Assignment 4

docx

School

American Military University *

*We aren’t endorsed by this school

Course

499

Subject

Communications

Date

Jan 9, 2024

Type

docx

Pages

9

Uploaded by JusticeProtonHawk376

Report
American Military University ISSC 499 December 3, 2023
1 I. Security communication plan Jean-Luc Allard (2014) stated that communication is as important to organizations as it is for any human being. He continues as it assists by providing the most accurate information to the most appropriate audience at the most advantageous time. In security management, it is undoubtedly crucial since you want people to respond appropriately. A security communication plan is defined as a framework that designates particular occasions or significant anniversaries as essential elements to share with management and internal partners.. It should contain guidelines for handling inquiries and communications, evacuation, and business continuity plans, and how to react to threats and suspicious objects or occurrences. When professionals in communication are involved early in a crisis, their contributions can help limit its negative effects and free up those responsible for crisis mitigation to carry out their duties. A communication strategy will allow staff members to obtain the most out of their security awareness training program. Ensuring that employees receive the necessary information and turn it into measurable action by implementing a comprehensive communication strategy. II. Archiving procedures. For archiving procedures, organizations can rely on the ISO/IEC 27001 framework. The ISO/IEC 27001 framework includes archiving procedures that are designed to methodically handle information resources while maintaining the confidentiality, integrity, and availability of documents and records. Defining retention periods, implementing access controls, specifying storage and retrieval methods, managing physical archives, outlining disposal procedures, and addressing backup and recovery are all important components of archiving procedures. The
2 importance of documentation, training, regular audits, and integration with risk management cannot be overstated. To adapt archiving procedures to changes in business practices, regulations, and technology, continuous improvement is encouraged. These procedures aid in the effective management of information security and compliance with regulations, laws, and company standards. In the situation we could follow the below suggestions. Emails, reports, and other security-related correspondence will be archived in compliance with the following guidelines. 1- Duration of Retention - Broad communication within the organization: 1 year - Incident reports: Up to 3 years - Legal and regulatory: As define by legal experts 2- Access Control - Information Technology staff and C suite: grant full access - Users: As to know basis - Customers and associates: As elaborated in contracts III. Approval processes for sending communications. Establishing the following approval processes is necessary to guarantee the appropriateness and integrity of security communications. Within a security communications framework, the message approval process guarantees controlled and secure information dissemination. It comprises establishing authorization levels for significant and regular communications, documenting approval standards, establishing protocols for escalation, and designating communication channels. Prioritization in the process includes information verification, timeliness, awareness, and training. The confidentiality and integrity of security communications are maintained through ongoing development, audits, and recurring evaluations of
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3 documentation. The goal is to reduce the possibility of false information, guarantee prompt and accurate communication in both routine and urgent situations, and match messages with organizational policies. IV. Legal and regulatory requirements Organizations must abide by several laws, rules, and standards in the field of information security in order to guarantee the appropriate handling and protection of sensitive data. These regulations, which are frequently based on privacy, data security, and ethical information practices principles, force organizations to protect sensitive and personal information. These regulations force organizations to protect sensitive and personal data, and they are frequently based on privacy, data security, and ethical information practices principles. We can mention the following: - Health Insurance Portability and Accountability Act (HIPAA), - General Data Protection Regulation (GDPR), and industry-specific standards like: - Payment Card Industry Data Security Standard (PCI DSS). It is mandatory for organizations to fulfill incident reporting requirements, keep track of security measure records, and follow transparency guidelines, which include articulating clear privacy policies. The legal frameworks englobe guidelines regarding confidentiality of staff information, customer protection, and intellectual property. For that reason, a thorough understanding and adherence to multiple compliance frameworks, such as ISO/IEC 27001 and NIST Cybersecurity
4 Framework, are important. To ensure that organizations avoid legal repercussions and retain stakeholder trust, effective information security management necessitates proactive efforts to stay compliant and ongoing monitoring. V. Define key terms Within the information security arena, an incident is any occurrence that puts information security and integrity at risk; this can include anything from physical device theft to cyberattacks. Respecting confidentiality, which is a fundamental principle, entails putting in place safeguards like encryption and access controls to prevent information from being accessed or disclosed by unauthorized parties. Integrity is the preservation of information accuracy using methods such as data validation and hash functions to thwart unwanted changes. Strategies like redundancy and disaster recovery planning are necessary to ensure that information and systems are available when needed and to minimize downtime. Risk refers to the possibility of damage brought about by threat agents/ cyber criminals taking advantage of system vulnerabilities. It calls for methodical risk management assessment. Information assets may be exposed to risks which include both internal and external factors. This highlights the significance of threat awareness in risk management. Proactive risk management looks for and fixes vulnerabilities that are present in security measures put in place. While authorization presents permissions based on identities that have been verified, authentication therefore is the process of confirming identity in order to guarantee secure access. By using encryption, information can be hidden from personnel that do not have the right privilege or permission to access it. Encryption helps preserve confidentiality. Firewalls monitor and manage traffic and act as barriers to network security.
5 Patches and regular software updates fix vulnerabilities. Social engineering is the practice of psychologically manipulating people in order to collect information they are not willingly exposing. Zero-day vulnerabilities present a serious risk since they could be used before vendors become aware of them, and fixes become available, which makes them desirable among the cybersecurity community. VI. Define severity levels and message types Howard, (2018) “ These messages relay important communication to the user regarding the operation's timing, its parameters, how the operation is generally progressing, alerts on problematic events, and instances when the operation stops working”. Severity Description Message sort - Notifications that are instructive General details regarding the tool's operation, such as the start and stop times Instant message, text messages - Warning, - emergencies - Messages Display of problematic events if a tool malfunctions. For instance, selecting the incorrect setting will trigger a warning message. Instant message, text messages - Error, - important notification, - Messages Indicates whether a tool is prevented from executing a process by another critical Instant message and a test message
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
6 event or by invalid parameters being set. Diagram
7 VII. Conclusion In conclusion, a methodical and adaptable approach to incident management requires the definition of severity levels and message types within a security communications plan. Based on the urgency and possible harm of incidents, severity levels offer an organized framework that directs resource allocation and responses, from low-severity problems to critical situations needing immediate attention. In addition, throughout the incident lifecycle, the defined message types of alerts, advisories, incident notifications, and status updates ensure focused and unambiguous communication. Through post-incident analyses, this strategic integration supports ongoing improvement in addition to efficient incident response. Public relations and educational campaigns also help to sustain open lines of communication with external stakeholders and cultivate an internal security-aware culture. References Allard, J. (2014, October 27). ISO 27001 Communication Plan – How to create a good one . 27001Academy. https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a- communication-plan-according-to-iso-27001/ Shibboleth Authentication Request . (n.d.). https://faulkner-com.ezproxy2.apus.edu/securitymgmt/creating-a-long-term-security- plan/ Dedicated channels, official communications, or secure portals. Associates End users IT personnel executives Notifications sent by email or through corporate messaging systems. Clear lines of communication and cooperative resources. Secure messaging apps or email.
8 Howard, M. M. (2018).   Electronic communications Platform. U.S. Patent Application No. 15/612,482 .
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Week 3 Journal Personal Learning Strategies.docx
Week 2- Intentional Learning. Elijah Droz.docx
Manvi Sharma - Magpies.docx
King Lear Act 1 Questions.docx
Week 5 Assignment PIO Communications.docx
PhoebeWallace20819781-Assessment 1 EDC121.docx
HPF209_Assessment 1 Brief_Essay_Module 3.1_SM_HC_DK_HC_SM_HC_28042019.pdf
About ePortfolios.pdf
D253 task 1.docx
Responding to Children with Thoughtful Practice.docx
If you were a child.docx
BSBXCM301_AE_CS2of3- Melinda Thomas.docx