, 2012).
References
Colleen Garton & Erika McCulloch. (2012). Fundamentals of
Technology Project Management. Chicago: MC Press.
Davis, G. (2011). IPad & iPhone administrator's guide:
enterprise deployment strategies and security solutions. New
York: McGraw-Hill.
Stein, R. J. (2009). Internet safety. New York: H.W. Wilson Co.
9. Running Head: SECURITY PLAN
1
SECURITY PLAN
4
Enterprise Technical Infrastructure Security Plan
for the Organization
Name
Institution
Enterprise Technical Infrastructure Security Plan
for the Organization
Computer security focuses on the protection and privatization of
their systems and this can be found in two types: Logical
security that focuses on the protection of content and
information and physical security as applied to computers such
as the attack is not strictly the software and hardware and IT
infrastructure is fundamental to the preservation of the most
valuable asset share is information, also seeks to maintain the
confidentiality, integrity, authenticity, and availability are the
remembering data symbols representing events, situations,
conditions or information is the result of processing or
transforming data information is meaningful to the user.
Therefore, we must consider, from a formal point of view, those
factors that can ensure the continuity of a company in adverse
circumstances. This process involves the following steps:
· Scoping Phase 0: If your company has a certain organizational
or process complexity, addressing a process of continuous
improvement may involve a number of resources and an
excessive period. It is therefore advisable to start by those
departments or areas with greater importance and gradually
increase progressively continuity throughout the
organization. To do this always with the commitment and
involvement of management.
10. · Phase 1. Analysis of the organization: During this phase we
collect all the information needed to establish critical business
processes, assets that support them and what are the temporal
needs and resources.
· Phase 2. Determination of continuity strategy: Known assets
that support critical processes, we must determine whether
disaster, we will be able to recover such assets in the required
time. In cases where it does not, we must determine the various
recovery strategies.
· Phase 3. Development of a contingency response: From chosen
recovery strategies, selection and implementation of the
necessary steps is performed, and Crisis Plan and the relevant
documents for retrieval environments is documented.
· Phase 4. Testing, maintenance and review: From the
technological infrastructure of our company, develop test plans
and maintenance.
· Phase 5. Awareness: In addition to analysis and
implementation, it is necessary that both the technical staff
responsible for our company know what is and assumes the
Business Continuity Plan and what is expected of them.
References
Colleen Garton & Erika McCulloch. (2012). Fundamentals of
Technology Project Management. Chicago: MC Press.
Davis, G. (2011). IPad & iPhone administrator's guide:
enterprise deployment strategies and security solutions. New
York: McGraw-Hill.
Stein, R. J. (2009). Internet safety. New York: H.W. Wilson Co.
Running head: IMPLEMENTING IT SECURITY
MANAGEMENT
1
11. IMPLEMENTING IT SECURITY MANAGEMENT
2
Implementing IT security management
Student’s Name
University Affiliation
Proposal for implementing IT security management
In the past years, nearly all organizations have increased their
dependency on suitable secure information systems. Security
being one of the most issues that are argued about, Standards
for managing the information security and collection of the best
practice measures should be developed and established (Wood,
1999). Security concerns in information systems typically arise
from authentication and access control which include issues of
physical access as well as credential and identity management.
Virtualization is also another issue of concern as it comes with
a number of risks. The shared use of computing resources is
also another security concern.
The IT security management will come in to solve all these
problems as it will offer security controls for the users. The
system will manage the diverse data. The security management
will also offer privacy for all the data by ensuring that the right
data is viewed by the appropriate personnel. By the system
being used by many users, the risks of security will also be
high. By the fact that the network is shared, various access
controls and authentication methods will be required and this is
where the security management will come in to offer the access
controls and authentication methods for the users.
In order for organizations to function efficiently and
effectively, they need to identify and manage many activities
one of them being the issue of security. Any activity that is
using resources will require to be managed properly in order to
enable a safe transformation of inputs into outputs using
12. interrelated activities (Wilson, Mark, & Joan, 2004). The
security management is designed to offer information security
and risk assessment which is the overall process of risk
evaluation and risk analysis. It will also provide information
security risk treatment which involves the selection and
implementation of measures in order to modify risks. Controls
will now be determined in this stage.
References
Wilson, Mark, &Joan, H. (2004). “National Institute of
Standards and technology special
publication: building information technology security awareness
and training program.
Wood, C. (1999). Information security policies made easy.
Sausalito, CA: Baseline software,
Inc.
Running Head: SECURITY PLAN
1
SECURITY PLAN
3
SECURITY PLAN
I. Abstract
II. Introduction
III. Basic risk assessment
· Overview
· Identification of assets
· Identifying the types of threats and method of attack
13. IV. Proactive Security planning
· Overview and planning
· Development of security policies and controls
· Types of security policies
· Password policies and administrative responsibilities.
v. The floor plan of the target environment
· · A list of threats
· · A risk assessment for each threat
· · Current vulnerability gaps
Vi Emergency plan and disaster response for the following:
o Bomb threat
o Fire
vi. Backup and restore policies
vii. Technologies to keep the security plan working in the event
of failure
· Monitor implementation
· Perform off-site data back-up and storage
· Back-up laptops and desktops
viii. Conclusion
References
Colleen Garton & Erika McCulloch. (2012). Fundamentals of
Technology Project Management. Chicago: MC Press.
Davis, G. (2011). IPad & iPhone administrator's guide:
enterprise deployment strategies and security solutions. New
York: McGraw-Hill.
Stein, R. J. (2009). Internet safety. New York: H.W. Wilson Co.