StudyDaddy Article Writing The CEO asks you to explain the core principles of enterprise security and respond to five strategic objectives as part of the overall enterprise system security plan draft. They are: o Data-loss prev

The CEO asks you to explain the core principles of enterprise security and respond to five strategic objectives as part of the overall enterprise system security plan draft. They are: o Data-loss prev

Running head: ENTERPRISE SECURITY PLAN

0

Enterprise Security Plan

Enterprise Security Plan

Enterprise security is a strategy for reducing the risk of unauthorized access to information technology systems and data. It is one the cornerstones of operation and success for our organization, it allows for high availability and reliability of our people, facilities, and information systems. This security plan is to assure that the three information security tenets: availability, integrity and confidentiality (CIA triad) are properly evaluated and implemented. The CIA triad is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.

The goal of this security plan is to ensure that Auburn Regional not only meets regulatory requirements but exceeds them while at the same time ensuring that our organization does not fall victim to vulnerabilities that can be exploited by malicious code or acts of behavior by employees. This enterprise security plan will be the foundation of policy development throughout our organization to be enforced throughout of its entirety. With that being said it should be reviewed and updated on a yearly basis to ensure that Auburn Regional stays current with newly developed and recognized practices

Risk Management

Of all of the key components that will be covered in this security plan the topic of risk management is the foundation in which we must build upon. Risk management is the forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact. We will apply the risk management plan in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 Managing Information Security Risk. This voluntary Framework consists of standards, guidelines, and best practices to manage cyber security-related risk. The Cyber security framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. It is important that we evaluate what the top 25 risks to the organization that we feel will impact the organization the most and work at identifying a plan of action and milestone program to track the mitigations of all the risks. Our focus will be risk centered on internal, external, theft, cloud computing, social medial and mobile devices. In 2012 a Data Breach Investigations report states: 97% of breaches were avoidable through intermediate controls; 96% of attacks were not highly difficult; and 94% of all data compromised involved servers.

Data Management

Data management is an administrative process that includes acquiring, validating, storing, protecting, and processing required data to ensure the accessibility, reliability, and timeliness of the data for its users. Data is the foundation of a business’ information, knowledge, and ultimately the wisdom for correct decisions and actions. If this data is relevant, complete, accurate, meaningful, and actionable, it will help in the growth of the organization. If not, it can prove to be a useless and even harmful asset. By properly managing Auburn Regional’s data we can assure the safety of our customers’ data from internal and external sources. This leads to the next topic for our plan.

Data Loss Prevention

Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure data and comply with regulations.

The DLP term refers to defending organizations against both data loss and data leakage prevention. Data loss refers to an event in which important data is lost to the enterprise, such as in a ransomware attack. Data loss prevention focuses on preventing illicit transfer of data outside organizational boundaries. Many tools can be used to prevent data loss such as firewalls, intrusion detection systems, antivirus software, and security operation systems tooling.

Access Controls

Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data, access control is a selective restriction of access to data. Authentication and authorization are the two main components of access control. Authentication is a technique used to verify that someone is who they claim to be, authentication isn’t sufficient by itself to protect data. Authorization is whether a user should be allowed to access the data or make the transaction they’re attempting. By properly deploying and managing access controls we can add yet another layer protection to our information systems further insulating our data.

Cloud Technology

Cloud computing is a general term for anything that involves delivering hosted services over the Internet. A cloud service has three distinct characteristics that differentiate it from traditional web hosting. It is sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider. Security remains a primary concern for any organization contemplating cloud adoption and even more so with public cloud adoption. Access to public cloud storage and compute resources is guarded by account login credentials and the addition of data encryption and various identity and access management tools has improved security within the public cloud.

References

Martin, J. A. (2018, February 05). What is access control? A key component of data security. Retrieved July 8, 2019, from https://www.csoonline.com/article/3251714/what-is-access-control-a-key-component-of-data-security.html

The Importance Of Data Management In Companies. (2019, March 12). Retrieved July 8, 2019, from https://www.ringlead.com/blog/the-importance-of-data-management-in-companies/

What is cloud computing? - Definition from WhatIs.com. (n.d.). Retrieved July 8, 2019, from https://searchcloudcomputing.techtarget.com/definition/cloud-computing

What is Data Loss Prevention (DLP): Data Leakage Mitigation: Imperva. (n.d.). Retrieved July 8, 2019, from https://www.imperva.com/learn/data-security/data-loss-prevention-dlp/

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!