cyber security

luckyqloo
W1D2..SN.docx
Home>Information Systems homework help>cyber security

Please respond .. 100 min word ..

The first step in conducting a risk assessment is to document what one’s assets are. Some of this is dependent on the topography of the organization’s network. One thing that is a constant is customer data. An organization will have sensitive information that must be protected. If the information is stored locally, how is the organization protecting the data from being compromised from both internal and external threats? If it is stored in the cloud, how is the hosting company protecting that data? An organization must also be up to date on the latest threats. One way to do this is through a subscription to a service that keeps track of the latest threat intelligence. Another thing that an organization must be on the watch for is vulnerabilities. An organization must have a program in place to ensure that the latest security patches are in place as well as employees are trained on the latest threats. When the threats have been identified an organization must decide the likelihood as well as the impact of a given threat. For example, if someone were to deploy some sort of ransomware that spread to the entire network vs. a brute force attempt to get to the network. One must lastly, prioritize what parts of the network are most likely to cause harm to the enterprise. If the company’s catalog is compromised vs. the customer payment information.

One must assess both the security of the data as well as the countermeasures put into place. A few things to examine would be: is the data encrypted? Is the network segmented? Are there policies in place as to who has access to what? Is there a firewall in place with Intrusion prevention and detection? This is far from a comprehensive list, but a few things that need to be examined.

Once all this information has been gathered, one must test the controls that have been put into place on a regular basis. The results must then be assessed, and new controls put into place.

 

 

 

References

Chabinsky, S. (2015). Best practices for conducting a cyber risk assessment. Retrieved from https://www.securitymagazine.com/articles/86754-best-practices-for-conducting-a-cyber-risk-assessment