Work for COMPUTER PROJECTS ONLY

profileveneco02
discussion.samples.docx

Discussion 1

Recommend three countermeasures that could enhance the information security measures of an enterprise. Justify your recommendations.

1. Upon extensive review of existing IT EBK and what new measures needed to be taken, Homeland Security came to the conclusion that a comprehensive approach information security including the steps of manage, design, implement, and evaluate would best serve to safeguard against future threats. Manage: calls for the oversight of security programs to come from the highest levels of chains of command with constant focus on “ensuring its currency with changing risk and threat” (2007, p. 9). Design: calls for analyzing a program to assess what types of “procedures and processes” will best direct its successful execution. Implement: refers to how programs and policies are instituted within the company. Evaluate: this final step calls for a final critique of the new program or policy’s successful ability to [achieve] its purpose (2007, p. 9).

2. Homeland Security also recommended a “Competency and Functional Framework for IT Workplace Development” that placed strong emphasis on a clear chain of command and communication with clear job titles and IT employee roles being placed into a group of Executive, Functional or Corollary employees (2007, p. 17).

3. The report stressed the primary role of “the IT Security Compliance Professional is . . . overseeing, evaluating, and supporting compliance issues pertinent to the organization” (Homeland Security, 2007, p.16). Thus, the report logically concluded that IT professionals must know and be able to properly define terms such as evaluation, compliance and assessment in order to properly perform their duties (p. 14).

Propose three cybersecurity benefits that could be derived from the development of a strategic governance process. Select the benefit you find most important and explain why.

The National Computing Centre points out that there are numerous benefits to having a rigorous strategic governance process in place. Among them, increased transparency and accountability which leads to an “improved transparency of IT costs, IT process, [and] IT portfolio (2005, p. 6). This increased transparency and accountability also leads to an “improved understanding of overall IT costs and their input to ROI cases” which in turn often brings about “an increased return on investment/stakeholder value” (p. 6). Finally, the authors point to the fact that with increased transparency comes increased accountability and companies avoid  “unnecessary expenditures” (p. 7).

Discussion 2

Categorize the roles described by the Information Technology Security Essential Body of Knowledge (EBK), in terms of executive, functional, and corollary competencies. Select two of these roles that you believe enhance the security countermeasures of an organization the most and justify your response.  

As mentioned previously, Homeland Security’s 2007 report emphasized the importance of properly labeling and categorizing employees working within the IT services for compliance and clear communication. Under executive branch, positions such as Chief Information Officer and IT Security Officer would be listed. Functional positions would include Digital Forensics Professional, IT Security Engineer, and IT Security Professional. Under corollary competency job titles Physical Security Professional, Privacy Professional, and Procurement Professional would appear (2007, p. 17).

It cannot be overstated how vitally important it is for all of these security professionals to work together in order for any initiative to be successful. However, every team must have a leader; therefore, the role of the Chief Information Officer is key as it is that individual’s job to oversee all other team members and see that all aspects are checked and double-checked for accuracy and efficiency, Secondly, the IT Security Professionals are the individuals with the most interaction with day-to-day issues. This makes their contribution and feedback key in continuing to enhance the security countermeasures of an organization.  

Summarize, in your own words, how the recommendations and framework of the EBK can be adapted to a specific environment. Identify a process that can be used to validate relevant application of the EBK to a specific environment.

The recommendations and framework of the EBK can be adapted to a specific environment by identifying a comprehensive process of oversight and double checks such as the one of Manage, Design, Implement, and Evaluate put forth by Homeland Security. Keeping in mind the specific goals of each company while adhering to a step-by-step, disciplined system is key.

Discussion 3

Interpret how context, scope, and feasibility influence the development of a security process, and provide an example of a security solutions development process with your response.

Context, scope and feasibility factor into the design of a security process by determining the overall scope and resources needed to complete the process. Context refers to the overall purpose and intent of the security process, as well as factors such as the overall needs the security process is designed to cover. For example, if a multimillion dollar company is designing a secure web portal for virtual transactions, such as might be hosted on a website, the context would be identified as providing security for monetary transactions conducted over the website and would need to include things like encryption methods to make sure the transmission of sensitive data, such as credit card numbers, is secure and protected (Davis & McDonagh, 2014).

The scope of a security process refers to the overall size of the process as well as how integral these processes will be for the organization. Therefore, the scope for a small and locally owned retailer might be the design of a secure but simple wifi network allowed for customer use, while a major corporation would need to invest in much more advanced security protocols, particularly if it handles monetary transactions online and has many more employees who may need to be briefed on security measures. Thus the scope of a security process can vary widely and is determined by the overall intent and needs of the organization implementing the security measures (Peltier, 2013).

Feasibility refers to the likeliness and amount of resources needed to make the security process a reality. This can include resources such as knowledge and technical know-how, work hours, and equipment costs. For a security process to be effective, it has to be realistic in its design about how much can be achieved and whether there are enough resources to make the project happen.

Analyze the design process for defining a customized security solution. Give your opinion as to which step in this design process is most significant.

In terms of importance, all three factors are essential for the design of a security process, but feasibility is perhaps the most essential because if a project is unfeasible, it will not materialize no matter the context or scope of the project.

Discussion 4

Categorize the roles described by the Information Technology Security Essential Body of Knowledge (EBK), in terms of executive, functional, and corollary competencies. Select two of these roles that you believe enhance the security countermeasures of an organization the most and justify your response. 

IT Security EBK 10 Roles are as follows:  IT Systems Operations and Maintenance Professional, IT Security Professional, Physical Security Professional, Privacy Professional, Procurement Professional, Chief Information Officer, Digital Forensics Professional Information Security Officer/Chief Security Officer, IT Security Compliance Professional, and IT Security Engineer

 The two roles that enhance the security countermeasures of an organization the most:  Physical Security professional, Privacy Professional and the third if I had to choose, would be procurement Professional.  The two roles that enhance the security countermeasures most are executive and functional roles. Executive roles are responsible for decision making over security of the information system in addition to provision of finances. Functional roles on the other hand are tasked with the ability to develop and sustain information security system.

Summarize, in your own words, how the recommendations and framework of the EBK can be adapted to a specific environment. Identify a process that can be used to validate relevant application of the EBK to a specific environment.

The process to adapt existing framework to the EBK framework, can be executed by mapping existing job titles to EBK roles, although more than one role may have to be assigned to the same EBK framework. This process is called, aligning the EBK proficiencies with organizational job requirements.

Discussion 5

Imagine you are the CIO of an organization. Construct an outline of four ongoing responsibilities that the digital forensics personnel must complete each week. Provide a possible scenario for how each responsibility may be performed to fulfill the forensics’ needs of an organization.

Digital forensic personnel have a responsibility of handling security incidents by mitigating risks to the confidentiality, integrity, and availability of organizational assets (Ab Rahman & Choo, 2015).  As many organizations follow the trend of storing information in the cloud, digital forensic personnel apply a framework containing six principles for handing security incidents—preparation, identification, containment, eradication, recovery, and follow-up—aligned with standards developed by the National Institute of Standards and Technology (NIST) and the SANS Institute (Ab Rahman & Choo, 2015).  Thirdly, digital forensics personnel have a responsibility to reduce backlogs by distilling large volumes of evidence into information useful for sustaining core organizational processes (Goodison, Davis, & Jackson, 2015).  Lastly, digital forensics personnel have a responsibility to develop more standardized certifications that, according to Goodison, Davis, and Jackson (2015) require continued education. 

Compare the responsibilities you listed above with those of an IT security professional.  Give your opinion on how responsibilities of digital forensics personnel and IT security professional are similar and in which ways are they different.  

In comparison, the responsibilities of IT security personnel differ in terms of managing infrastructures and providing support for maintaining a technological infrastructure. Management, control, and transfer of information requires that IT security personnel place significant value on blocking penetration of data architectures to protect intellectual property (Rafiee, Tabriz, & Babaei, 2016).  Both IT security and digital forensics personnel, however, demonstrate similarities in identifying organizational objectives as central to limiting vulnerabilities and threats.  Businesses and government agencies alike rely on IT security personnel to draw meaningful insights about maintaining a technological infrastructure at the organizational level (Soomro, Shah, & Ahmed, 2016).  However, digital forensics personnel offer a more thorough perspective concerning which industrial and security standards have more effective applications when implementing a physical and environmental security program.

Discussion 6

Identify three steps required for implementing a physical and environmental security program. Select one step that would be the most challenging to perform and one step that you believe is the most important for providing protection against information assets of an organization. Explain why you chose each step.  

A physical and environmental security program requires, first, a need for regular education curricula outlining public online security and promoting a culture of information security.  Here, educational curricula on information security include instructional material on developments in computer crimes and storing of sensitive data on mobile devices (Rafiee, Tabriz, & Babaei, 2016).  Secondly, a physical and environmental security program includes a commitment from senior management of an organization to uphold IT security standards.  Maintaining such commitments suggests a links between promotion of workplace behaviors guaranteeing stronger information security and improved organizational performance (Rafiee, Tabriz, & Babaei, 2016).  Lastly, an effective physical and environmental security program implies that digital forensic and IT security personnel recognize that no data architecture will provide a perfect solution in mitigating vulnerabilities and threats (Soomro, Shah, & Ahmed, 2016).  Depending on the commitments made by senior management to uphold standards of information security, programs designed to provide solutions have an opportunity of applying a holistic framework for employees at all levels to improve competency.

Suggest three security support competencies of a privacy professional that support the security strategy of an organization. Justify your suggestions.

Improvements to security support competencies should thus consider the three following recommendations.  Referring again to the holistic approach, Soomro, Shah, and Ahmed (2016) suggested that balancing technical, human, and organizational security needs will produce more effective results.  A holistic approach will likely result in stronger commitments from senior management to uphold information security standards.  Next, as noted by Ab Rahman and Choo (2015), selection of a fitting model designed to handle security incidents should draw from a process model for conducting analyses of data architectures, documenting vulnerabilities and threats, and sharing information across organizational networks.  The process model has links with a holistic approach such that digital forensics and IT security personnel communicate effectively to senior management regarding potential issues. Finally, to draw from Goodison, Davis, and Jackson (2015), improvements to the competency of digital forensics and IT personnel may draw from 34 problems, issues, and technological areas with associated needs to combine the holistic approach with a process model.  Effective integration of a holistic approach with a process model will provide organizations with a more comprehensive view of where to highlight broad and specific security needs.