574 Unit#10

PMGT 574

Agile Lean Product Development

Assignment #9

Harrisburg University of Science and Technology

Submitted To: Prof.Eric B. Allen

The development of IT technology has provided valuable input to organizations. These benefits include safer methods of data storage, for example, saving data in a cloud account, effective communication between departments, and proper systems management. Despite these and other advantages associated with the development, organizations are facing threats in cyberspace. These threats include unauthorized access, hacking, phishing, and ransomware (Stallings, 2012). The course "emerging threats and countermeasures," have made me develop an insight into these threats and measures that an organization can utilize to curb these threats. The risks discussed in the course relate to the recent technology advances, for example, wireless networks, social networks, and systems management.

I am not currently employed, but the acquired knowledge and skill will provide valuable input in my future occupations. For instance, the course covered accountability and access control. As an information security manager in an organization, I will be in a position to utilize these measures to secure my organization's network, data, and property against unintended corruption. By this, I will limit the access privileges of employees to ensure that sensitive data is not exposed to many individuals who might lead to data compromise. Besides, the course explored different real-time monitoring tools, which could enable me to maintain real-time security of the organization's information system. I will be in a position to identify the prevalent attacks in the world and thus act promptly to shield my organization from those widespread attacks. This is very important as any organization may be victimized by these attacks.

Ideally, cyber threats are evolving, and thus, no prior planning could shield the organization from them. Therefore I will be able to analyze and interpret the new threats and respond to them promptly. The knowledge acquired on different secure network components, for example, the use of private networks instead of public WI-FIs, use of firewalls and proxies will enable me to identify the best method of securing the organization's data. Understanding the different policies and regulations regarding cybersecurity will allow me to work within the legal guidelines on information security. Besides, these guidelines will enable me to keep clients and the organization's data private and remotely accessible. The knowledge acquired on securing data when in use, in transit, and at rest will enable me to employ measures such as data encryption, which will be suitable in protecting information transferred through emails and other communication channels.

The concepts learn on vulnerabilities will enable me to identify the information system vulnerabilities. As a data security manager, I will be able to perform vulnerability tests that will allow me to identify possible information security threats that the organization may face. This will enable me to develop measures to avoid or minimize these threats. The course concepts will allow me to plan business continuity and recovery in case the organization is attacked. Means, for example, storing the organization's data in different cloud accounts will ensure that part of the organization data is safe in case one account is attacked. I will be in a position to conduct an impact assessment to identify to what extent the incident impacted the organization.

Having developed a clear understanding of the ethical issues regarding information security, I will be in a position to work within the outlined limits, and thus, I will not be held accountable for matters, for instance, breach of privacy, which might attract severe penalties (Chen, 2012). I will be in a position to select and train an incidence response team that will be working in conjunction with other departments within the organization to ensure the sustainable security of the system. Also, I will be able to develop a comprehensive report on the information security status of the organization. This report is essential to organization management and stakeholders when developing the firm's strategic plans.

References

Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice (pp. 978-0). Upper Saddle River, NJ, USA: Pearson Education.

Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In 2012 International Conference on Computer Science and Electronics Engineering (Vol. 1, pp. 647-651). IEEE.