Best ICT205 Cyber Security Assignment Sample
Introduction
A security plan leads to the creation of guidelines for ensuring an organization’s safety from various sorts of threats and risks that might come about as a consequence of the evolving technologies as well as the needs of the businesses around the world.
The essentiality of the downloading and the publishing to the appropriate external entities and must be communicated in an effective manner to the workers as well.
The aspect of security is highly complex and it constitutes several different aspects out of the existing factors there also are a few other aspects that are required to be present at all times in order to make sure that a certain organization or establishment is safe at all times.
The other aspects could be integrated at a later time as and when the necessity arises. All of these factors come together for the formulation of a security plan which is foolproof for any given establishment.
For ensuring that a particular security plan is effective and efficient, it is highly important that the plan is implemented at the inter – organizational, organizational as well as the individual levels.
An effective security plan comprises of the policies which safeguard all the various different business assets which include the electronic, human or the physical assets.
Security planning has been seen to be either non – existent or either heavily lacking in seriousness and depth in many of the organizations today.
They issue is often ignored and the need for an effective security system is often realized only after a company has incurred a heavy loss owing to a breach in the security.
2.1 Need for Security Plan
For protecting the most important organizational resources, it is highly essential that an establishment takes care of the national as well as the state security measures and this makes security planning a very important consideration.
Security planning is also required for the safety and health of the public as well as for the economic growth and prosperity. It is also needed such that everyone can ensure his or her smooth livelihood.
3 Security Plan
3.1 Risk Analysis
Described below are the various holdings of the establishment which could be at risk:
3.1.1 Physical Holdings
The assets of a business establishment are, in general, referred to as the physical holdings which are always at a constant risk.
Hence, it is the responsibility of the contractors, the consultants as well as the employees to safeguard the non – tangible as well as the tangible assets of that establishment.
Damages might include risks to the office building from accidental fire or earthquakes, to other electronic gadgets such as the vending machines, the air conditioners, printers, desktops, laptops among others (Alexander, 2008).http://Best ICT205 Cyber Security Assignment Sample
3.1.2 Human Holdings
These basically include the contractors, the management as well as the staff who are working or are connected to the establishment.
In this particular case, the human holdings are the 1000 human personnel who are working for the organization throughout the hierarchical structure from the CEO to the peon.
3.1.3 Electronic Holdings
These include all the electronic machineries which the company possesses along with all the intangible data.
A lot of the establishments are attempting to go paperless which gives rise to the risk of hackers hacking into the classified sites of the establishment.
3.2 Threat Analysis
3.2.1 Physical Threats
Majorly the physical threats are connected to the natural calamities or the accidents which physically harm an organization’s properties and hence cause in disruption in an organization’s usual working conditions.
This might be inclusive of internal and external fire, external and internal flooding, typhoons, tidal waves, earthquakes, volcanic eruptions and earthquake.
If the establishment is situated close to an ocean or a sea then there are greater chances that the establishment would be affected as a result of external or internal flooding or even by the tidal waves.
Physical threats could include accidents, natural disasters or attacks which cause harm to the organization’s physical holdings. Hence, a security plan becomes very necessary in determining the risks which an establishment might have to face in future (Peek-Asa, 2017).http://Best ICT205 Cyber Security Assignment Sample
3.2.2 Electronic Threats
These are also referred to as technical threats as fluctuations or failure in the power supply might essentially result in damages to the electronic components. The failure in air conditioning, ventilation as well as excessive heating might also be treated as an electronic threat.
If such issues are not taken note of then they might cause significant amount of trouble to the establishment in the future. Several other problems in this regard could also be the failure or the malfunctioning of the CPU which might put an organization’s electronic database at risk.
Other such threats include failure in communications or telecommunications, nuclear fallouts, gas leaks among others.
4 Security Countermeasures
There are a lot of different aspects that need to be incorporated under an effective security plan for it to be useful and also for countering the various risks. These have been discussed as under:
4.1 Physical Countermeasures
These are the most vital security measures that are undertaken in order to protect an organization’s physical assets.
The protection of the assets, nonetheless, need to be noted during the stage of recruitment itself and must be monitored effectively when the person is employed under the establishment.
It has to be the duty of the consultants, the contractors and the employees to safeguard the non – tangible as well as the tangible assets of the establishment against all destructions and harms.
In the situations of any suspected or real threat to the assets of the company, an employee must report to their respective manager prior to that turning into a larger security threat. An establishment could safeguard the physical assets of the organization by enhancing the off – site back – ups or the back – ups.
The concept of a hot site or a cold site could also be implemented. The establishment must also have a theft prevention mechanism in place. This could be done by making use of the electronic cards, locks or guards for preventing access to the company’s physical properties (Van, 2017).http://Best ICT205 Cyber Security Assignment Sample
4.2 Human Countermeasures
Incident management is what the workers need to understand and must be provided extensive training regarding the management of the incidents. The reaction and the prevention protocols need to be harnessed within the establishment.
The employees need to be effectively trained and those could include teaching them about the natural disasters which occur in a way that they could be well – prepared prior to counter such happenings.
The employees must also have the skill of handling sexual attacks or personal injuries. The establishment must take them out on field trips or conduct workshops and give them the required amount of knowledge regarding land – mines among others.
The management as well as the employees need to be taught reaction protocols such as psychological and medical emergency situations. They also need to be trained in fire safety with the help of safety drills or mock drills (Wilson & Hash, 2003).http://Best ICT205 Cyber Security Assignment Sample
Also, during the human counter – measures, the families of the employees and the employees themselves might be subjected to threats and hence they must be adequately insured and trained well in the self – defense mechanisms.
4.3 Electronic Countermeasures
Since a majority of the sensitive information, the planning schemes and strategies of establishments are stored in an electronic format by the businesses, electronic theft have become a common form of theft these days.
Hence, it has turned very much essential for business establishments to direction efforts towards electronic countermeasures.
If an establishment is inadequate in keeping its content password protected, then sanitizing of the data becomes imperative meaning that the information must be entirely erased with the help of appropriate techniques of disposal.
In order to sanities data, simply deleting or erasing the content is not enough but the information will have to be over – written ample number of times in order to dispose it off effectively.
5 Training
The policies and the measures which will be prepared by the establishment will have to be tested repeatedly with the help of mock dills and this would assist the workers in understanding how the physical assets must be safeguarded and how the calamities and the natural disasters must be countered.
The employees should, furthermore, be taken out on land – mine trainings as well as on field trainings and this would help them in effectively gauging the potential risks involved (Basham and Rosado, 2005).http://Best ICT205 Cyber Security Assignment Sample
For ensuring that the workers are well acquainted with the information security processes and policies, they must be trained effectively regarding the processes and security requirements which are specific to their jobs.
They should also be taught about the proper use of the IT systems.
Moreover, the contractors and the employees could be taught newer security steps once every single year.
This would help them in inculcating the best defense techniques as well. The aspect of internal attack risks must also have to be assessed by carrying out employees’ background check.
6 Security Policy
An efficient security system needs to be built by framing a security infrastructure policy. A security plan must be one in which the programmed and the policies protect not just the organizational assets but also the environment surrounding the establishment, the community as well as the employees.
It must be developed in a way such that all the chances of security breaches are either diminished or completely removed. The participation of the employees must also be given due attention.
An effective security infrastructure must be built by the creation of an effective policy of security infrastructure and those include account management policy and security training policy (Thomas et al, 2012).http://Best ICT205 Cyber Security Assignment Sample
Provided below is a security plan with the required countermeasures of managing and addressing the threats:
- Coming up with an authorization, identification and authentication policy would assist in providing a restricted access to a handful of the people who are authenticated only with by identity verification.
- The workers could be provided electronic key cards for accessing the data or for entering the office.
- The policies for the protection of data would provide greater security particularly to the data which is sensitive and for this reason the system based mechanisms could be recommended for protecting the data.
- The policies for physical access such as providing access to the areas which are restricted to a handful of few people in the upper management as well as providing proper identification cards would assist in securing and upholding the organization’s security as well as the classified information.
- The Incident Response Policy would teach the employees in managing all sorts of difficult circumstances that might arise while maintaining composure.
7 Conclusion
Therefore, by effectively utilizing the information security plan that has been mentioned above and also by effectively training and spreading awareness among the workers, the establishment would be able to avoid a lot of the risks and the dangers.
The department of technology must also keep up with the developing establishment and must also utilize the security plan across all levels of the establishment.
References
Alexander, G., Cromwell, P., Dotson, P. (2008), Crime and incivilities in libraries: situational crime prevention strategies for thwarting biblio-bandits and problem patrons, Security Journal, Vol.21(3), pp. 147-158.
Basham, M., Rosado, AL. (2005), A Qualitative Analysis of Computer Security Education and Training in the United States: An Implementation Plan for St. Petersburg College, Journal of Security Education, Vol.1(2-3), pp. 81-116.
Kebbel-Wyen, J. (2016), 4 Steps to successful security training, Risk Management, Vol. 63(8), p. 14(2).
Peek-Asa, C., Casteel, C., Rugala, E., Holbrook, C., Bixler, D., Ramirez, M. (2017), The threat management assessment and response model: A conceptual plan for threat management and training, Security Journal, Vol.30(3), pp. 940-950.
Thomas, W.S., Babb, D., Spillan, J.E. (2012), The Impact of a Focus on Change in Technology in Successful Implementation of SAP Enterprise Resource Planning Systems in North and South America, Journal of Management Policy and Practice, Vol.13(5), pp. 19-34.
Van, A.A. (2017), How to develop a vital program project plan, Information Management, Vol.51(6), pp. 33-36.
Wilson, M., Hash, J. (2003), Building an Information Technology Security Awareness and Training Program, viewed on 25th September, 2019, retrieved from https://www.crowell.com/files/nist-800-50.pdf
Know more about UniqueSubmission’s other writing services: