SlideShare a Scribd company logo

Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx

Download as DOCX, PDF
A
alfred4lewis58146

Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 2016 Running head: IT Security Policy Outline 1 10 Running head: BASIC PAPER TEMPLATE Introduction An it security policy is a strategy developed by an organization or an enterprise to protect and maintain network and resources (Bowden, 2003). It is very important that organization create a well-written policy that is geared towards dealings with threats towards availability, confidentiality and integrity. The United States Government has implemented a Cybersecurity framework, which is geared towards improving the critical infrastructure of cybersecurity (NIST, 2014). “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers” (NIST, 2014). In addition a proper outline for an IT Security Policy will not only address all applicable elements of the framework core and protective technologies listed in the NIST cybersecurity framework but also address relevant policies and controls from sources including the CIS critical security controls. CIS controls are recommended set of actions that helps an organization defend their infrastructure and are created by people who are highly skilled in dealing with attacks and how they work (CIS, 2015).Analysis The national Aeronautics and Space Administration (NASA) is a government owned enterprise that organization that is responsible for the civilian space programs and is continuing to venture on to new things such as air transportation (NASA, 2015). Thus, Information technology plays is a vital part of the organizations development as they focus on increasing the productivity of scientist, engineers and mission support personnel by responsively and efficiently delivering reliable, innovative and secure IT services (NASA, 2015). According to NASA’s information technology governance (2013) “the Agency spends more than $1.5 billion annually on a portfolio of IT assets that includes approximately 550 information systems it uses to control spacecraft, collect and process scientific data, provide security for its IT infrastructure, and enable NASA personnel to collaborate with colleagues around the world.” In addition, Technical scientific information generated by NASA research, science, engineering, technology, and exploration initiatives is one of its most valuable assets and should be protected under a solid IT security policy. NASA’s has a sophisticated information infrastructure such as DAEP, SN, DSN, and NEN and supplies telecommunication services to customers across the globe. In addition, NASA has had it share of cyber threats over the years and has since continued to develop a better IT security policy to safeguard against threats. Following 5408 computer security incidents in 2010 and 2011 the .

Education
1 of 8
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 2016 Running head: IT Security Policy Outline 1 10 Running head: BASIC PAPER TEMPLATE Introduction An it security policy is a strategy developed by an organization or an enterprise to protect and maintain network and resources (Bowden, 2003). It is very important that organization create a well-written policy that is geared towards dealings with threats towards availability, confidentiality and integrity. The United States Government has implemented a Cybersecurity framework, which is geared towards improving the critical infrastructure of cybersecurity (NIST, 2014). “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers” (NIST, 2014). In addition a proper outline for an IT Security Policy will not only address all applicable elements of the framework core and protective technologies listed in the NIST cybersecurity framework but also address relevant policies and controls from sources including the CIS critical security controls. CIS controls are recommended set of actions that helps an organization defend their infrastructure and are created by people who are highly skilled in dealing with attacks and how they work (CIS, 2015).Analysis
The national Aeronautics and Space Administration (NASA) is a government owned enterprise that organization that is responsible for the civilian space programs and is continuing to venture on to new things such as air transportation (NASA, 2015). Thus, Information technology plays is a vital part of the organizations development as they focus on increasing the productivity of scientist, engineers and mission support personnel by responsively and efficiently delivering reliable, innovative and secure IT services (NASA, 2015). According to NASA’s information technology governance (2013) “the Agency spends more than $1.5 billion annually on a portfolio of IT assets that includes approximately 550 information systems it uses to control spacecraft, collect and process scientific data, provide security for its IT infrastructure, and enable NASA personnel to collaborate with colleagues around the world.” In addition, Technical scientific information generated by NASA research, science, engineering, technology, and exploration initiatives is one of its most valuable assets and should be protected under a solid IT security policy. NASA’s has a sophisticated information infrastructure such as DAEP, SN, DSN, and NEN and supplies telecommunication services to customers across the globe. In addition, NASA has had it share of cyber threats over the years and has since continued to develop a better IT security policy to safeguard against threats. Following 5408 computer security incidents in 2010 and 2011 the organization has implemented regulations such as securing laptops, iPad and smartphones and making all employees accountable for securing sensitive security information (NASA, 2012). Thus, since the Information technology continues to change new threats continue to emerge and it is the organization responsibility to use the necessary resources such as NIST Critical infrastructure framework as a tool to help develop strong IT security policies to deal with cyber threats. Framework On February 12, 2013 an Executive Order 13636 was issued by
President Obama and focused on the improvement of resilience and the security of the infrastructure of the cyber world (NIST, 2014). “The Framework Coreprovides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes”(2014). In addition, the NASA’S Information Technology Governance (2013) states “centralization of the Agency’s IT framework under a Headquarters-based CIO would improve NASA‟s overall management of IT, including planning, acquisition, and security, while increasing control over IT expenditures and accountability.” Before the framework was addressed, NASA’s system was “overly complex and ineffective”. “We believe that both NASA‟s history and the experience of the other agencies supports a recommendation that NASA move to a more centralized approach to IT governance” (NASA, 2013). Therefore it is important for me to provide an outline of the 15 content areas of the as it relates to NASA. 1. Access Control: “Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions” (NIST, 2014). · Within the organization, all users should be provided different credentials and any remote access devices need to be registered the device in advance. · The network integrity must be protected, and network segregation needs to be included (Ashford, 2015). 2. Asset Management: “The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.”(NIST 2014) . · By referring ISO 142242 from the International Organization for Standardization (ISO), it is important to establish and configure a physical asset hierarchy. · Changes in the future to the asset management need to be
evaluated properly before its implementation (IAM, 2015). 3. Application Development: design develop deploy, manage and maintain in accordance with security principles. · Should define and describe data arrangements and application solutions and new systems. · Need to build and create designs and prototypes (Ashford, 2015) 4. Communications: “Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies” (NIST, 2014). · Public relations need to manage properly, and recovery strategies must update. · Recovery activities are essential to creating secure communication between different management teams and internal stakeholders. 5. Compliance: all sectors of organization must be in compliance to regulation handed down. · The compliance policy needs to support cybersecurity activities with regulations, Constitutional, and applicable privacy laws requirements. 6. Corporate Governance: · Organization should govern and actively involved in balancing the interests stakeholders in a company and including shareholders, management groups, suppliers, customers, financiers, the community and the government. · It should renew public confidence and trust in markets and corporations after bankruptcy and accounting fraud of high- profile companies (Investopedia, 2015). 7. Customers: it is important to ensure the safety of customers as it relates to availability integrity and confidentiality, thus developing ways to increase productivity. · Customers can give the ability to drive up costs and to put enormous impact on revenue
· All kinds of customer relationships with a company should be handled delicately (greatsampleresume, 2015). 8. Incident Management: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions (NIST, 2014) · Organization should have a process in place to identify, categorize, prioritize and respond to risk. · Roles and responsibilities during this process should be indicated such as incident response teams. 9. IT Operations Reports should be prepared and ensure the IT optimal performance need t be ensured. · It should preserve customers' agreement records and maintain the service level of a company. · It should design in a way to deliver efficient maintenance and response at the time of compliance and disaster recovery (greatsampleresume, 2015). 10. Outsourcing: Third party should be regulated to adhere to certain policy and guidelines as it relates to integrity confidentiality and availability. · It needs to be certain that a third-party supplier meets all of the compliance requirements that a company must abide by requirements. · It should consider the consequences of service deliverance failure by the third party (LCE, 2015). 11. Physical/Environmental: Organization needs to ensure that it has suitable physical security equipment and the environment is protected at all times. · Any Physical passage and access to assets should be managed and shielded. · Policies and regulations that are regarding the physical operating environment should meet the organization requirements (GREENWALD, 2013). 12. Policies & Procedures: organization must adhere to policies and procedures and ensure that each employee is aware of these policies and procedures. · Procedures and Policies need to be defined and implemented
to perform their cybersecurity duties. 13. It should be used to manage and protect information systems and assets and address potential Cybersecurity events 14. Privacy: A system development life cycle is needs to be implemented carefully to manage the system. · A Cybersecurity and future risk assessments must consider the privacy law. · Privacy laws must support the Cybersecurity compliance activities with constitutional requirements and regulations (LCE, n.d) 15. IT Security Program Implementation: Monitoring and training employees consistently. · Every user in the company should be given a security manual · A company needs to have an incident response and security team who handles all security and security breaches (Hammond, 2010) Controls There are several controls with the CIS that are appropriate protective solutions technologies, which can be used to secure NASA. Since NASA has had web browser intrusion and other threats it is very important that the organization implement data protection, malware defenses, wireless access control, email and web browsing protections, inventory authorized and unauthorized devices and software and have data recovery capability. According to CIS (2015) it is important to have inventory to authorized and unauthorized devices because attackers can be located anywhere around the world. In addition maintaining a current and accurate view of IT assets by actively scanning using tools such as ICMP is a plus (2015). In addition bundling firewall, antivirus, IDS and IPS is also good to monitor software. Using vulnerability assessment tools is also essential to catch any unpatched systems (CIS, 2015). Controlling administrative privileges is also a great way to verify users. Overall all these tools are necessary in order to
safeguard against common cyber threats. Once a solid IT security policy is implemented using resources available any organization will be secured from threats.References Ashford, W. (2015). Best practice in outsourcing security. Computer weekly. Retrieved from http://www.computerweekly.com/feature/Best-practice-in- outsourcing-security CIS, (2015). The CIS Critical Security Controls for Effective Cyber Defense. https://www.cisecurity.org/critical- controls/download.cfm?f=CSC-MASTER- VER%206.0%20CIS%20Critical%20Security%20Controls%201 0.15.2015 Great sample resume. (2016). IT Operations Manager Responsibilities and Duties. Retrieved from greatsampleresume.com: http://www.greatsampleresume.com/Job-Responsibilities/IT- Operations-Manager-Responsibilities.html GREENWALD, J. (2013). Cyber security framework welcomed. Business Insurance, 47(22), 46. Retrieved from http://connection.ebscohost.com/c/articles/91951516/cyber- security-framework-welcomed Hammond, B. (2010). Presidential advisory panel recommends increased investment in cybersecurity R&D. Indianapolis: Indiana University. Retrieved from http://iucat- test.uits.iu.edu/iupui/articles/edsggo/edsgcl.260494931/?resultI d=67&highlight=%22Administrative%20agencies%20-- %20Investments%22 IAM. (2015). What is Asset Management? Retrieved from https://theiam.org: https://theiam.org/what-asset-management Investopedia. (n.d). DEFINITION OF 'CORPORATE GOVERNANCE'. Retrieved from http://www.investopedia.com: http://www.investopedia.com/terms/c/corporategovernance.asp LCE. (2015). The Five Biggest Risks to Effective Asset Management. Retrieved from www.lce.com: http://www.lce.com/the_five_biggest_risks_to_effective_asset_ management_367-item.html
NASA, (2013). NASA Information Technology Governance Program Evaluation, REPORT NO. IG-13-015 (ASSIGNMENT NO. A-12-018-00). NASA, (2016) NASA TV. Networks. Retrieved from http://www.nasa.gov/directorates/heo/scan/services/networks/txt _sn.html NASA, (2012). IT TALK. Protecting and safeguarding NASA information and systems. https://www.nasa.gov/pdf/666064main_ITTalk_JUL2012_final.p df NASA, (2004). Information Security Policy, dated April 07, 2004. (n.d.). http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPD&c=2810&s= 1D NIST, (2014). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from http://www.nist.gov/cyberframework/upload/cybersecurity- framework-021214.pdf

Recommended

Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
Tony Hauxwell
 
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
charisellington63520
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practices
wacasr
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
IJERD Editor
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
AISHA232980
 

Recommended

Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
Tony Hauxwell
 
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docxRunning head IT SECURITY POLICYIT SECURITY POLICY .docx
Running head IT SECURITY POLICYIT SECURITY POLICY .docx
charisellington63520
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practices
wacasr
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
IJERD Editor
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
AISHA232980
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docx
stirlingvwriters
 
Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...
Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...
Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...
Angie Miller
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
IOSR Journals
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
IT-Toolkits.org
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
Mohammed Mahfouz Alhassan
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
Mohammed Mahfouz Alhassan
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
Vidushi Singh
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 
Organizations rely heavily on the use of information technology .docx
Organizations rely heavily on the use of information technology .docxOrganizations rely heavily on the use of information technology .docx
Organizations rely heavily on the use of information technology .docx
aman341480
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
Muhammad Mazhar
 
DIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxDIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docx
cuddietheresa
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Sundas Kayani
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206
Apoorva Ajmani
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
oswald1horne84988
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
RossMob1
 
For this assignment, students will need to observe the activities th.docx
For this assignment, students will need to observe the activities th.docxFor this assignment, students will need to observe the activities th.docx
For this assignment, students will need to observe the activities th.docx
alfred4lewis58146
 
For this assignment, select a human service organization from .docx
For this assignment, select a human service organization from .docxFor this assignment, select a human service organization from .docx
For this assignment, select a human service organization from .docx
alfred4lewis58146
 

More Related Content

Similar to Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx

Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
IT-Toolkits.org
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
Vidushi Singh
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 
Organizations rely heavily on the use of information technology .docx
Organizations rely heavily on the use of information technology .docxOrganizations rely heavily on the use of information technology .docx
Organizations rely heavily on the use of information technology .docx
aman341480
 
DIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxDIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docx
cuddietheresa
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Sundas Kayani
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206
Apoorva Ajmani
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
oswald1horne84988
 

Similar to Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx (20)

Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docx
 
Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...
Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...
Assimilation Of Security-Related Policies In U.S. Firms An Empirical Study O...
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Organizations rely heavily on the use of information technology .docx
Organizations rely heavily on the use of information technology .docxOrganizations rely heavily on the use of information technology .docx
Organizations rely heavily on the use of information technology .docx
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
 
DIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docxDIRECTIONSRate each statement by how well the behavior describe.docx
DIRECTIONSRate each statement by how well the behavior describe.docx
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas IlyasPresentation(group j)implementing trustworthy computing by Sundas Ilyas
Presentation(group j)implementing trustworthy computing by Sundas Ilyas
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
 

More from alfred4lewis58146

For this assignment, select a human service organization from .docx
For this assignment, select a human service organization from .docxFor this assignment, select a human service organization from .docx
For this assignment, select a human service organization from .docx
alfred4lewis58146
 
For this Assignment, read the case study for Claudia and find tw.docx
For this Assignment, read the case study for Claudia and find tw.docxFor this Assignment, read the case study for Claudia and find tw.docx
For this Assignment, read the case study for Claudia and find tw.docx
alfred4lewis58146
 
For this assignment, download the A6 code pack. This zip fil.docx
For this assignment, download the A6 code pack. This zip fil.docxFor this assignment, download the A6 code pack. This zip fil.docx
For this assignment, download the A6 code pack. This zip fil.docx
alfred4lewis58146
 
For this assignment, create infographic using the Canva website..docx
For this assignment, create infographic using the Canva website..docxFor this assignment, create infographic using the Canva website..docx
For this assignment, create infographic using the Canva website..docx
alfred4lewis58146
 
For this assignment, create a 10- to 12-slide presentation in Mi.docx
For this assignment, create a 10- to 12-slide presentation in Mi.docxFor this assignment, create a 10- to 12-slide presentation in Mi.docx
For this assignment, create a 10- to 12-slide presentation in Mi.docx
alfred4lewis58146
 
For this assignment, begin by reading chapters 12-15 in Dr. Bells t.docx
For this assignment, begin by reading chapters 12-15 in Dr. Bells t.docxFor this assignment, begin by reading chapters 12-15 in Dr. Bells t.docx
For this assignment, begin by reading chapters 12-15 in Dr. Bells t.docx
alfred4lewis58146
 
For this assignment, assume you are the new Secretary of Homelan.docx
For this assignment, assume you are the new Secretary of Homelan.docxFor this assignment, assume you are the new Secretary of Homelan.docx
For this assignment, assume you are the new Secretary of Homelan.docx
alfred4lewis58146
 
For this assignment, address the following promptsIntroductor.docx
For this assignment, address the following promptsIntroductor.docxFor this assignment, address the following promptsIntroductor.docx
For this assignment, address the following promptsIntroductor.docx
alfred4lewis58146
 
For this assignment, analyze the play by focusing on one of the .docx
For this assignment, analyze the play by focusing on one of the .docxFor this assignment, analyze the play by focusing on one of the .docx
For this assignment, analyze the play by focusing on one of the .docx
alfred4lewis58146
 
For the shortanswer questions,you will need to respo.docx
For the shortanswer questions,you will need to respo.docxFor the shortanswer questions,you will need to respo.docx
For the shortanswer questions,you will need to respo.docx
alfred4lewis58146
 
For the sake of argument (this essay in particular), lets prete.docx
For the sake of argument (this essay in particular), lets prete.docxFor the sake of argument (this essay in particular), lets prete.docx
For the sake of argument (this essay in particular), lets prete.docx
alfred4lewis58146
 
For the project, you will be expected to apply the key concepts of p.docx
For the project, you will be expected to apply the key concepts of p.docxFor the project, you will be expected to apply the key concepts of p.docx
For the project, you will be expected to apply the key concepts of p.docx
alfred4lewis58146
 
For the past several weeks you have addressed several different area.docx
For the past several weeks you have addressed several different area.docxFor the past several weeks you have addressed several different area.docx
For the past several weeks you have addressed several different area.docx
alfred4lewis58146
 

More from alfred4lewis58146 (20)

For this assignment, students will need to observe the activities th.docx
For this assignment, students will need to observe the activities th.docxFor this assignment, students will need to observe the activities th.docx
For this assignment, students will need to observe the activities th.docx
 
For this assignment, select a human service organization from .docx
For this assignment, select a human service organization from .docxFor this assignment, select a human service organization from .docx
For this assignment, select a human service organization from .docx
 
For this Assignment, read the case study for Claudia and find tw.docx
For this Assignment, read the case study for Claudia and find tw.docxFor this Assignment, read the case study for Claudia and find tw.docx
For this Assignment, read the case study for Claudia and find tw.docx
 
For this assignment, download the A6 code pack. This zip fil.docx
For this assignment, download the A6 code pack. This zip fil.docxFor this assignment, download the A6 code pack. This zip fil.docx
For this assignment, download the A6 code pack. This zip fil.docx
 
For this assignment, create infographic using the Canva website..docx
For this assignment, create infographic using the Canva website..docxFor this assignment, create infographic using the Canva website..docx
For this assignment, create infographic using the Canva website..docx
 
For this assignment, compare  California during the Great Depression.docx
For this assignment, compare  California during the Great Depression.docxFor this assignment, compare  California during the Great Depression.docx
For this assignment, compare  California during the Great Depression.docx
 
For this assignment, create a 10- to 12-slide presentation in Mi.docx
For this assignment, create a 10- to 12-slide presentation in Mi.docxFor this assignment, create a 10- to 12-slide presentation in Mi.docx
For this assignment, create a 10- to 12-slide presentation in Mi.docx
 
For this assignment, begin by reading chapters 12-15 in Dr. Bells t.docx
For this assignment, begin by reading chapters 12-15 in Dr. Bells t.docxFor this assignment, begin by reading chapters 12-15 in Dr. Bells t.docx
For this assignment, begin by reading chapters 12-15 in Dr. Bells t.docx
 
For this assignment, assume you are the new Secretary of Homelan.docx
For this assignment, assume you are the new Secretary of Homelan.docxFor this assignment, assume you are the new Secretary of Homelan.docx
For this assignment, assume you are the new Secretary of Homelan.docx
 
For this assignment, address the following promptsIntroductor.docx
For this assignment, address the following promptsIntroductor.docxFor this assignment, address the following promptsIntroductor.docx
For this assignment, address the following promptsIntroductor.docx
 
For this assignment, analyze the play by focusing on one of the .docx
For this assignment, analyze the play by focusing on one of the .docxFor this assignment, analyze the play by focusing on one of the .docx
For this assignment, analyze the play by focusing on one of the .docx
 
For this assignment I would like you to answer these questions.docx
For this assignment I would like you to answer these questions.docxFor this assignment I would like you to answer these questions.docx
For this assignment I would like you to answer these questions.docx
 
For the Weekly Reports I need 2 reports. For the First two weeks the.docx
For the Weekly Reports I need 2 reports. For the First two weeks the.docxFor the Weekly Reports I need 2 reports. For the First two weeks the.docx
For the Weekly Reports I need 2 reports. For the First two weeks the.docx
 
For the shortanswer questions,you will need to respo.docx
For the shortanswer questions,you will need to respo.docxFor the shortanswer questions,you will need to respo.docx
For the shortanswer questions,you will need to respo.docx
 
For the sake of argument (this essay in particular), lets prete.docx
For the sake of argument (this essay in particular), lets prete.docxFor the sake of argument (this essay in particular), lets prete.docx
For the sake of argument (this essay in particular), lets prete.docx
 
For the proposal, each student must describe an interface they a.docx
For the proposal, each student must describe an interface they a.docxFor the proposal, each student must describe an interface they a.docx
For the proposal, each student must describe an interface they a.docx
 
For the project, you will be expected to apply the key concepts of p.docx
For the project, you will be expected to apply the key concepts of p.docxFor the project, you will be expected to apply the key concepts of p.docx
For the project, you will be expected to apply the key concepts of p.docx
 
For the past several weeks you have addressed several different area.docx
For the past several weeks you have addressed several different area.docxFor the past several weeks you have addressed several different area.docx
For the past several weeks you have addressed several different area.docx
 
For the Mash it Up assignment, we experimented with different ways t.docx
For the Mash it Up assignment, we experimented with different ways t.docxFor the Mash it Up assignment, we experimented with different ways t.docx
For the Mash it Up assignment, we experimented with different ways t.docx
 
For the first time in modern history, the world is experiencing a he.docx
For the first time in modern history, the world is experiencing a he.docxFor the first time in modern history, the world is experiencing a he.docx
For the first time in modern history, the world is experiencing a he.docx
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 

Recently uploaded (20)

ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 

Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docx

  • 1. Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 2016 Running head: IT Security Policy Outline 1 10 Running head: BASIC PAPER TEMPLATE Introduction An it security policy is a strategy developed by an organization or an enterprise to protect and maintain network and resources (Bowden, 2003). It is very important that organization create a well-written policy that is geared towards dealings with threats towards availability, confidentiality and integrity. The United States Government has implemented a Cybersecurity framework, which is geared towards improving the critical infrastructure of cybersecurity (NIST, 2014). “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers” (NIST, 2014). In addition a proper outline for an IT Security Policy will not only address all applicable elements of the framework core and protective technologies listed in the NIST cybersecurity framework but also address relevant policies and controls from sources including the CIS critical security controls. CIS controls are recommended set of actions that helps an organization defend their infrastructure and are created by people who are highly skilled in dealing with attacks and how they work (CIS, 2015).Analysis
  • 2. The national Aeronautics and Space Administration (NASA) is a government owned enterprise that organization that is responsible for the civilian space programs and is continuing to venture on to new things such as air transportation (NASA, 2015). Thus, Information technology plays is a vital part of the organizations development as they focus on increasing the productivity of scientist, engineers and mission support personnel by responsively and efficiently delivering reliable, innovative and secure IT services (NASA, 2015). According to NASA’s information technology governance (2013) “the Agency spends more than $1.5 billion annually on a portfolio of IT assets that includes approximately 550 information systems it uses to control spacecraft, collect and process scientific data, provide security for its IT infrastructure, and enable NASA personnel to collaborate with colleagues around the world.” In addition, Technical scientific information generated by NASA research, science, engineering, technology, and exploration initiatives is one of its most valuable assets and should be protected under a solid IT security policy. NASA’s has a sophisticated information infrastructure such as DAEP, SN, DSN, and NEN and supplies telecommunication services to customers across the globe. In addition, NASA has had it share of cyber threats over the years and has since continued to develop a better IT security policy to safeguard against threats. Following 5408 computer security incidents in 2010 and 2011 the organization has implemented regulations such as securing laptops, iPad and smartphones and making all employees accountable for securing sensitive security information (NASA, 2012). Thus, since the Information technology continues to change new threats continue to emerge and it is the organization responsibility to use the necessary resources such as NIST Critical infrastructure framework as a tool to help develop strong IT security policies to deal with cyber threats. Framework On February 12, 2013 an Executive Order 13636 was issued by
  • 3. President Obama and focused on the improvement of resilience and the security of the infrastructure of the cyber world (NIST, 2014). “The Framework Coreprovides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes”(2014). In addition, the NASA’S Information Technology Governance (2013) states “centralization of the Agency’s IT framework under a Headquarters-based CIO would improve NASA‟s overall management of IT, including planning, acquisition, and security, while increasing control over IT expenditures and accountability.” Before the framework was addressed, NASA’s system was “overly complex and ineffective”. “We believe that both NASA‟s history and the experience of the other agencies supports a recommendation that NASA move to a more centralized approach to IT governance” (NASA, 2013). Therefore it is important for me to provide an outline of the 15 content areas of the as it relates to NASA. 1. Access Control: “Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions” (NIST, 2014). · Within the organization, all users should be provided different credentials and any remote access devices need to be registered the device in advance. · The network integrity must be protected, and network segregation needs to be included (Ashford, 2015). 2. Asset Management: “The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.”(NIST 2014) . · By referring ISO 142242 from the International Organization for Standardization (ISO), it is important to establish and configure a physical asset hierarchy. · Changes in the future to the asset management need to be
  • 4. evaluated properly before its implementation (IAM, 2015). 3. Application Development: design develop deploy, manage and maintain in accordance with security principles. · Should define and describe data arrangements and application solutions and new systems. · Need to build and create designs and prototypes (Ashford, 2015) 4. Communications: “Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies” (NIST, 2014). · Public relations need to manage properly, and recovery strategies must update. · Recovery activities are essential to creating secure communication between different management teams and internal stakeholders. 5. Compliance: all sectors of organization must be in compliance to regulation handed down. · The compliance policy needs to support cybersecurity activities with regulations, Constitutional, and applicable privacy laws requirements. 6. Corporate Governance: · Organization should govern and actively involved in balancing the interests stakeholders in a company and including shareholders, management groups, suppliers, customers, financiers, the community and the government. · It should renew public confidence and trust in markets and corporations after bankruptcy and accounting fraud of high- profile companies (Investopedia, 2015). 7. Customers: it is important to ensure the safety of customers as it relates to availability integrity and confidentiality, thus developing ways to increase productivity. · Customers can give the ability to drive up costs and to put enormous impact on revenue
  • 5. · All kinds of customer relationships with a company should be handled delicately (greatsampleresume, 2015). 8. Incident Management: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions (NIST, 2014) · Organization should have a process in place to identify, categorize, prioritize and respond to risk. · Roles and responsibilities during this process should be indicated such as incident response teams. 9. IT Operations Reports should be prepared and ensure the IT optimal performance need t be ensured. · It should preserve customers' agreement records and maintain the service level of a company. · It should design in a way to deliver efficient maintenance and response at the time of compliance and disaster recovery (greatsampleresume, 2015). 10. Outsourcing: Third party should be regulated to adhere to certain policy and guidelines as it relates to integrity confidentiality and availability. · It needs to be certain that a third-party supplier meets all of the compliance requirements that a company must abide by requirements. · It should consider the consequences of service deliverance failure by the third party (LCE, 2015). 11. Physical/Environmental: Organization needs to ensure that it has suitable physical security equipment and the environment is protected at all times. · Any Physical passage and access to assets should be managed and shielded. · Policies and regulations that are regarding the physical operating environment should meet the organization requirements (GREENWALD, 2013). 12. Policies & Procedures: organization must adhere to policies and procedures and ensure that each employee is aware of these policies and procedures. · Procedures and Policies need to be defined and implemented
  • 6. to perform their cybersecurity duties. 13. It should be used to manage and protect information systems and assets and address potential Cybersecurity events 14. Privacy: A system development life cycle is needs to be implemented carefully to manage the system. · A Cybersecurity and future risk assessments must consider the privacy law. · Privacy laws must support the Cybersecurity compliance activities with constitutional requirements and regulations (LCE, n.d) 15. IT Security Program Implementation: Monitoring and training employees consistently. · Every user in the company should be given a security manual · A company needs to have an incident response and security team who handles all security and security breaches (Hammond, 2010) Controls There are several controls with the CIS that are appropriate protective solutions technologies, which can be used to secure NASA. Since NASA has had web browser intrusion and other threats it is very important that the organization implement data protection, malware defenses, wireless access control, email and web browsing protections, inventory authorized and unauthorized devices and software and have data recovery capability. According to CIS (2015) it is important to have inventory to authorized and unauthorized devices because attackers can be located anywhere around the world. In addition maintaining a current and accurate view of IT assets by actively scanning using tools such as ICMP is a plus (2015). In addition bundling firewall, antivirus, IDS and IPS is also good to monitor software. Using vulnerability assessment tools is also essential to catch any unpatched systems (CIS, 2015). Controlling administrative privileges is also a great way to verify users. Overall all these tools are necessary in order to
  • 7. safeguard against common cyber threats. Once a solid IT security policy is implemented using resources available any organization will be secured from threats.References Ashford, W. (2015). Best practice in outsourcing security. Computer weekly. Retrieved from http://www.computerweekly.com/feature/Best-practice-in- outsourcing-security CIS, (2015). The CIS Critical Security Controls for Effective Cyber Defense. https://www.cisecurity.org/critical- controls/download.cfm?f=CSC-MASTER- VER%206.0%20CIS%20Critical%20Security%20Controls%201 0.15.2015 Great sample resume. (2016). IT Operations Manager Responsibilities and Duties. Retrieved from greatsampleresume.com: http://www.greatsampleresume.com/Job-Responsibilities/IT- Operations-Manager-Responsibilities.html GREENWALD, J. (2013). Cyber security framework welcomed. Business Insurance, 47(22), 46. Retrieved from http://connection.ebscohost.com/c/articles/91951516/cyber- security-framework-welcomed Hammond, B. (2010). Presidential advisory panel recommends increased investment in cybersecurity R&D. Indianapolis: Indiana University. Retrieved from http://iucat- test.uits.iu.edu/iupui/articles/edsggo/edsgcl.260494931/?resultI d=67&highlight=%22Administrative%20agencies%20-- %20Investments%22 IAM. (2015). What is Asset Management? Retrieved from https://theiam.org: https://theiam.org/what-asset-management Investopedia. (n.d). DEFINITION OF 'CORPORATE GOVERNANCE'. Retrieved from http://www.investopedia.com: http://www.investopedia.com/terms/c/corporategovernance.asp LCE. (2015). The Five Biggest Risks to Effective Asset Management. Retrieved from www.lce.com: http://www.lce.com/the_five_biggest_risks_to_effective_asset_ management_367-item.html
  • 8. NASA, (2013). NASA Information Technology Governance Program Evaluation, REPORT NO. IG-13-015 (ASSIGNMENT NO. A-12-018-00). NASA, (2016) NASA TV. Networks. Retrieved from http://www.nasa.gov/directorates/heo/scan/services/networks/txt _sn.html NASA, (2012). IT TALK. Protecting and safeguarding NASA information and systems. https://www.nasa.gov/pdf/666064main_ITTalk_JUL2012_final.p df NASA, (2004). Information Security Policy, dated April 07, 2004. (n.d.). http://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPD&c=2810&s= 1D NIST, (2014). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from http://www.nist.gov/cyberframework/upload/cybersecurity- framework-021214.pdf