1 / 1100%
The strategic planning process helps dene the company's goals and how to achieve
them. Planning is the process of establishing long-term goals, determining the directions
and constraints to guide the tactical accomplishment of these goals, and identifying the
assets and capabilities the organization needs to achieve these goals. With a clear and
concise security strategic plan, managers, employees, and executives can see what is
expected of them, focus their e!orts in the right direction, and know when their goals
have been achieved. Organizations that view strategic planning as unnecessary or
impractical are less likely to manage information risk e!ectively (Evans, 1).
Information security strategic planning can assist an organization in mitigating,
transferring, accepting, or avoiding information risk related to people, processes, and
technologies. Complying with industry standards, avoiding a damaging security incident,
maintaining the business's reputation, and supporting commitments to shareholders,
customers, partners, and suppliers are some of the benets of an adequate information
security strategic plan.
Strategic planning for information security could include the following topics:
• Specifying methodologies for design, development, and implementation.
• Identifying problems and resolving them.
• Provisioning adaptable architectures.
• Eliminating redundancy.
• Planning and managing human resources and so on (Evans, 1).
Virtualization provides clear security advantages by isolating virtual machines from
physical hardware and operating systems. Despite this, virtualization is not safe because
it makes companies that use it a target for hackers and other malicious actors. Virtual
machines are prone to viruses, malware, and ransomware attacks from infected VM
images or improperly trained users. Another risk that often a!ects VMs is bad
conguration choices, such as tolerating le sharing between VMs or leaving unused
rewall ports open. Lastly, accessing hypervisor controls via a compromised user account
can cause the failure of the entire virtual infrastructure (Atumu, 2). Therefore, strategic
planning can help mitigate the security threats associated with virtualization by putting
e!ectual policies, guidelines, and methodologies to manage and control VM lifecycle
surveillance. Also, it can utilize methods of controlling the creation, storage, and use of
VM images (No name, 3).
Sources:
1. Brian Evans. July 8, 2015. The Importance of Building an Information Security Strategic
Plan.;https://securityintelligence.com/the-importance-of-building-an-information-security-
strategic-plan/
2. Marho Atumu. December 15, 2021. Top Eight Virtualization Security Issues and
Risks.;https://www.liquidweb.com/kb/virtualization-security-issues-and-risks/
3. No name. April 2015. Best Practices for Mitigating Risks in Virtualized
Environments.;https://downloads.cloudsecurityalliance.org/whitepapers/
Best_Practices_for%20_Mitigating_Risks_Virtual_Environments_April2015_4-1-
15_GLM5.pdf
Students also viewed