SlideShare a Scribd company logo

IntroductionCompanies are increasingly aware of the crucial role.docx

Download as DOCX, PDF
M
mariuse18nolet

Introduction Companies are increasingly aware of the crucial role information technology plays in their success and survival. In addition, information is a corporate asset and protecting it and the associated technology, systems and services adds value to the company (Herold, 2010). Information security is aligned with and complements business goals, such as gaining new customers, increasing market share, operating more efficiently, attracting qualified employees, boosting revenues, and cutting costs (Fitzgerald, 2012). If employees at all levels of the organization do not know how to protect one of its most valuable business assets, its information, the company risks not only the damage or loss of the asset but also takes the chance of being non-compliant with the plethora of rules, regulations and laws that mandate that information be protected (Herold, 2010). By jeopardizing information and not making information security a priority, a company risks its reputation and future. Overview Not everyone is aware of the nature and scope of the unique threats and catastrophes to which IT is vulnerable. The types of incidents that could seriously impact the functioning of a company’s IT and therefore have devastating effects on business operations are: • damage, loss or denial of access to vital hardware, software, networks or facilities • Web-based Software-as-a Service failures • damage to critical providers, distributors or other third party services • contamination of crucial information • blackmail or industrial espionage • intentional intrusion • cyber-attacks on critical IT systems (Holman & Houser, 2011 ).   Information Security in DR/BC Planning Virtually all business functions rely on or utilize IT systems and services and therefore these threats may target or primarily damage IT but affect all company operations. Acknowledging that information security is a company-wide, not just an IT department priority, clarifies the need to specifically address information security in the company’s Disaster Recovery (DR) and Business Continuity Plan (BCP) (Granneman, 2015). Integrating information security with overall DR/BCM processes will help all employees recognize elements that constitute an IT-specific disaster such as a major cyber-attack or complete server failure (Cisco, 2008). It also educates employees on ways IT could be affected in company-wide catastrophes, such as fires, man-made or natural disasters (Cisco, 2008). The IT portion of the DR/BCP will pre-define the point at which service interruptions require the launch of recovery operations (Janco, 2015). In addition, it will set and clarify realistic time frames within which the company’s IT systems and levels of service can be restored (Janco, 2015). The IT systems and services recovery process will be streamlined because roles and responsibilities will have already been defined and assigned (Slater, 2015). Understanding how IT assets such as hardware, software, facilities and staff .

Education
1 of 12
Introduction Companies are increasingly aware of the crucial role information technology plays in their success and survival. In addition, information is a corporate asset and protecting it and the associated technology, systems and services adds value to the company (Herold, 2010). Information security is aligned with and complements business goals, such as gaining new customers, increasing market share, operating more efficiently, attracting qualified employees, boosting revenues, and cutting costs (Fitzgerald, 2012). If employees at all levels of the organization do not know how to protect one of its most valuable business assets, its information, the company risks not only the damage or loss of the asset but also takes the chance of being non-compliant with the plethora of rules, regulations and laws that mandate that information be protected (Herold, 2010). By jeopardizing information and not making information security a priority, a company risks its reputation and future. Overview Not everyone is aware of the nature and scope of the unique threats and catastrophes to which IT is vulnerable. The types of incidents that could seriously impact the functioning of a company’s IT and therefore have devastating effects on business operations are: • damage, loss or denial of access to vital hardware, software, networks or facilities • Web-based Software-as-a Service failures • damage to critical providers, distributors or other third party services • contamination of crucial information • blackmail or industrial espionage • intentional intrusion • cyber-attacks on critical IT systems (Holman & Houser, 2011 ).
Information Security in DR/BC Planning Virtually all business functions rely on or utilize IT systems and services and therefore these threats may target or primarily damage IT but affect all company operations. Acknowledging that information security is a company-wide, not just an IT department priority, clarifies the need to specifically address information security in the company’s Disaster Recovery (DR) and Business Continuity Plan (BCP) (Granneman, 2015). Integrating information security with overall DR/BCM processes will help all employees recognize elements that constitute an IT-specific disaster such as a major cyber-attack or complete server failure (Cisco, 2008). It also educates employees on ways IT could be affected in company-wide catastrophes, such as fires, man-made or natural disasters (Cisco, 2008). The IT portion of the DR/BCP will pre-define the point at which service interruptions require the launch of recovery operations (Janco, 2015). In addition, it will set and clarify realistic time frames within which the company’s IT systems and levels of service can be restored (Janco, 2015). The IT systems and services recovery process will be streamlined because roles and responsibilities will have already been defined and assigned (Slater, 2015). Understanding how IT assets such as hardware, software, facilities and staff will be recovered or utilized to respond to a crisis will ensure that recovery and restoration of IT systems and services are consistent with the company’s overall DR/BCP (Bailey, Brandley, & Kaplan, 2013). By having the entire organization examining IT along with the technical and operational aspects of DR/BCP, risks can be managed and damage can be mitigated (Herold, 2010). Combining coordination of response plans with clear, accessible and current IT incident response documents will ensure that every level within the company can react quickly and appropriately in a crisis (Bailey, Brandley, & Kaplan, 2013). Lastly, the organization as a whole can learn not just ways to recover from an IT incident, data breach, cyber-attack or
calamity but also ways to prevent those types of events from occurring (Bailey, Brandley, & Kaplan, 2013) The CISO The Chief Information Security Officer (CISO) reports to either the CIO or CSO and is the key IT person to “interpret regulations, establish policy, influence employee behavior and monitor for appropriate outcomes” (Engle & Guttman, 2014). She or he understands the compliance requirements and government regulations the company must follow, coordinates with multiple departments in the development of security budgets, and works with IT staff and all levels within the organization to ensure that information is being protected and security protocols are followed (Poremba, 2015). The top priority of the CISO is to protect the organization’s information and computer networks from cyber-attacks and catastrophes (Poremba, 2015). Therefore, she is the executive who will spearhead the integration of IT with the company’s DR/BCP and have ongoing responsibility for the IT DR/BCP. CISO Roles and Responsibilities for DR/BCP Planning In order to incorporate information security into the company’s DR/BCP, IT-specific incidents must be classified, causes and effects identified, probability and severity evaluated, and business impact and priority assessed and categorized (Cisco, 2008). The CISO is uniquely qualified to assess and analyze the practices and events that could affect IT infrastructure and systems and threaten important data (Bailey, Brandley & Kaplan, 2013). The end results of the CISO’s formal assessment will be details of the IT resources needed for data back-ups and hardware and software recovery (Masserini, 2015). The CISO will outline responses to cybersecurity incidents or crises that will limit damage, reduce incident response time and expense, increase stakeholder confidence and preserve business reputation (Bailey, Brandley & Kaplan, 2013). Lists of key personnel will be created and the processes for important decision making will be streamlined (Masserini, 2015). In addition, the CISO will create readily accessible
rapid-response guides for a variety of common incidents (Masserini, 2015). The CISO will develop the integration of IT into DR/BCP as a “stand-alone” strategy that is not dependent on the personnel who created it to work (CSO, 2005). The CISO can also quantify the amount of revenue that can be lost as a result of an IT-impacting event and detail the resources needed to ensure that the maximum is not exceeded (Masserini, 2015). This is essential information for the company’s overall BIA. To prepare for DR/BCP implementation, the CISO will develop cost estimates and collect pricing information that is within budget. CISO Roles and Responsibilities for DR/BCP Implementation Once the CISO specifies the resources necessary to properly respond to a variety of IT security incidents, she will work with other departments to develop and prioritize the goods, services, applications, support, staff, equipment and facilities necessary to accomplish IT DR and BCP (MyMG, 2011). When possible the CISO will “test drive” products and technologies prior to procurement (CSO, 2005). The procurement process will include the evaluation of vendor supported recovery strategies such as “hot sites” in which offsite data facilities are fully configured with commonly used IT equipment and software (ready.gov, 2012). There will also be widespread utilization of recent IT service trends such as virtualization, cloud computing, mobile computing and social networks (Slater, 2015). The CISO will research potential suppliers that can provide the required products and services according to the agreed-upon specifications (MyMG, 2011). There will be an emphasis on using standardized equipment and readily available software and systems to facilitate recovery and restoration processes and reduce costs (ready.gov, 2012). Once the CISO has determined the best value and awarded contracts and issued purchase orders, she will continue to manage the procurement process by ensuring products and
services are provided in accordance with the contract and purchase order terms (Procure Point, 2015). The CISO is best qualified and well positioned to evaluate the performance of the equipment, systems, applications and software and measure the reliability and value of the vendors and suppliers (Procure Point, 2015). CISO Roles and Responsibilities for DR/BCP Execution After the IT DR/BC plans are devised and the necessary goods and services are procured, the CISO will be ready to put the DR/BCP into action during an incident and manage recovery operations. The CISO will supervise training so that all employees know their roles and responsibilities and be prepared to provide the appropriate level of support in the IT DR/BCP (Janco, 2015). The CISO test this training by conducting realistic company-wide DR and BCP exercises to make sure all employees practice responding to a crisis (Slater, 2015). The CISO will hold postmortem examinations that objectively evaluate the company’s performance after each exercise and endeavor toward constant improvement (CSO, 2005). In addition, the CISO will form and maintain good rapport with local emergency response agencies (Slater, 2015). The CISO will constantly review and refine the IT department’s contribution to the DR/BCP. She will also stay abreast of new technology that can aid in the DR/BCP process. Best practices for implementing DR/IT Service Continuity Following are some of the best disaster recovery and IT service continuity practices: Define Disaster It is important to have clear criteria for declaring an emergency or incident that will set response and recovery processes in motion (Janco, 2015). There also need to be pre-determined processes and procedures for the allocation of resources and assignment of responsibilities and personnel (Janco, 2015). Proactively Address Issues Identify and address issues before they adversely affect the company or disrupt business operations. Potential problems and
threats need to be anticipated and thwarted before they impact the organization (Bailey, Brandley, & Kaplan, 2013). Identify Key Personnel An executive such as a CISO should have overall responsibility for implementing IT DR and BCP and integrating the plans throughout all levels of the organization (Bailey, Brandley, & Kaplan, 2013). In addition, key personnel who are crucial to response and recovery efforts should be identified along with their designated back-ups in the event they are unavailable (Slater, 2015). Establish Good Relationships The executive in charge of IT DR and BCP as well as key DR/BCP personnel should forge and maintain good working relationships with local emergency response agencies (Slater, 2015). In addition, service-level agreements and good rapport should be maintained with external IT DR/BCP providers, consultants and experts (Janco, 2015). Ensure Good Working Order Ensuring that hardware, software, systems and facilities are properly installed and configured will dramatically reduce future problems and downtime (Janco, 2015). Document, Document, Document Validate that the IT DR and BC plans are constantly evaluated, updated and easily accessible to the entire company (Slater, 2015). Conclusion Information security is an integral part of disaster recovery and business continuity planning and cannot be developed in isolation from other business processes (Slater, 2015). It requires regular communication across all levels of the organization and a subject matter expert, such as a CISO, to assess, identify and implement the best information security practices and integrate them into the company’s DR and BCP.
References Bailey, T., Brandley, J. & Kaplan, J. (2013). How good is your cyber incident-response plan? McKinsey & Company. Retrieved fromhttp://www.mckinsey.com/insights/ business_technology/how_good_is_your_cyberincident_respons e_plan Cisco. (2008).Disaster recovery: Best practices. Cisco Systems. Retrieved from http://www.cisco.com/en/US/technologies/collateral/tk869/tk76 9/white_paper_c11-453495.html CSO Contributor. (2005, March 1). Top eight best practices for I.T. disaster recovery. CSO. Retrieved from http://www.csoonline.com/article/2118026/business- continuity/top-eight-best-practices-for-i-t--disaster- recovery.html Engle, B. & Guttman, R. (2014, October 28). The evolution of the CISO role and organizational readiness. CSO. Retrieved from http://www.csoonline.com/article/2838371/security- leadership/the-evolution-of-the-ciso-role-and-organizational- readiness.html Fitzgerald, Todd. (2012). Interacting with the C-suite. In Information security governance simplified: from the boardroom to the keyboard. Retrieved from http://library.books24x7.com.ezproxy.umuc.edu/assetview er.aspx?bookid=47187 Granneman, J. (2015, February). How should organizations make a cybersecurity policy a top priority? TechTarget. Retrieved from http://searchsecurity.techtarget.com/answer/How-should- organizations-make-a-cybersecurity-policy-a-top-priority Herold, R. (2010). Managing an information security and privacy awareness and training program (2nd ed.). New York: Auerbach Publications. Retrieved from http://www.infosectoday.com/Articles/Security_Awareness _Training.htm
Holman, E. & Houser, K. (2011).ITSCM (IT service continuity management) overview: ITIL®'s IT disaster recovery and business continuity management. Share. Retrieved from https://share.confex.com/.../Session%2010043%20Continui ty%20Manag Janco. (2015). DRP and BCP best practices. Janco Associates, Inc. Retrieved from http://www.e- janco.com/DisasterPlanningBuinessContinuityBestPractices.htm Masserini, J. (2015, January 26). Business continuity planning, The CISOs secret weapon. Security Current. Retrieved fromhttp://www.securitycurrent.com/en/writers/john-j- masserini/business-continuity-planning-the-cisos-secret- weapons MyMG Team. (2011). Project procurement management: 5 steps of the process. My MG. Retrieved fromhttp://www.mymanagementguide.com/project-procurement- management/ Procure Point. (2015). Six stage process for procurement. Procure Point. Retrieved from https://www.procurepoint.nsw.gov.au/policy-and-reform/goods- and-services/six-stage-process-procurement Poremba, S. (2015, April 15). A CISO’s job description: What is a day in the life of the CISO? SunGard Blog. Retrieved fromhttp://blog.sungardas.com/2015/04/a-cisos-job-description- what-is-a-day-in-the-life-of-the-ciso/ Ready.gov. (2012). IT disaster recovery plan. Ready.gov. Retrieved from http://www.ready.gov/business/implementation/IT Slater, D. (2015, May 20). Business continuity and disaster recovery planning: The basics. CSO. Retrieved from http://www.csoonline.com/article/2118605/disaster- recovery/pandemic-preparedness-business-continuity-and- disaster-recovery-planning-the-basics.html?nsdr=true&page=2 Introduction
What is a Disaster Recovery Plan? It is a stand-alone document that “contains all procedures and detailed equipment recovery scripts, written to a level sufficient to achieve a successful recovery by technically competent IT personnel and outside contractors.” (Tipton, Nozaki, 2007). The potential for disasters, natural or malicious is a constant threat to business processes that can not be put on hold. It is clear that any disruption in services can negatively impact each of our departments. As such, it is critical that the Disaster Recovery (DR) team members have a clear understanding of the cybersecurity functions and responsibilities of the Office of the Chief Information Security Officer. The Office contains various functional areas, however this review will discuss the best practices as they apply to implementing a Disaster Recovery / IT Service Continuity plan. “Every year, thousands of businesses are affected by floods, fires, tornadoes, terrorist attacks, vandalism, and other disastrous events. The companies that survive these trauma are the ones that thought ahead, planned for the worst, estimated the possible damages that could occur, and put the necessary controls in place to protect themselves.” (Harris, 2013). Only through excellent collaboration and focused effort can the products of a disaster recovery team provide a competitive edge post disaster to capture a greater market share (Brunetto, Harris, 2001). CISO Staff Functions Overview The Chief Information Security Officer (CISO) and staff are responsible for several areas which area critical to a successful DR/BCP. These areas are Planning & Forecasting, Coordinating, Controlling, Organizing, and Directing the many moving parts in the organization that contribute to the mechanics of an effective cybersecurity program. In the Planning & Forecasting stage the CISO staff will assist team members in developing a DR/BCP planning statement which provides guidance and authority to support the project. This stage also includes conducting the business impact analysis, developing recovery strategies, contingency plans, and test and review cycles for the
DR/BCP. Forecasting specifically identifies possible changes to the DR/BCP due to the dynamic nature of the external security threat surface. In the Coordinating stage, the staff will work to ensure existing security controls and processes are carried over to the DR/BCP. Early coordination promotes early buy-in, which can address challenges across each department, streamlining processes, and leveraging scalable technology to reduce cost. The Controlling stage measures the effectiveness of the program using metrics identified in the Planning stage. An example would be scheduled audits to ensure access controls have been implemented at a Continuity of Operations site in accordance with the company's cybersecurity strategy. Finally Directing, is the CSO’s responsibility which gives security direction the the team ensuring unified security efforts, in line with the organization's strategic goals. Best Practices As every company is different, each of their Disaster Recovery/Business Continuity Plans will be different. However, there are common practices among successful plans. A “DR program with strong governance tends to be resilient” (Klaus, Walch, 2012). Information Systems Audit and Control Association (ISACA) describes three tiers of a DR program. The first and single most important practice is, incorporating IT Governance Frameworks such as CobiT (Control Objectives for Information and related Technology), published by ITGI, and ITIL (Information Organization for Standardization Technology Infrastructure Library) published by the UK government, and ISO/IEC 27002 (International Standards Organization) into your DR/BCP. The second and third are IT “Management” and “Technical Operations of Disaster Recovery Infrastructure” (Klaus, Walch, 2012). Although both CobiT and ITIL provide best practice guidance, CobiT is used to provide a higher level governance framework while ITIL’s framework defines service management aspects. Kozina (2009). In addition to these management and process frameworks, ISO 27002 provides an
access control security framework of best practices. It focuses on improving information security through areas such as asset, operations, compliance and organizational security management. When integrating these frameworks into a DR/BCP the first step is “Tailoring”. This is a dynamic process that begins during the “Planning & forecasting” and is where each organization applies specific framework standards and practices based on their individual requirements. Although the CISO is the single point of developing a DR/BCP, there are many interdepartmental dependencies that can make implementations costly if not organized properly. As such, the second best practice is “Prioritizing” which is a critical process through each of the CISO functions, especially in the “Coordinating” stage. The C suite involvement and buy-in is imperative at this point. The organization needs an effective and realistic plan based on resources and skill levels, otherwise the plan risks becoming shelf ware. Third is an effective information campaign that aims at creating a common language supporting CobiT, ITIL, and ISO 27002. “Regardless of methodology, the goal of IT Governance is to improve an organization's competitive advantage, optimize operation and mitigate tasks.” (Orakzai, 2014). References Brunetto, G., & Harris, N. L. (2001). Disaster recovery. How will your company survive?. Strategic Finance, 82(9), 57-61. Harris, Shon. (2013). Cissp all-in-one exam guide, sixth edition. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?book id=50527. Klaus, J., & Walch, D. (2012). JOnline: A Strategic Framework for IT Disaster Recovery Assessments . ISACA JournalOnline,6(12), 1-1. Kozina, M. (2009). COBIT - ITIL mapping for business process continuity management. Proceedings of the 20th Central European Conference on Information and Intelligent Systems,
113-119. Orakzai, T. (2014). COBIT, ITIL and ISO 27002 Alignment for information security governance in modern organisations. SSRN Electronic Journal SSRN Journal. Tipton, H., & Nozaki, M. (2007). Contingency planning best practices and program maturity. In Information Security Management Handbook (6th ed., Vol. 1, p. 431). Hoboken, NJ: CRC Press. University of Maryland University College. (2015). Module 02: Organizations and their security programs. InCybersecurity in Business and Industry: Summer 2015 [Class lecture slide]. Retrieved from https://learn.umuc.edu/

Recommended

Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
subramanian K
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
jackiewalcutt
 
Health Information Governance Analysis
Health Information Governance AnalysisHealth Information Governance Analysis
Health Information Governance Analysis
Katy Allen
 
Business Operation
Business OperationBusiness Operation
Business Operation
TimothyNdakalu
 
A Model Supporting Business Continuity Auditing And Planning In Information S...
A Model Supporting Business Continuity Auditing And Planning In Information S...A Model Supporting Business Continuity Auditing And Planning In Information S...
A Model Supporting Business Continuity Auditing And Planning In Information S...
Cynthia King
 
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Citrix Online
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 
Securing Cloud Computing Through IT Governance
Securing Cloud Computing Through IT GovernanceSecuring Cloud Computing Through IT Governance
Securing Cloud Computing Through IT Governance
ITIIIndustries
 

Recommended

Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
subramanian K
 
1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx1. Sean WroteThe first and most critical success factor is effe.docx
1. Sean WroteThe first and most critical success factor is effe.docx
jackiewalcutt
 
Health Information Governance Analysis
Health Information Governance AnalysisHealth Information Governance Analysis
Health Information Governance Analysis
Katy Allen
 
Business Operation
Business OperationBusiness Operation
Business Operation
TimothyNdakalu
 
A Model Supporting Business Continuity Auditing And Planning In Information S...
A Model Supporting Business Continuity Auditing And Planning In Information S...A Model Supporting Business Continuity Auditing And Planning In Information S...
A Model Supporting Business Continuity Auditing And Planning In Information S...
Cynthia King
 
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Citrix Online
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 
Securing Cloud Computing Through IT Governance
Securing Cloud Computing Through IT GovernanceSecuring Cloud Computing Through IT Governance
Securing Cloud Computing Through IT Governance
ITIIIndustries
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
LizbethQuinonez813
 
Discussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docxDiscussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docx
cuddietheresa
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
eugeniadean34240
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
Mike McMillan
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
jeffsrosalyn
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
elinoraudley582231
 
8 b alexandersetchin
8 b alexandersetchin8 b alexandersetchin
8 b alexandersetchin
Trabalistra Bagaz
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
Sridhar Karnam
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance framework
Ming-Chang (Bright) Wu
 
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)
Maurice Dawson
 
Innovation – Success or Catastrophe?
Innovation – Success or Catastrophe?Innovation – Success or Catastrophe?
Innovation – Success or Catastrophe?
infosistema
 
CIO Support Services Framework Part I of II - Andy Blumenthal
CIO Support Services Framework Part I of II - Andy BlumenthalCIO Support Services Framework Part I of II - Andy Blumenthal
CIO Support Services Framework Part I of II - Andy Blumenthal
Andy (Avraham) Blumenthal
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
IJNSA Journal
 
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docxCOMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
mccormicknadine86
 
Discussion 1Improving Risk Management Capabilities        To .docx
Discussion 1Improving Risk Management Capabilities        To .docxDiscussion 1Improving Risk Management Capabilities        To .docx
Discussion 1Improving Risk Management Capabilities        To .docx
charlieppalmer35273
 
Perceived significance of information security governance to predict the info...
Perceived significance of information security governance to predict the info...Perceived significance of information security governance to predict the info...
Perceived significance of information security governance to predict the info...
Irfaan Bahadoor
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
AISHA232980
 
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docxIRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
mariuse18nolet
 
Ironwood Company manufactures cast-iron barbeque cookware. During .docx
Ironwood Company manufactures cast-iron barbeque cookware. During .docxIronwood Company manufactures cast-iron barbeque cookware. During .docx
Ironwood Company manufactures cast-iron barbeque cookware. During .docx
mariuse18nolet
 
IRM 3305 Risk Management Theory and PracticeGroup Project.docx
IRM 3305 Risk Management Theory and PracticeGroup Project.docxIRM 3305 Risk Management Theory and PracticeGroup Project.docx
IRM 3305 Risk Management Theory and PracticeGroup Project.docx
mariuse18nolet
 
Iranian Women and GenderRelations in Los AngelesNAYEREH .docx
Iranian Women and GenderRelations in Los AngelesNAYEREH .docxIranian Women and GenderRelations in Los AngelesNAYEREH .docx
Iranian Women and GenderRelations in Los AngelesNAYEREH .docx
mariuse18nolet
 

More Related Content

Similar to IntroductionCompanies are increasingly aware of the crucial role.docx

Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
LizbethQuinonez813
 
Discussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docxDiscussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docx
cuddietheresa
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
eugeniadean34240
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
jeffsrosalyn
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
elinoraudley582231
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
Sridhar Karnam
 
CIO Support Services Framework Part I of II - Andy Blumenthal
CIO Support Services Framework Part I of II - Andy BlumenthalCIO Support Services Framework Part I of II - Andy Blumenthal
CIO Support Services Framework Part I of II - Andy Blumenthal
Andy (Avraham) Blumenthal
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
IJNSA Journal
 
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docxCOMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
mccormicknadine86
 
Discussion 1Improving Risk Management Capabilities        To .docx
Discussion 1Improving Risk Management Capabilities        To .docxDiscussion 1Improving Risk Management Capabilities        To .docx
Discussion 1Improving Risk Management Capabilities        To .docx
charlieppalmer35273
 
Perceived significance of information security governance to predict the info...
Perceived significance of information security governance to predict the info...Perceived significance of information security governance to predict the info...
Perceived significance of information security governance to predict the info...
Irfaan Bahadoor
 

Similar to IntroductionCompanies are increasingly aware of the crucial role.docx (18)

Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
 
Discussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docxDiscussion 1 Importance of Technology Security EducationToday t.docx
Discussion 1 Importance of Technology Security EducationToday t.docx
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
8 b alexandersetchin
8 b alexandersetchin8 b alexandersetchin
8 b alexandersetchin
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance framework
 
Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)Emerging Need of a Chief Information Security Officer (CISO)
Emerging Need of a Chief Information Security Officer (CISO)
 
Innovation – Success or Catastrophe?
Innovation – Success or Catastrophe?Innovation – Success or Catastrophe?
Innovation – Success or Catastrophe?
 
CIO Support Services Framework Part I of II - Andy Blumenthal
CIO Support Services Framework Part I of II - Andy BlumenthalCIO Support Services Framework Part I of II - Andy Blumenthal
CIO Support Services Framework Part I of II - Andy Blumenthal
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docxCOMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
COMMONALITY AND DIVERSITY OF OPERATING SYSTEMS .docx
 
Discussion 1Improving Risk Management Capabilities        To .docx
Discussion 1Improving Risk Management Capabilities        To .docxDiscussion 1Improving Risk Management Capabilities        To .docx
Discussion 1Improving Risk Management Capabilities        To .docx
 
Perceived significance of information security governance to predict the info...
Perceived significance of information security governance to predict the info...Perceived significance of information security governance to predict the info...
Perceived significance of information security governance to predict the info...
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 

More from mariuse18nolet

IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docxIRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
mariuse18nolet
 
Ironwood Company manufactures cast-iron barbeque cookware. During .docx
Ironwood Company manufactures cast-iron barbeque cookware. During .docxIronwood Company manufactures cast-iron barbeque cookware. During .docx
Ironwood Company manufactures cast-iron barbeque cookware. During .docx
mariuse18nolet
 
IRM 3305 Risk Management Theory and PracticeGroup Project.docx
IRM 3305 Risk Management Theory and PracticeGroup Project.docxIRM 3305 Risk Management Theory and PracticeGroup Project.docx
IRM 3305 Risk Management Theory and PracticeGroup Project.docx
mariuse18nolet
 
Iranian Women and GenderRelations in Los AngelesNAYEREH .docx
Iranian Women and GenderRelations in Los AngelesNAYEREH .docxIranian Women and GenderRelations in Los AngelesNAYEREH .docx
Iranian Women and GenderRelations in Los AngelesNAYEREH .docx
mariuse18nolet
 
IRB HANDBOOK IRB A-Z Handbook E.docx
IRB HANDBOOK IRB A-Z Handbook E.docxIRB HANDBOOK IRB A-Z Handbook E.docx
IRB HANDBOOK IRB A-Z Handbook E.docx
mariuse18nolet
 
IQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docx
IQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docxIQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docx
IQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docx
mariuse18nolet
 
iPython 2For Beginners OnlyVersion 1.0Matthew .docx
iPython 2For Beginners OnlyVersion 1.0Matthew .docxiPython 2For Beginners OnlyVersion 1.0Matthew .docx
iPython 2For Beginners OnlyVersion 1.0Matthew .docx
mariuse18nolet
 
Iranian Journal of Military Medicine Spring 2011, Volume 13, .docx
Iranian Journal of Military Medicine Spring 2011, Volume 13, .docxIranian Journal of Military Medicine Spring 2011, Volume 13, .docx
Iranian Journal of Military Medicine Spring 2011, Volume 13, .docx
mariuse18nolet
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
mariuse18nolet
 
IP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docx
IP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docxIP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docx
IP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docx
mariuse18nolet
 
IranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docx
IranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docxIranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docx
IranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docx
mariuse18nolet
 
ipopulation monitoring in radiation emergencies a gui.docx
ipopulation monitoring in radiation emergencies a gui.docxipopulation monitoring in radiation emergencies a gui.docx
ipopulation monitoring in radiation emergencies a gui.docx
mariuse18nolet
 
In Innovation as Usual How to Help Your People Bring Great Ideas .docx
In Innovation as Usual How to Help Your People Bring Great Ideas .docxIn Innovation as Usual How to Help Your People Bring Great Ideas .docx
In Innovation as Usual How to Help Your People Bring Great Ideas .docx
mariuse18nolet
 
Investor’s Business Daily – Investors.comBloomberg Business – Blo.docx
Investor’s Business Daily – Investors.comBloomberg Business – Blo.docxInvestor’s Business Daily – Investors.comBloomberg Business – Blo.docx
Investor’s Business Daily – Investors.comBloomberg Business – Blo.docx
mariuse18nolet
 
Invitation to Public Speaking, Fifth EditionChapter 8 Introdu.docx
Invitation to Public Speaking, Fifth EditionChapter 8 Introdu.docxInvitation to Public Speaking, Fifth EditionChapter 8 Introdu.docx
Invitation to Public Speaking, Fifth EditionChapter 8 Introdu.docx
mariuse18nolet
 
Invitation to the Life SpanRead chapters 13 and 14.Objectives.docx
Invitation to the Life SpanRead chapters 13 and 14.Objectives.docxInvitation to the Life SpanRead chapters 13 and 14.Objectives.docx
Invitation to the Life SpanRead chapters 13 and 14.Objectives.docx
mariuse18nolet
 
IOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docx
IOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docxIOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docx
IOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docx
mariuse18nolet
 
INVITATION TO Computer Science 1 1 Chapter 17 Making .docx
INVITATION TO Computer Science 1 1 Chapter 17 Making .docxINVITATION TO Computer Science 1 1 Chapter 17 Making .docx
INVITATION TO Computer Science 1 1 Chapter 17 Making .docx
mariuse18nolet
 
Investment Analysis & Portfolio Management AD 717 OLHomework E.docx
Investment Analysis & Portfolio Management AD 717 OLHomework E.docxInvestment Analysis & Portfolio Management AD 717 OLHomework E.docx
Investment Analysis & Portfolio Management AD 717 OLHomework E.docx
mariuse18nolet
 
Investment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docx
Investment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docxInvestment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docx
Investment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docx
mariuse18nolet
 

More from mariuse18nolet (20)

IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docxIRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
IRM 3305 Risk Management Theory and PracticeFall 2014Proje.docx
 
Ironwood Company manufactures cast-iron barbeque cookware. During .docx
Ironwood Company manufactures cast-iron barbeque cookware. During .docxIronwood Company manufactures cast-iron barbeque cookware. During .docx
Ironwood Company manufactures cast-iron barbeque cookware. During .docx
 
IRM 3305 Risk Management Theory and PracticeGroup Project.docx
IRM 3305 Risk Management Theory and PracticeGroup Project.docxIRM 3305 Risk Management Theory and PracticeGroup Project.docx
IRM 3305 Risk Management Theory and PracticeGroup Project.docx
 
Iranian Women and GenderRelations in Los AngelesNAYEREH .docx
Iranian Women and GenderRelations in Los AngelesNAYEREH .docxIranian Women and GenderRelations in Los AngelesNAYEREH .docx
Iranian Women and GenderRelations in Los AngelesNAYEREH .docx
 
IRB HANDBOOK IRB A-Z Handbook E.docx
IRB HANDBOOK IRB A-Z Handbook E.docxIRB HANDBOOK IRB A-Z Handbook E.docx
IRB HANDBOOK IRB A-Z Handbook E.docx
 
IQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docx
IQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docxIQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docx
IQuiz # II-Emerson QuizGeneral For Emerson, truth (or.docx
 
iPython 2For Beginners OnlyVersion 1.0Matthew .docx
iPython 2For Beginners OnlyVersion 1.0Matthew .docxiPython 2For Beginners OnlyVersion 1.0Matthew .docx
iPython 2For Beginners OnlyVersion 1.0Matthew .docx
 
Iranian Journal of Military Medicine Spring 2011, Volume 13, .docx
Iranian Journal of Military Medicine Spring 2011, Volume 13, .docxIranian Journal of Military Medicine Spring 2011, Volume 13, .docx
Iranian Journal of Military Medicine Spring 2011, Volume 13, .docx
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
IP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docx
IP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docxIP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docx
IP Subnet Design Project- ONLY QUALITY ASSIGNMENTS AND 0 PLAG.docx
 
IranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docx
IranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docxIranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docx
IranAyatollahTheocracyTwelver ShiismVilayat-e Faghih (jur.docx
 
ipopulation monitoring in radiation emergencies a gui.docx
ipopulation monitoring in radiation emergencies a gui.docxipopulation monitoring in radiation emergencies a gui.docx
ipopulation monitoring in radiation emergencies a gui.docx
 
In Innovation as Usual How to Help Your People Bring Great Ideas .docx
In Innovation as Usual How to Help Your People Bring Great Ideas .docxIn Innovation as Usual How to Help Your People Bring Great Ideas .docx
In Innovation as Usual How to Help Your People Bring Great Ideas .docx
 
Investor’s Business Daily – Investors.comBloomberg Business – Blo.docx
Investor’s Business Daily – Investors.comBloomberg Business – Blo.docxInvestor’s Business Daily – Investors.comBloomberg Business – Blo.docx
Investor’s Business Daily – Investors.comBloomberg Business – Blo.docx
 
Invitation to Public Speaking, Fifth EditionChapter 8 Introdu.docx
Invitation to Public Speaking, Fifth EditionChapter 8 Introdu.docxInvitation to Public Speaking, Fifth EditionChapter 8 Introdu.docx
Invitation to Public Speaking, Fifth EditionChapter 8 Introdu.docx
 
Invitation to the Life SpanRead chapters 13 and 14.Objectives.docx
Invitation to the Life SpanRead chapters 13 and 14.Objectives.docxInvitation to the Life SpanRead chapters 13 and 14.Objectives.docx
Invitation to the Life SpanRead chapters 13 and 14.Objectives.docx
 
IOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docx
IOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docxIOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docx
IOBOARD Week 2 Lab BPage 2 of 4Name _________________ Gr.docx
 
INVITATION TO Computer Science 1 1 Chapter 17 Making .docx
INVITATION TO Computer Science 1 1 Chapter 17 Making .docxINVITATION TO Computer Science 1 1 Chapter 17 Making .docx
INVITATION TO Computer Science 1 1 Chapter 17 Making .docx
 
Investment Analysis & Portfolio Management AD 717 OLHomework E.docx
Investment Analysis & Portfolio Management AD 717 OLHomework E.docxInvestment Analysis & Portfolio Management AD 717 OLHomework E.docx
Investment Analysis & Portfolio Management AD 717 OLHomework E.docx
 
Investment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docx
Investment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docxInvestment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docx
Investment BAFI 1042 Kevin Dorr 3195598 GOODMAN .docx
 

Recently uploaded

Recently uploaded (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

IntroductionCompanies are increasingly aware of the crucial role.docx

  • 1. Introduction Companies are increasingly aware of the crucial role information technology plays in their success and survival. In addition, information is a corporate asset and protecting it and the associated technology, systems and services adds value to the company (Herold, 2010). Information security is aligned with and complements business goals, such as gaining new customers, increasing market share, operating more efficiently, attracting qualified employees, boosting revenues, and cutting costs (Fitzgerald, 2012). If employees at all levels of the organization do not know how to protect one of its most valuable business assets, its information, the company risks not only the damage or loss of the asset but also takes the chance of being non-compliant with the plethora of rules, regulations and laws that mandate that information be protected (Herold, 2010). By jeopardizing information and not making information security a priority, a company risks its reputation and future. Overview Not everyone is aware of the nature and scope of the unique threats and catastrophes to which IT is vulnerable. The types of incidents that could seriously impact the functioning of a company’s IT and therefore have devastating effects on business operations are: • damage, loss or denial of access to vital hardware, software, networks or facilities • Web-based Software-as-a Service failures • damage to critical providers, distributors or other third party services • contamination of crucial information • blackmail or industrial espionage • intentional intrusion • cyber-attacks on critical IT systems (Holman & Houser, 2011 ).
  • 2. Information Security in DR/BC Planning Virtually all business functions rely on or utilize IT systems and services and therefore these threats may target or primarily damage IT but affect all company operations. Acknowledging that information security is a company-wide, not just an IT department priority, clarifies the need to specifically address information security in the company’s Disaster Recovery (DR) and Business Continuity Plan (BCP) (Granneman, 2015). Integrating information security with overall DR/BCM processes will help all employees recognize elements that constitute an IT-specific disaster such as a major cyber-attack or complete server failure (Cisco, 2008). It also educates employees on ways IT could be affected in company-wide catastrophes, such as fires, man-made or natural disasters (Cisco, 2008). The IT portion of the DR/BCP will pre-define the point at which service interruptions require the launch of recovery operations (Janco, 2015). In addition, it will set and clarify realistic time frames within which the company’s IT systems and levels of service can be restored (Janco, 2015). The IT systems and services recovery process will be streamlined because roles and responsibilities will have already been defined and assigned (Slater, 2015). Understanding how IT assets such as hardware, software, facilities and staff will be recovered or utilized to respond to a crisis will ensure that recovery and restoration of IT systems and services are consistent with the company’s overall DR/BCP (Bailey, Brandley, & Kaplan, 2013). By having the entire organization examining IT along with the technical and operational aspects of DR/BCP, risks can be managed and damage can be mitigated (Herold, 2010). Combining coordination of response plans with clear, accessible and current IT incident response documents will ensure that every level within the company can react quickly and appropriately in a crisis (Bailey, Brandley, & Kaplan, 2013). Lastly, the organization as a whole can learn not just ways to recover from an IT incident, data breach, cyber-attack or
  • 3. calamity but also ways to prevent those types of events from occurring (Bailey, Brandley, & Kaplan, 2013) The CISO The Chief Information Security Officer (CISO) reports to either the CIO or CSO and is the key IT person to “interpret regulations, establish policy, influence employee behavior and monitor for appropriate outcomes” (Engle & Guttman, 2014). She or he understands the compliance requirements and government regulations the company must follow, coordinates with multiple departments in the development of security budgets, and works with IT staff and all levels within the organization to ensure that information is being protected and security protocols are followed (Poremba, 2015). The top priority of the CISO is to protect the organization’s information and computer networks from cyber-attacks and catastrophes (Poremba, 2015). Therefore, she is the executive who will spearhead the integration of IT with the company’s DR/BCP and have ongoing responsibility for the IT DR/BCP. CISO Roles and Responsibilities for DR/BCP Planning In order to incorporate information security into the company’s DR/BCP, IT-specific incidents must be classified, causes and effects identified, probability and severity evaluated, and business impact and priority assessed and categorized (Cisco, 2008). The CISO is uniquely qualified to assess and analyze the practices and events that could affect IT infrastructure and systems and threaten important data (Bailey, Brandley & Kaplan, 2013). The end results of the CISO’s formal assessment will be details of the IT resources needed for data back-ups and hardware and software recovery (Masserini, 2015). The CISO will outline responses to cybersecurity incidents or crises that will limit damage, reduce incident response time and expense, increase stakeholder confidence and preserve business reputation (Bailey, Brandley & Kaplan, 2013). Lists of key personnel will be created and the processes for important decision making will be streamlined (Masserini, 2015). In addition, the CISO will create readily accessible
  • 4. rapid-response guides for a variety of common incidents (Masserini, 2015). The CISO will develop the integration of IT into DR/BCP as a “stand-alone” strategy that is not dependent on the personnel who created it to work (CSO, 2005). The CISO can also quantify the amount of revenue that can be lost as a result of an IT-impacting event and detail the resources needed to ensure that the maximum is not exceeded (Masserini, 2015). This is essential information for the company’s overall BIA. To prepare for DR/BCP implementation, the CISO will develop cost estimates and collect pricing information that is within budget. CISO Roles and Responsibilities for DR/BCP Implementation Once the CISO specifies the resources necessary to properly respond to a variety of IT security incidents, she will work with other departments to develop and prioritize the goods, services, applications, support, staff, equipment and facilities necessary to accomplish IT DR and BCP (MyMG, 2011). When possible the CISO will “test drive” products and technologies prior to procurement (CSO, 2005). The procurement process will include the evaluation of vendor supported recovery strategies such as “hot sites” in which offsite data facilities are fully configured with commonly used IT equipment and software (ready.gov, 2012). There will also be widespread utilization of recent IT service trends such as virtualization, cloud computing, mobile computing and social networks (Slater, 2015). The CISO will research potential suppliers that can provide the required products and services according to the agreed-upon specifications (MyMG, 2011). There will be an emphasis on using standardized equipment and readily available software and systems to facilitate recovery and restoration processes and reduce costs (ready.gov, 2012). Once the CISO has determined the best value and awarded contracts and issued purchase orders, she will continue to manage the procurement process by ensuring products and
  • 5. services are provided in accordance with the contract and purchase order terms (Procure Point, 2015). The CISO is best qualified and well positioned to evaluate the performance of the equipment, systems, applications and software and measure the reliability and value of the vendors and suppliers (Procure Point, 2015). CISO Roles and Responsibilities for DR/BCP Execution After the IT DR/BC plans are devised and the necessary goods and services are procured, the CISO will be ready to put the DR/BCP into action during an incident and manage recovery operations. The CISO will supervise training so that all employees know their roles and responsibilities and be prepared to provide the appropriate level of support in the IT DR/BCP (Janco, 2015). The CISO test this training by conducting realistic company-wide DR and BCP exercises to make sure all employees practice responding to a crisis (Slater, 2015). The CISO will hold postmortem examinations that objectively evaluate the company’s performance after each exercise and endeavor toward constant improvement (CSO, 2005). In addition, the CISO will form and maintain good rapport with local emergency response agencies (Slater, 2015). The CISO will constantly review and refine the IT department’s contribution to the DR/BCP. She will also stay abreast of new technology that can aid in the DR/BCP process. Best practices for implementing DR/IT Service Continuity Following are some of the best disaster recovery and IT service continuity practices: Define Disaster It is important to have clear criteria for declaring an emergency or incident that will set response and recovery processes in motion (Janco, 2015). There also need to be pre-determined processes and procedures for the allocation of resources and assignment of responsibilities and personnel (Janco, 2015). Proactively Address Issues Identify and address issues before they adversely affect the company or disrupt business operations. Potential problems and
  • 6. threats need to be anticipated and thwarted before they impact the organization (Bailey, Brandley, & Kaplan, 2013). Identify Key Personnel An executive such as a CISO should have overall responsibility for implementing IT DR and BCP and integrating the plans throughout all levels of the organization (Bailey, Brandley, & Kaplan, 2013). In addition, key personnel who are crucial to response and recovery efforts should be identified along with their designated back-ups in the event they are unavailable (Slater, 2015). Establish Good Relationships The executive in charge of IT DR and BCP as well as key DR/BCP personnel should forge and maintain good working relationships with local emergency response agencies (Slater, 2015). In addition, service-level agreements and good rapport should be maintained with external IT DR/BCP providers, consultants and experts (Janco, 2015). Ensure Good Working Order Ensuring that hardware, software, systems and facilities are properly installed and configured will dramatically reduce future problems and downtime (Janco, 2015). Document, Document, Document Validate that the IT DR and BC plans are constantly evaluated, updated and easily accessible to the entire company (Slater, 2015). Conclusion Information security is an integral part of disaster recovery and business continuity planning and cannot be developed in isolation from other business processes (Slater, 2015). It requires regular communication across all levels of the organization and a subject matter expert, such as a CISO, to assess, identify and implement the best information security practices and integrate them into the company’s DR and BCP.
  • 7. References Bailey, T., Brandley, J. & Kaplan, J. (2013). How good is your cyber incident-response plan? McKinsey & Company. Retrieved fromhttp://www.mckinsey.com/insights/ business_technology/how_good_is_your_cyberincident_respons e_plan Cisco. (2008).Disaster recovery: Best practices. Cisco Systems. Retrieved from http://www.cisco.com/en/US/technologies/collateral/tk869/tk76 9/white_paper_c11-453495.html CSO Contributor. (2005, March 1). Top eight best practices for I.T. disaster recovery. CSO. Retrieved from http://www.csoonline.com/article/2118026/business- continuity/top-eight-best-practices-for-i-t--disaster- recovery.html Engle, B. & Guttman, R. (2014, October 28). The evolution of the CISO role and organizational readiness. CSO. Retrieved from http://www.csoonline.com/article/2838371/security- leadership/the-evolution-of-the-ciso-role-and-organizational- readiness.html Fitzgerald, Todd. (2012). Interacting with the C-suite. In Information security governance simplified: from the boardroom to the keyboard. Retrieved from http://library.books24x7.com.ezproxy.umuc.edu/assetview er.aspx?bookid=47187 Granneman, J. (2015, February). How should organizations make a cybersecurity policy a top priority? TechTarget. Retrieved from http://searchsecurity.techtarget.com/answer/How-should- organizations-make-a-cybersecurity-policy-a-top-priority Herold, R. (2010). Managing an information security and privacy awareness and training program (2nd ed.). New York: Auerbach Publications. Retrieved from http://www.infosectoday.com/Articles/Security_Awareness _Training.htm
  • 8. Holman, E. & Houser, K. (2011).ITSCM (IT service continuity management) overview: ITIL®'s IT disaster recovery and business continuity management. Share. Retrieved from https://share.confex.com/.../Session%2010043%20Continui ty%20Manag Janco. (2015). DRP and BCP best practices. Janco Associates, Inc. Retrieved from http://www.e- janco.com/DisasterPlanningBuinessContinuityBestPractices.htm Masserini, J. (2015, January 26). Business continuity planning, The CISOs secret weapon. Security Current. Retrieved fromhttp://www.securitycurrent.com/en/writers/john-j- masserini/business-continuity-planning-the-cisos-secret- weapons MyMG Team. (2011). Project procurement management: 5 steps of the process. My MG. Retrieved fromhttp://www.mymanagementguide.com/project-procurement- management/ Procure Point. (2015). Six stage process for procurement. Procure Point. Retrieved from https://www.procurepoint.nsw.gov.au/policy-and-reform/goods- and-services/six-stage-process-procurement Poremba, S. (2015, April 15). A CISO’s job description: What is a day in the life of the CISO? SunGard Blog. Retrieved fromhttp://blog.sungardas.com/2015/04/a-cisos-job-description- what-is-a-day-in-the-life-of-the-ciso/ Ready.gov. (2012). IT disaster recovery plan. Ready.gov. Retrieved from http://www.ready.gov/business/implementation/IT Slater, D. (2015, May 20). Business continuity and disaster recovery planning: The basics. CSO. Retrieved from http://www.csoonline.com/article/2118605/disaster- recovery/pandemic-preparedness-business-continuity-and- disaster-recovery-planning-the-basics.html?nsdr=true&page=2 Introduction
  • 9. What is a Disaster Recovery Plan? It is a stand-alone document that “contains all procedures and detailed equipment recovery scripts, written to a level sufficient to achieve a successful recovery by technically competent IT personnel and outside contractors.” (Tipton, Nozaki, 2007). The potential for disasters, natural or malicious is a constant threat to business processes that can not be put on hold. It is clear that any disruption in services can negatively impact each of our departments. As such, it is critical that the Disaster Recovery (DR) team members have a clear understanding of the cybersecurity functions and responsibilities of the Office of the Chief Information Security Officer. The Office contains various functional areas, however this review will discuss the best practices as they apply to implementing a Disaster Recovery / IT Service Continuity plan. “Every year, thousands of businesses are affected by floods, fires, tornadoes, terrorist attacks, vandalism, and other disastrous events. The companies that survive these trauma are the ones that thought ahead, planned for the worst, estimated the possible damages that could occur, and put the necessary controls in place to protect themselves.” (Harris, 2013). Only through excellent collaboration and focused effort can the products of a disaster recovery team provide a competitive edge post disaster to capture a greater market share (Brunetto, Harris, 2001). CISO Staff Functions Overview The Chief Information Security Officer (CISO) and staff are responsible for several areas which area critical to a successful DR/BCP. These areas are Planning & Forecasting, Coordinating, Controlling, Organizing, and Directing the many moving parts in the organization that contribute to the mechanics of an effective cybersecurity program. In the Planning & Forecasting stage the CISO staff will assist team members in developing a DR/BCP planning statement which provides guidance and authority to support the project. This stage also includes conducting the business impact analysis, developing recovery strategies, contingency plans, and test and review cycles for the
  • 10. DR/BCP. Forecasting specifically identifies possible changes to the DR/BCP due to the dynamic nature of the external security threat surface. In the Coordinating stage, the staff will work to ensure existing security controls and processes are carried over to the DR/BCP. Early coordination promotes early buy-in, which can address challenges across each department, streamlining processes, and leveraging scalable technology to reduce cost. The Controlling stage measures the effectiveness of the program using metrics identified in the Planning stage. An example would be scheduled audits to ensure access controls have been implemented at a Continuity of Operations site in accordance with the company's cybersecurity strategy. Finally Directing, is the CSO’s responsibility which gives security direction the the team ensuring unified security efforts, in line with the organization's strategic goals. Best Practices As every company is different, each of their Disaster Recovery/Business Continuity Plans will be different. However, there are common practices among successful plans. A “DR program with strong governance tends to be resilient” (Klaus, Walch, 2012). Information Systems Audit and Control Association (ISACA) describes three tiers of a DR program. The first and single most important practice is, incorporating IT Governance Frameworks such as CobiT (Control Objectives for Information and related Technology), published by ITGI, and ITIL (Information Organization for Standardization Technology Infrastructure Library) published by the UK government, and ISO/IEC 27002 (International Standards Organization) into your DR/BCP. The second and third are IT “Management” and “Technical Operations of Disaster Recovery Infrastructure” (Klaus, Walch, 2012). Although both CobiT and ITIL provide best practice guidance, CobiT is used to provide a higher level governance framework while ITIL’s framework defines service management aspects. Kozina (2009). In addition to these management and process frameworks, ISO 27002 provides an
  • 11. access control security framework of best practices. It focuses on improving information security through areas such as asset, operations, compliance and organizational security management. When integrating these frameworks into a DR/BCP the first step is “Tailoring”. This is a dynamic process that begins during the “Planning & forecasting” and is where each organization applies specific framework standards and practices based on their individual requirements. Although the CISO is the single point of developing a DR/BCP, there are many interdepartmental dependencies that can make implementations costly if not organized properly. As such, the second best practice is “Prioritizing” which is a critical process through each of the CISO functions, especially in the “Coordinating” stage. The C suite involvement and buy-in is imperative at this point. The organization needs an effective and realistic plan based on resources and skill levels, otherwise the plan risks becoming shelf ware. Third is an effective information campaign that aims at creating a common language supporting CobiT, ITIL, and ISO 27002. “Regardless of methodology, the goal of IT Governance is to improve an organization's competitive advantage, optimize operation and mitigate tasks.” (Orakzai, 2014). References Brunetto, G., & Harris, N. L. (2001). Disaster recovery. How will your company survive?. Strategic Finance, 82(9), 57-61. Harris, Shon. (2013). Cissp all-in-one exam guide, sixth edition. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?book id=50527. Klaus, J., & Walch, D. (2012). JOnline: A Strategic Framework for IT Disaster Recovery Assessments . ISACA JournalOnline,6(12), 1-1. Kozina, M. (2009). COBIT - ITIL mapping for business process continuity management. Proceedings of the 20th Central European Conference on Information and Intelligent Systems,
  • 12. 113-119. Orakzai, T. (2014). COBIT, ITIL and ISO 27002 Alignment for information security governance in modern organisations. SSRN Electronic Journal SSRN Journal. Tipton, H., & Nozaki, M. (2007). Contingency planning best practices and program maturity. In Information Security Management Handbook (6th ed., Vol. 1, p. 431). Hoboken, NJ: CRC Press. University of Maryland University College. (2015). Module 02: Organizations and their security programs. InCybersecurity in Business and Industry: Summer 2015 [Class lecture slide]. Retrieved from https://learn.umuc.edu/