You will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan.
Note: If you establish protocols and mitigating factors, you can then justify expectations associated with the established protocols.ongoing effectiveness of the information assurance plan.
The organization being used is based on the Home Depot Cyber Attack.
Requirements: 3-5 pages
IT 549 Milestone Four Guidelines and Rubric One of the most important aspects of information assurance is ensuring that proper policies and procedures are established within an organization. Without properpoliciesandprocedures,therewouldbe noorder. Byimplementingappropriatestatementsofpolicyanddevelopingeffectiveprocedures,IT administratorsensurethat incidentscanbe appropriatelyrespondedto,andthat individualswithintheorganizationunderstandtheirroleswithinthe information assurance plan. Individuals in an organization would not be able to adequately understand their roles without the establishment of these statements of policy. Prompt: In Module Seven, you will submit your plan pertaining to statements of policy. You will establish protocols and mitigating factors to the organization. Justifyhowthe disasterresponse protocolswill mitigatethe threatsto andvulnerabilitiesofthe organization. Youwillfocusondisasterandincident response protocols as well as access control. Assess your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoingeffectivenessof the informationassuranceplan. Specifically, the following critical elements must be addressed: IV. Statements of Policy a) Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization. b) Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. c) Develop appropriate disasterresponse protocols to respond to the various threats and vulnerabilities identified within the organization. d) Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. e) Develop appropriate access control protocols that provideanappropriate amount ofprotectionwhileallowingusersto continueto operate without denial of service. f) Justify your access control protocols. Support your justification with information assurance research and best practices. g) Recommend a method for maintaining the information assurance plan once it has been established. h) Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justification with information assurance research and best practices.
Rubric Guidelines forSubmission: Yourpapermust be submittedasathree-to four-pageMicrosoft Worddocument withdoublespacing,12-point TimesNewRoman font, one-inch margins, and at least three sources cited in APA format. Critical Elements Proficient (100%) Needs Improvement (75%) Not Evident (0%) Value Incident Response Protocols Develops appropriate incident response protocols to respond to the various threats and vulnerabilities identified Develops incident response protocols to respond to the various threats and vulnerabilities identified, but they are not all appropriate or do not respond to all the threats and vulnerabilities Does not develop incident response protocols 12 Justification of Incident Response Protocols Logically justifies how the incident response protocols will mitigate the threats to and vulnerabilities of the organization with support from information assurance research and best practices Justifies how the incident response protocols will mitigate the threats to and vulnerabilities of the organization with minimal support from information assurance research and best practices, or justification is illogical Does not justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization 12 Disaster Response Protocols Develops appropriate disaster response protocols to respond to the various threats and vulnerabilities identified Develops disaster response protocols to respond to the various threats and vulnerabilities identified, but they are not all appropriate or do not respond to all the threats and vulnerabilities Does not develop disaster response protocols 12 Justification of Disaster Response Protocols Logically justifies how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization with support from information assurance research and best practices Justifies how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization with minimal support from information assurance research and best practices, or justification is illogical Does not justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization 12
Access Control Protocols Develops appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service Develops access control protocols, but they do not provide an appropriate amount of protection while allowing users to continue to operate without denial of service Does not develop access control protocols 12 Justification of Access Control Protocols Logically justifies the access control protocols with support from information assurance research and best practices Justifies the access control protocols with minimal support from information assurance research and best practices, or justification is illogical Does not justify the access control protocols 12 Method for Maintaining the Information Assurance Plan Recommends a comprehensive method for maintaining the information assurance plan once it has been established Recommends a method for maintaining the information assurance plan once it has been established but recommendations are not fully developed Does not recommend a method for maintaining the information assurance plan once it has been established 12 Justification of Maintenance Plan Logically justifies how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan with support from information assurance research and best practices Justifies how the maintenance plan will ensure the ongoing effectiveness of the informationassurance plan with minimal support from information assurance research and best practices, or justification is illogical Does not justify how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan 12 Articulation of Response Submission has no major errorsrelated to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas 4 Earned Total 100%
Milestone Three: Risk Assessment
Jacob Brumit
Southern New Hampshire University
IT549
2023TW3
Introduction
Information assurance (IA) ensures the confidentiality, integrity, availability, and authenticity of information and information systems. As technology advances, the risks associated with information security also increase. This risk assessment report will analyze the Home Depot cyber-attack to identify potential threats, vulnerabilities, and risks. Based on the analysis, the report will provide recommendations for implementing information assurance principles and areas for improvement to current protocols and policies.
Threat Environment
The Home Depot cyber-attack occurred between April and September 2014, affecting approximately 56 million customers’ credit and debit card information. The attack involved hackers exploiting a vulnerability in Home Depot’s point-of-sale (POS) systems to steal customers’ payment information (Kelarestaghi et al., 2019). The hackers installed malware on Home Depot’s POS systems, which allowed them to capture customers’ credit and debit card information as it was being processed.
The threat environment for the Home Depot cyber-attack consisted of several factors. The first factor was the increasing use of technology in Home Depot’s POS systems. As technology advances, new vulnerabilities are introduced, and hackers find new ways to exploit them. The second factor was Home Depot’s POS systems need proper security measures. The company failed to implement adequate security controls, making it easier for hackers to access the system. The third factor was Home Depot’s employees’ need for awareness and training. Home Depot employees needed adequate training on identifying and reporting suspicious activities, making it easier for the hackers to go undetected.
Risks Within the Organization
The risks associated with the Home Depot cyber-attack were significant. The attack resulted in the theft of 56 million customers’ credit and debit card information, which could lead to financial losses and identity theft. Additionally, the attack damaged Home Depot’s reputation and resulted in significant financial losses.
The risks associated with the Home Depot cyber-attack can be categorized into three types: strategic, operational, and reputational (Landoll, 2021). Strategic risks are risks that threaten the organization’s long-term goals and objectives. In the case of the Home Depot cyber-attack, the strategic risk was the potential loss of customers due to the breach. Operational risks are risks that threaten the organization’s ability to achieve its operational objectives. In the case of the Home Depot cyber-attack, the operational risk was the potential loss of revenue due to the breach. Reputational risks are risks that threaten the organization’s reputation. In the case of the Home Depot cyber-attack, the reputational risk was negative publicity and loss of trust in the company.
Methods to Mitigate Risks
There are several methods to mitigate the risks associated with the Home Depot cyber-attack. The first method is to implement proper security controls. Home Depot could have prevented the attack by implementing adequate security controls, such as firewalls, intrusion detection systems, and encryption. These security controls would have made it harder for the hackers to access Home Depot’s POS systems and steal customers’ payment information.
The second method is to provide proper training and awareness to employees. Home Depot could have prevented the attack by providing adequate training and attention to its employees. The employees should have been trained to identify and report suspicious activities and be made aware of the potential risks associated with cyber-attacks.
The third method is to conduct regular security audits and risk assessments. Home Depot could have prevented the attack by conducting regular security audits and risk assessments. These audits and reviews would have identified vulnerabilities and risks, and the company could have taken steps to mitigate them before a cyber-attack occurred.
Best Approaches for Implementing Information Assurance Principles
The best approaches for implementing information assurance principles include:
Risk Management:
Organizations must implement a formal risk management process to identify, assess, and prioritize information risks. Risk management enables organizations to make informed decisions about allocating resources to mitigate those risks (McIlwraith, 2021). This process involves identifying the organization’s critical assets, assessing the potential risks to those assets, and developing a risk mitigation strategy.
Continuous Monitoring
Organizations must implement constant monitoring processes to promptly detect and respond to security incidents. Continuous monitoring involves monitoring the organization’s network and systems for suspicious activities and events. It includes intrusion detection systems, security information, and event management (SIEM) systems, and other monitoring tools.
Security Controls
Organizations must implement proper security controls to protect their critical assets. Security controls include firewalls, intrusion detection and prevention systems, encryption, access controls, and employee security awareness training.
Incident Response
Organizations must have a formal incident response plan to respond to security incidents effectively. The incident response plan should include processes for detecting and reporting security incidents and investigating and containing the incidents.
Areas for Improvement
Despite the many methods available to mitigate cyber-attack risks, there are still areas for improvement in current protocols and policies (Cram, D’arcy, & Proudfoot, 2019). One of the most significant areas for improvement is employee training and awareness. Employees must be trained regularly on cybersecurity best practices and how to identify and report suspicious activities. This training should be ongoing, and employees should be tested periodically to ensure they understand and remember the information.
Another area for improvement is the implementation of proper security controls. Many organizations still do not implement appropriate security controls, leaving their critical assets vulnerable to cyber-attacks. Adequate security controls, such as firewalls, intrusion detection and prevention systems, and encryption, can significantly reduce the risk of a cyber-attack.
Finally, organizations must take a proactive approach to risk management. Instead of waiting for a cyber-attack to occur, organizations should conduct regular risk assessments and security audits to identify vulnerabilities and risks. By taking a proactive approach, organizations can identify potential risks and take steps to mitigate them before they become a problem.
Risk Matrix
The following is a risk matrix for Home Depot
Conclusion
The Home Depot cyber-attack serves as a reminder that cyber-attacks can happen to any organization, regardless of size or industry. The threat environment is constantly evolving, and organizations must take a proactive approach to information assurance to protect their critical assets. Organizations can mitigate the risks associated with cyber-attacks by implementing proper security controls, providing employee training and awareness, and conducting regular risk assessments and security audits. However, there are still areas for improvement in current protocols and policies, particularly in employee training and awareness, proper security controls, and proactive risk management.
References
Cram, W. A., D’arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS quarterly, 43(2), 525-554.
Kelarestaghi, K. B., Foruhandeh, M., Heaslip, K., & Gerdes, R. (2019). Intelligent transportation system security: impact-oriented risk assessment of in-vehicle networks. IEEE Intelligent Transportation Systems Magazine, 13(2), 91-104.
Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press.
McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.
Milestone Two: Information Security Roles and Responsibilities
Jacob Brumit
Southern New Hampshire University
IT549
2023TW3
Milestone Two: Information Security Roles and Responsibilities
Roles of key leaders within the organization
The hack of Home Depot brought many concerns to the forefront involving any information assurance plan. The key leaders that will be evaluated include the Chief Executive Officer (CEO), the systems administrator, and the Chief Information Officer (CIO).
First, the CEO is a necessity as they oversee the company and should be kept up to date with everything going on within the company to ensure it is running as it was designed to. Many decisions will have to be made by the CEO who can then decide whether to implement or find an alternative solution.
Second, it is essential to understand that the system administrator plays a significant role in maintaining the information within the organization. The system administrator’s primary role includes installing and maintaining computer systems in an organization. The roles of the system administrators still include safeguarding information and ensuring that the security software that the employees are using remotely is frequently updated (Demirkan, 2020). If the organization loses data, it is then the responsibility of the system administrator to create a backup for such data. Additionally, the system administrator has the role of creating a recovery policy for the same lost data.
Finally, the Chief Information Officer (CIO) is responsible for all activities undertaken within the information technology department. The CIO is also responsible for developing policies that ensure the strategies developed by the management are effectively implemented. The CIO is still responsible for information assurance and making any necessary changes to the information.
Key ethical and legal considerations
There are a variety of ethical and legal considerations associated with information security, considering how the emergence of new technologies has played a significant role in providing people with new capabilities that were never available before. It is important to understand that the information technology department plays a significant role in maintaining effective management of the security of the database (Gwebu et al., 2020). The organization is responsible for making decisions on how it will store the information collected. The following are part of the critical ethical and legal considerations by the organization before collecting data:
Who are the parties with authority to access information?
What are the approaches used in accessing information?
The system administrator generally plays a significant role in ensuring the information is effectively backed up. Additionally, the system administrator should implement the appropriate measures to ensure data is not lost. It is important to understand that the data protection act primarily protects the necessary modifications made to the data assurance plans.
Components of information assurance
Part of the critical objectives of information assurance includes confidentiality, integrity, and availability. Confidentiality generally includes maintaining a specific number of people with authority to access information (Sosin, 2018). Integrity includes ensuring the data collected remains intact. Availability includes authorized individuals having the ability to access information whenever required.
Awareness is also part of information assurance. One of the most significant approaches to create awareness includes having information security sessions for all parties within the organization. It is important to understand that having such sessions is primarily considered as part of the first steps that should be used in enlightening all parties in the organization about the importance of information safety. The staff within the organization will also gain the ability to understand the processes of deleting information from the system.
Failure to Follow Guidelines
If any of the key leaders or even the employees fail at following the information assurance plan then the person at fault could be fired. In terms of keep customers or employees information secure is not met then the company as a whole can be held liable for all damages which never looks good in the public eyes.
References
Demirkan, S. et al. (2020). Blockchain technology in the future of business cyber security and accounting. Journal of Management Analytics, 7(2), 189-208.
Gwebu, K. L et al. (2020). Information security policy noncompliance: An integrative social influence model. Information Systems Journal, 30(2), 220-269.
Sosin, A. (2018). How to increase the information assurance in the information age. Journal of Defense Resources Management (JoDRM), 9(1), 45-57.
We are a professional custom writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework.
Yes. We have posted over our previous orders to display our experience. Since we have done this question before, we can also do it for you. To make sure we do it perfectly, please fill our Order Form. Filling the order form correctly will assist our team in referencing, specifications and future communication.
1. Click on the “Place order tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
2. Fill in your paper’s requirements in the "PAPER INFORMATION" section and click “PRICE CALCULATION” at the bottom to calculate your order price.
3. Fill in your paper’s academic level, deadline and the required number of pages from the drop-down menus.
4. Click “FINAL STEP” to enter your registration details and get an account with us for record keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
5. From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.
Need this assignment or any other paper?
Click here and claim 25% off
Discount code SAVE25