Week 6 Paper

profileMrTooGood
Week2Proposal.docx

4

Week 2 Proposal

Information Assurance

Information Assurance (IA) is the practice of protecting information and information systems from unauthorized access or use. In the context of the above scenario, HME would need to put in place measures to protect its data assets from unauthorized access or use. This could include, for example, implementing access control measures to restrict access to data to authorized personnel only, and encrypting data to prevent unauthorized individuals from being able to read it (Yan et al., 2022). It is important to note that IA is not just about protecting data from external threats, but also from internal ones. For example, HME would need to ensure that its employees are aware of and adhere to data security policies and procedures, and that data is backed up in case of accidental loss or destruction.

Strategy for AI Implementation

There are a few frameworks that could be used for IA implementation, such as the NIST Cybersecurity Framework or the ISO 27001 standard. The choice of framework will depend on several factors, such as the specific needs of the organization and the resources available (Shopina et al., 2020). In general, the IA implementation process will involve conducting a risk assessment to identify vulnerabilities and threats and putting in place controls to mitigate these risks. These controls could include, for example, access control measures, data encryption, and employee training.

Risk Mitigation Strategy

The first step in mitigating risks is to identify them. In the context of the above scenario, HME would need to identify the risks associated with its data assets, such as unauthorized access or use, data breaches, and data loss. Once risks have been identified, controls can be put in place to mitigate them. As mentioned above, these controls could include access control measures, data encryption, and employee training. For example, HME would need to have an incident response plan in place in case of a data breach. This plan would outline the steps to be taken in such an event, such as notifying affected individuals and authorities, and conducting a forensic investigation.

Accrediting Body

There are several accrediting bodies that could be used to ensure that IA is embedded into organizational culture, such as the International Organization for Standardization (ISO) or the National Cyber Security Centre (NCSC). The choice of accrediting body will depend on several factors, such as the specific needs of the organization and the resources available.

Response and Disaster Recovery Plan

In the event of an intrusion or disaster, it is imperative for the company to ensure that a plan is in place on how to deal with the intrusion or disaster. This plan should outline the steps to be taken in such an event, such as notifying affected individuals and authorities, and conducting a forensic investigation. It is also important to have a disaster recovery plan in place in case of data loss. This plan would outline the steps to be taken in such an event, such as restoring data from backups, and would be tested on a regular basis to ensure that it is effective.

References

Shopina, I., Khomiakov, D., Khrystynchenko, N., Zhukov, S., & Shpenov, D. (2020). CYBERSECURITY: LEGAL AND ORGANIZATIONAL SUPPORT IN LEADING COUNTRIES, NATO AND EU STANDARDS.  Journal of Security & Sustainability Issues9(3). https://jssidoi.org/jssi/papers/journals/pdownload/36#page=249

Yan, A., Hu, Y., Cui, J., Chen, Z., Huang, Z., Ni, T., ... & Wen, X. (2020). Information assurance through redundant design: A novel TNU error-resilient latch for harsh radiation environment.  IEEE Transactions on Computers69(6), 789-799. https://ieeexplore.ieee.org/abstract/document/8960475/