Corey's Homewk 6

5

Part B: Policies, Plans, and Risks

Policies and Security Plans

The security plans and policies are important for guiding how organizations information are safe from an authorized access. This policies and plans are designed for organization employees and guide the on what is needed of when using organization information technology infrastructure. The security polices lists and describe all the rules that these employees need to follow in an organization. On the other hand, the security plan stipulates the details on how the users implement the security policies (Lewis, 2017).

One of the concerns raised is the upload of video without the consent of the organization management as well as the creators. Therefore, one of the security policies is one state explicitly when one need to upload the videos from the organizations webcam mounted on the slopes.

The security plan will outline the policy implementation in the company. Devil’s Canyon guests will be required to sign the agreement in order to organization’s resources. The agreements form is an agreement that explains that guest can use and upload pictures and videos coming off the web cam. The policy will be critical when it comes to lawsuits that guest presents when they do not want their content to appear in the organization’s internet.

Devil’s Canyon Security Roles and Safeguards

The security plans that the Devil’s Canyon will implement will be critical in addressing the security roles and safeguards. The security role as per the plans will defines the users of the systems and their levels of access. This practice is critical for identifying users or guest in different levels and their roles explicitly. The organization will also create roles and explicitly state the individuals who will get access to the organization’s data. The organizations categorize the safeguards in two forms: human and physical safeguards (Lewis, 2017). Devil’s Canyon will define and assign human safeguards with the aim of preventing the human-originating security malpractices. On the other the physical safeguards will define those forms that will be needed to protect the system’s user’s rights, which include their information and other personal content such as their pictures and videos. The organization will let the users of the presents of webcam and the posting of their information in other sites such as social media.

Security Risks and Threats

Most organization have had to suffer much from the security risk and threats. Most of the threat and risk happening in the organization target the most crucial resource: data. Devil’s Canyon will ensure that there are minimal risks; therefore, the organization will few loopholes of security risk (McIlwraith, 2021). The organization will create action plan to cover its defenses. The following are five possible security risk that the company is anticipated to face:

1. The systems failure that could happen both internally and external and that have possibility of creating vulnerabilities that cyber criminals’ can exploit to access organization’s critical information.

2. Unclear Security compliance that does not explicitly state how it can offer security protection in the organization.

3. Missing cyber security policy that guides guest and users on how to safeguard their information and the organizational information from illegal and an authorized access by the cyber criminals (Routledge et al., 2017).

Human errors that come with lack of knowledge on how to protect the users’ information and sometimes some of the employees aid criminal activities by helping attackers access important information in the organization (Tabrizchi, & Kuchaki, 2020).

4. Missing incident response and recovery plan. The organization should have incident response and recovery plans put in place. The plans should state explicitly how an organization response to incidences that could lead the organization into exposing it critical information or incidence that could create loopholes that cyber criminals could exploit.

Conclusion

Devil’s Canyon is very cognizant of the information security and takes the matter to ensures that organizational information is safeguarded. The organization has ensured that there is a guaranteed security for the users’ critical contents valuable to other non-authorized individuals. It plans to ensures that users are protected from any type of threat and risk that could leak or expose users’ information to adversaries. Therefore, it has planned on implementing security plans and safeguards. Also, it has put in place incidence response and recovery plans that will guard and protect information resources minimizing information security risks and threats.

References

Lewis, K. (2017). Security Policies and Plans Development. In Computer and Information Security Handbook (pp. 565-570). Morgan Kaufmann.

McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness.

Routledge.Williams, T. A., Gruber, D. A., Sutcliffe, K. M., Shepherd, D. A., & Zhao, E. Y. (2017). Organizational response to adversity: Fusing crisis management and resilience research streams. Academy of Management Annals, 11(2), 733-769.

Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing, 76(12), 9493-9532.