Risk Management Framework, CIA, and Security Policy PDF
| Title | Risk Management Framework, CIA, and Security Policy |
|---|---|
| Author | sharon dutt |
| Course | Foundations of Security |
| Institution | University of Phoenix |
| Pages | 7 |
| File Size | 120.2 KB |
| File Type | |
| Total Downloads | 80 |
| Total Views | 130 |
Summary
CYB110 Foundations of Security, Week 1 Data Security Fundamentals. Final week 1 paper
...
Description
Risk Management Framework, CIA & Security Policy Sharon Dutt CYB/100 December 03, 2018 University of Phoenix
Risk Management Framework, CIA & Security Policy
The Risk Management Framework is a way to assess cybersecurity when large scale systems are developing. There is no other alternative way to achieve fully secured against all risk, to protect something valuable one out many things must be sacrificed. Companies are always under continuous
threat that can be daily, and they must protect themselves at all times in order to minimize risk. Risk assessment is a vital part in combating various threats that try to infiltrate the company, by any means, virtual and physical as well. Accepting there is risk is the first step into creating a security plan. Some companies do have a higher level of intrusion or intrusion attempts, depending upon the type of business is being used to infiltrate.
RMF (Risk Management Framework), identifies risk in terms of level of impact that can be disruptive to the company. Having a list of threat levels can have the company sifting through the more disastrous ones and bypass others that may not be as imperative. RMF has a protocol that is to be followed which will give a starting point as to what the company must do when a threat raises. Identifying risks as previously stated is a main point, followed by organizing the treat, accordingly, and finally using security protocols to fight against it.
The CIA (Central Intelligence Agency) has concepts that are like the RMF in terms of organizing threats which the company should take into consideration. According to Smith (2013), the concepts are confidentiality, integrity and availability, which is addressing the impact and keeping some information from spreading, Integrity is knowing how much damage the threat will cause to the company. Finally, availability deals with operations in trying to continue even though the system is not at its full potential (2013).
Using the framework of both RMF and CIA helps to create the building blocks of protecting the information of the financial services company in looking at risk levels and matching it with proper security measures that will keep the attack to a minimum which will keep the company from having to shut down production. There are various threats that plague financial services which will be outlined in the following chart and will suggest the proper solution against the attack.
In the Threat to Data at Rest
Identifying the minimum of at least five threats to the company which affecting the Confidentiality, Integrity, and/or Availability (CIA) or either of all three. Threat to Data-at-Rest
Confidentiality/Integrity/Availability
Suggestion on Countering the Threat
Insider Threat
Confidentiality
Create security policy, limit access control, train employees
Third Party Vendor
Confidentiality
Security measures that are contracted, Collaborate with other vendors
DDoS Attack
Availability
Configure servers, firewall, traffic filtering
Inadequate Security
Integrity
In house IT, testing, monitoring, backup,
Backdoor Attacks
Integrity
Monitoring, firewall, antimalware,
Having a security policy would outline an acceptable use of the company’s assets and deems what is to happen if policies are not followed through. The policy can be used as to set protocols that are to have solutions or suggestions on intrusions that can cause malfunctions in the system both digital and physical types. The financial sector is always under tight security from biometrics to security testing, monitoring and creating new ways of protecting the company more effectively and efficiency always.
A few ways which data can be protected is by limiting access from employees, vendors and customers in a multi-level structure. Having restrictions would allow the proper information to be accessed accordingly with the employee’s clearance. Along with secured access comes monitoring activity in creating a log of all employees, vendors, and consumer’s actions through the day of operations. Irregularities would be noticed and considered as a breach of security.
Testing would be vital in protecting secured information from being misused. Testing would see the integrity and stability of the system or in some cases in sections of needed. Collaboration would take place after testing results are completed and broken down into forming new solutions that will improve the system in creating a new level of security features. Expanding or evolving the system will improve the overall security measures and keep the policy up to date.
Maintaining/Upkeep using patches/updates is a must in ensuring the system is always secured in a timely manner. Without the process the system can be vulnerable to any attack no matter the size. Even though the system is patched up, there are always new security breaches that arise over time throughout the day, week, month or even year. Breaches are becoming more sophisticated than being digital, now its onto physical breaches such as social interactions. It can
be devastating to the financial company, considering social interactions may seem harmless if employees are not trained properly. The security policy would be beneficial in having sensitive information secured, using this as a guideline would give the company an insight as to how to start and how to gain ideas on combating threats. It would create a financial company that is strong and on the verge of being a step ahead of new intrusions and being more well known throughout the financial world as the evolver of security solutions.
REFERENCE
Smith, R. E. (2013). Elementary Information Security (2nd ed.). Jones and Bartlett Learning. Climer, S. (2018, July 14). Top 7 Cyber Security Threats To Financial Services. Retrieved December 2, 2018, from https://www.gomindsight.com/blog/7-cyber-security-threats-to-financial-services/
(2016). Certified Secure Computer User v2 [University of Phoenix Custom Edition eBook]. : EC-Council. Retrieved from University of Phoenix, CYB100 - Foundation of Security website....
Similar Free PDFs
Isaca Risk IT Framework
- 1 Pages
Production management CIA
- 3 Pages
Risk Management
- 36 Pages
4. Risk Analysis and Management
- 3 Pages
Business Policy and Strategic Management
- 458 Pages
Respiratory-CIA - CIA notes
- 4 Pages
Lecture 4: Risk Management
- 3 Pages
Risk Management Plan Assignment
- 25 Pages
Popular Institutions
- Tinajero National High School - Annex
- Politeknik Caltex Riau
- Yokohama City University
- SGT University
- University of Al-Qadisiyah
- Divine Word College of Vigan
- Techniek College Rotterdam
- Universidade de Santiago
- Universiti Teknologi MARA Cawangan Johor Kampus Pasir Gudang
- Poltekkes Kemenkes Yogyakarta
- Baguio City National High School
- Colegio san marcos
- preparatoria uno
- Centro de Bachillerato Tecnológico Industrial y de Servicios No. 107
- Dalian Maritime University
- Quang Trung Secondary School
- Colegio Tecnológico en Informática
- Corporación Regional de Educación Superior
- Grupo CEDVA
- Dar Al Uloom University
- Centro de Estudios Preuniversitarios de la Universidad Nacional de Ingeniería
- 上智大学
- Aakash International School, Nuna Majara
- San Felipe Neri Catholic School
- Kang Chiao International School - New Taipei City
- Misamis Occidental National High School
- Institución Educativa Escuela Normal Juan Ladrilleros
- Kolehiyo ng Pantukan
- Batanes State College
- Instituto Continental
- Sekolah Menengah Kejuruan Kesehatan Kaltara (Tarakan)
- Colegio de La Inmaculada Concepcion - Cebu