Assessment Description: The main objective of information security frameworks is to lower the level of risk, reducing the possibility of a vulnerability and making the company more secure. The framewo

Evaluating Cyber Security Protection Protocols

Institutional Affiliation:

Instructor’s Name:

Student’s Name:

Course Code:

Identify gaps when security measures fail, challenges and opportunities for improvement by conducting a thorough audit.

For an organization to identify the gaps facilitated by failure challenges and opportunities of its security policies, the organizations need to conduct a thorough audit of the security policies set. Conducting a thorough audit can be crucial in identifying the effectiveness of the existing security policies thus identifying the areas that needs to be improved in the security measures of the organization. Some of the gaps that can be identified by conducting a thorough audit include;

Technical gaps:

Technical gaps are associated with wrong implementation and configuration of security measures such as antivirus programs, firewalls, and intrusion detection system. If the systems are not well implemented, they can be easily exploited leading to unauthorized access to the systems.

Policy gaps:

Policy gaps are associated with implementation of strong security policies and procedures such as using effective passwords management, and access control. if these policies are not well configured, they can lead to security breach, incurring losses to the organization.

Personnel gaps:

Personnel gaps are associated with lack of creating effective awareness training to employees leading to security failure as intruders can use social engineering attacks and phishing attacks to harvest details of an employee, gaining unauthorized access, thus compromising security.

Monitoring gaps:

Monitoring gaps are associated with checking the security events of the system checking the files accessed and which computer they were accessed from. Insufficient log retention can be associated with internal security risks which can impact data stored in the systems and access control. (Nasser, 2017)

Compliance gaps:

compliance gaps are associated with the regulations and standards that have been set to regulate the industry. Non-compliance can lead to data loses thus making an organization to lose its reputation.

After finding the gaps in the systems, the opportunities for improvement can be used in analyzing the main causes of these gaps and how better security controls can be implemented to harden the security controls. Some of the measures that can be taken to enhance security measures include improving system configurations, creating awareness amongst employees, and improving monitoring mechanisms such as system logs. Improving the security measures can allow organization to improve their security policies, thus reducing risks associated with security breaches.

The concepts of privacy and the effects of internet on privacy.

The privacy concepts on the internet can be described as the principles and practices that has been set to protect availability of personal information that is available in the internet. Some of the concepts that are available in the internet to promote data security include data privacy, privacy policies, and privacy standards. These concepts regulate the information that people can share in the internet, thus maintaining confidentiality, and integrity of a person’s data. The effects of the internet in privacy include; increased data collection of personal information, oversharing on social media, increased government surveillance and also cybercrime as a result of data breach. (Kang et al. 2015)

Identify industry-specific cyber laws in relation to inquiries and incidents of obtaining data and evidence.

The industry-specific cyber laws are the laws that have been passed with an aim of protecting sensitive information to ensure that evidence that is associated with a cybercrime is reported in the most effective and privacy manner and will allow prosecution of the cyber criminals. Some of the laws that have been passed to obtain data and evidence include;

Computer fraud and abuse act (CFAA) which is responsible of criminalizing unauthorized access to computer systems and a cyber incident and organizations are required to comply with this law to meet the requirements of the law enforcement agents. Electronic communication privacy act (ECPA) which allows law enforcement agents to intercept electronic communications in case of a cyber incident and organizations are required to comply with electronic communication and privacy act in disclosing electronic communications. The payment card industry data security standard (PCI-DSS) law has been set to govern storage of data processing and transmission of credit card information thus allowing in the process of identifying the security breach. (Harichandran et al. 2016)

Access the critical information infrastructure and determine configurations of logical control, physical controls, data storage, encryption, switches, servers, firewalls, routers, and hubs to be compliant

A critical system infrastructure should be composed of both physical and logical security systems to protect data from theft as it can lead to issues associated with confidentiality, integrity and availability of information. Logical security controls include routers, firewalls, and routers which should always be well configured to maximize data confidentiality and availability. Physical assets include computer hardware such as hard drives, and surveillance cameras that are used for software installation thus allowing them to achieve various tasks for everyday activities.

Data storage and encryption are the storages that are using in storing information associated with the information of the company which should be always available for easy retrieval. Data storages should always be encrypted to maximize privacy to the resources of an organization. Servers should be well configured with access control and effective access policies thus preventing unauthorized access of the resources of the critical infrastructure.

Firewalls should be well configured to monitor the traffic coming in and out of the organization and block suspicious traffic as if would affect the resources of the infrastructure. Routers can protect the critical infrastructure by facilitating access control thus determining the level of control of each device in the internet. Routers can be configured with virtual private networks (VPN) to connect security to the infrastructure thus minimizing security risks. Hubs can be used in segmenting the network of the infrastructure thus reducing the level of the breach after an attack.

V. Identify key auditable elements that would help in determining the current state of the organizations cybersecurity postures and explain the relevance of each element.

Access control policies:

these are to security policies provides the rules and guidelines on structuring who can access various data thus helping to maintain both data security and data governance in various organizations. These rules can be used in protecting information based on policies and rules meeting the needs of information security.

Security policies and standards:

these are rules guidelines and best practices that defines how organizations should protect their computing systems to prevent unauthorized access of data which can lead to both theft and damage. (Newhouse et al. 2017)

Authentication and authorization:

these elements by identifying the users tries to access the systems and determines the users who they are to provide with access and the users who they are to prevent thus protecting computers against unauthorized access and theft of information.

Intrusion detection systems:

these systems are preconfigured with policies thus creates guidelines on what they are to approve and what they are to reject thus helping the systems to meet their requirements. These is crucial in preventing unauthorized access to the information systems.

Risk assessment and management:

These tools are used in assessing the risk of an organization to be associated with cyber threat, vulnerabilities associated with the organization and the strategies that can be used in mitigating the risks.

Incidence response plan:

This is a document that is composed of procedures that outlines how organization will manage an incident associated with data breach in the organization. The incident response plan can be used in detecting, containing, mitigating, and recovering data in case a data breach is experienced in an organization.

Virtual private network:

these components work by encrypting data that is transmitted from the organization thus preventing security incidents which could be achieved from attacks such as man in the middle, eaves dropping and among others. (Newhouse et al. 2017)

Network intrusion response:

these are systems that are designed to monitor unauthorized activities in the network they are capable of blocking and flagging suspicious protocols thus allowing the security teams to monitor the traffic preventing breaches that might come through the network.

Data encryption Protocols:

this is the use of passwords to protect data from being accessed by unauthorized individuals in the organization. There are different types of data encryptions and security teams are required to select the most effective method depending on the information to be protected

Security controls:

security controls are composed of both technical and administrative control tools that are used in protecting the assets of the organization. Security controls includes tools like firewalls, intrusion detection systems and security monitoring tools.

Legal elements and liabilities industries may face due to non-compliance.

Non-compliance is associated with failure of fulfilling the needs of regulations, policies and standards and they are associated with serious impacts to an organization. Companies often face non-compliance issues due to trade infringement, copyright infringement, lack of adhering to acts associated with data protection and also breaching the terms stated in the contract. Legal elements and liabilities that an industry might face due to lack of compliance include fines and penalties, remediations, and reputational damage which would lead to lack of business to the company. (Bauer et al 2017)

Reference:

Nasser, A. (2017). Information security gap analysis based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Graduate Studies Sana’a Yemen. Int. J. Sci. Res. in Multidisciplinary Studies Vol, 3(11).

Kang, R., Dabbish, L., Fruchter, N., & Kiesler, S. (2015, July). my data just goes everywhere:” user mental models of the internet and implications for privacy and security. In Eleventh Symposium on Usable Privacy and Security (SOUPS 2015) (pp. 39-52).

Harichandran, V. S., Breitinger, F., Baggili, I., & Marrington, A. (2016). Cyber forensics needs analysis survey: Revisiting the domain's needs a decade later. Computers & Security, 57, 1-13.

Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. NIST special publication, 800(2017), 181.

Bauer, S., Bernroider, E. W., & Chudzikowski, K. (2017). Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banks. computers & security, 68, 145-159.