Week 6 Paper
4
Week 2 Proposal
Information Assurance
Information Assurance (IA) is the practice of protecting information and information systems from unauthorized access or use. In the context of the above scenario, HME would need to put in place measures to protect its data assets from unauthorized access or use. This could include, for example, implementing access control measures to restrict access to data to authorized personnel only, and encrypting data to prevent unauthorized individuals from being able to read it (Yan et al., 2022). It is important to note that IA is not just about protecting data from external threats, but also from internal ones. For example, HME would need to ensure that its employees are aware of and adhere to data security policies and procedures, and that data is backed up in case of accidental loss or destruction.
Strategy for AI Implementation
There are a few frameworks that could be used for IA implementation, such as the NIST Cybersecurity Framework or the ISO 27001 standard. The choice of framework will depend on several factors, such as the specific needs of the organization and the resources available (Shopina et al., 2020). In general, the IA implementation process will involve conducting a risk assessment to identify vulnerabilities and threats and putting in place controls to mitigate these risks. These controls could include, for example, access control measures, data encryption, and employee training.
Risk Mitigation Strategy
The first step in mitigating risks is to identify them. In the context of the above scenario, HME would need to identify the risks associated with its data assets, such as unauthorized access or use, data breaches, and data loss. Once risks have been identified, controls can be put in place to mitigate them. As mentioned above, these controls could include access control measures, data encryption, and employee training. For example, HME would need to have an incident response plan in place in case of a data breach. This plan would outline the steps to be taken in such an event, such as notifying affected individuals and authorities, and conducting a forensic investigation.
Accrediting Body
There are several accrediting bodies that could be used to ensure that IA is embedded into organizational culture, such as the International Organization for Standardization (ISO) or the National Cyber Security Centre (NCSC). The choice of accrediting body will depend on several factors, such as the specific needs of the organization and the resources available.
Response and Disaster Recovery Plan
In the event of an intrusion or disaster, it is imperative for the company to ensure that a plan is in place on how to deal with the intrusion or disaster. This plan should outline the steps to be taken in such an event, such as notifying affected individuals and authorities, and conducting a forensic investigation. It is also important to have a disaster recovery plan in place in case of data loss. This plan would outline the steps to be taken in such an event, such as restoring data from backups, and would be tested on a regular basis to ensure that it is effective.
References
Shopina, I., Khomiakov, D., Khrystynchenko, N., Zhukov, S., & Shpenov, D. (2020). CYBERSECURITY: LEGAL AND ORGANIZATIONAL SUPPORT IN LEADING COUNTRIES, NATO AND EU STANDARDS. Journal of Security & Sustainability Issues, 9(3). https://jssidoi.org/jssi/papers/journals/pdownload/36#page=249
Yan, A., Hu, Y., Cui, J., Chen, Z., Huang, Z., Ni, T., ... & Wen, X. (2020). Information assurance through redundant design: A novel TNU error-resilient latch for harsh radiation environment. IEEE Transactions on Computers, 69(6), 789-799. https://ieeexplore.ieee.org/abstract/document/8960475/