InstructionsWrite a thread containing a thoughtful answer to 1 question.  Answer should  contain at least 400 words.  If necessary, you may list within your  thread any concepts on which you need

Instructions

Write a thread containing a thoughtful answer to 1 question.  Answer should  contain at least 400 words.  If necessary, you may list within your  thread any concepts on which you need further clarification as well.   Also, you must reply to at least 2 threads below.  Each reply  should contain at least 200 words.  Additionally, all posts  (thread and replies) should reflect professional writing, current APA  standards, include at least 1 scholarly reference (e.g., peer-reviewed  journal articles), and integration of at least 1 biblical principle.

Thread Question:

What is a Pen Test in regards to Information Security?(Answer in at least 400 words)

Replies(Reply to each thread in at least 200 words EACH) 

Thread #1

  Risk comparesions and contrasts  Collapse          

All of these are just steps in Risk analysis and dealing with  risks. Starting with risk treatment. This is just as how it sounds it is  the treatment of the problem. Whether it be selecting or actually doing  the treatment it all falls under this step. Unlike the rest, the  closest one to the treatment would be risk mitigation but this is more  defining the steps of how a company will treat the risk. Risk mitigation  is the most broad one because it can be connected to all of them  because it is more of a plan instead of step. Authors Chen, Sohal and  Prajogo talk about how important it is better to understand this  section, “[it is] imperative to obtain a better understanding of the  nature of risk which is a premise to developing well-grounded risk  mitigation strategies”(Chen et al., 2016). This just goes to show how  risk mitigation really falls into the process. Risk avoidance is  parallel to treatment because if you can avoid the risk from happing  then no treatment is needed and it’s a part of risk mitigation because  it can be one of the beginning strategies to try and avoid the problem.  This is close to treatment again because you are eliminating things that  can cause the risk unlike treatment where you would just be fixing the  risk. This Is very different form risk transfer and acceptance because  you shouldn’t get to those points if you have avoided it. Risk  acceptance is one of the later steps in the process but can also be at  the beginning. This is just simply accepting the risk for what it is and  what will come from it typically because the company can handle that  risk. Risk Transfer is one that any company tries to do. By transfer  risk the company can give it to someone else which is the exact opposite  of acceptance but can be apart of the treatment or the mitigation of  it. Transfer is one that can be connected to a bible verse like, “And my  God will supply every need of yours according to his riches in glory in  Christ Jesus.”(Philippians 4:19 ESV). We can compare this because God  lets us transfer all our risks onto him with our faith. In general, I  would say that all of these can be connected in some way whether it be  in a comparison or contrasting way.

Thread #2

Why are data classification systems important?

Data classification is the process of organizing data by agreed-on  categories. Thoroughly planned classification enables more efficient  use and protection of critical data across the organization and  contributes to the risk management, legal discovery and compliance  processes. To safeguard sensitive data understanding what the data is  and how it should be categorized, in terms of where the data will  reside, who can access., modify, or delete the data and understanding  the consequences if data is leaked in fundamental.

There is no one “right” way to design a data classification model  and define the data categories. In general, data classification involves  tagging data to make it easily searchable and trackable. Labeling or  marking is the process of affixing a word, symbol, or phrase on a set of  data. The purpose of labeling it o make the readers aware of the level  of classification on a set of data. It also eliminates the multiple  duplications of data, which can reduce storage and backup costs while  speeding up the search process. Handling of the data is also important.  Handling guidelines need to be developed for each level of  classification. It is important to note, depending on the type of  organization, there are regulatory requirements around how data is  managed. Requirements may vary depending on the categories of data. Each  category must include clear handing guidelines and mandated levels of  controls. There are both federal and state rules that might impact an  organization. Data classification is important for privacy. A proper  data classification allows an organization to apply appropriate controls  base on the predetermined category need. Classifying data can save time  and money because it an organization can narrow its focus on what  important and not put unnecessary controls in place.  In its simplest  form there are three-levels of data classification can be defended as  public data, internal data, and restricted data. Additional,  classifications can be applied based on data content. The levels are the  foundation the helps an organization improve its security posture by  focusing attention, workforce, and financial resources on the data most  critical to the business.

Policies and procedures should be well-defined, considerate of the  security requirements and confidentiality of data types, and  straightforward enough that are easy for employees of an organization to  understand.

The Scripture states that the Word of God should be handled  accurately, rightly dividing the Word of truth. Just as data should be  handle with care, so much more the God’s Word be handled with care.