Information Security Management Models
docx
keyboard_arrow_up
School
Grand Canyon University *
*We aren’t endorsed by this school
Course
CYB-535
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
4
Uploaded by MateHippopotamus7681
Company Description:
Mission Statement
:
ABC Information center is committed to offering dependable and creative solutions that enable organizations to accomplish their objectives. Our mission is to create enduring relationships based on mutual success, trust, and honesty by providing outstanding customer service.
Web Applications
:
A variety of web apps are available from ABC Information centers, with the goal of improving efficiency and streamlining business operations. These apps consist of a cloud-based file sharing system, project management tools, customer relationship management (CRM) software, and an e-commerce
platform.
Servers
:
ABC Information centers keeps up a strong server infrastructure to guarantee our web apps and
data storage run smoothly. Hosted in a secure data center, we have both virtual and physical servers. These servers have regular backups to prevent data loss, redundant power sources, and RAID configurations for data redundancy.
Departments
: ABC Information centers employs a number of departments to efficiently oversee our business operations and provide top-notch services. These divisions consist of:
Development: In charge of the planning, creation, and upkeep of our online apps.
Sales and Marketing: Main goals include advertising our products, bringing in new business, and maintaining connections with existing clients.
Customer Support: Assists clients with technical problems and guarantees their pleasure by providing support and help.
Operations: Manages the day-to-day activities of the business, including security, compliance, and infrastructure management.
Routers and switches
: To enable dependable and effective communication, our network architecture is based on a combination of routers and switches. Our internal network is connected to the internet via routers, which makes it possible to access our web applications and other online resources
Remote Access
: ABC Information provides its staff members safe remote access. Permitted workers can safely connect to our internal network and use company resources, such as shared drives, files, and apps, by using a virtual private network (VPN). Wireless Communication:
The operations of our organization rely heavily on wireless communication. Our office has a secure wifi network installed throughout, so staff members may easily connect their devices. To protect the integrity and confidentiality of wireless connections, we use robust encryption techniques like WPA2-Enterprise.
Firewalls:
ABC Information centers uses firewalls at several entrance points to protect our network from illegal access and potential cyber threats.We reduce the possibility of unwanted access and safeguard our internal resources by putting a tiered firewall strategy into place.
Demilitarized Zone (DMZ):
ABC Information centers uses a demilitarized zone (DMZ) architecture to add
an extra degree of security. Hosting services like our web apps that are accessible to the general public, the DMZ serves as a buffer zone between our internal network and the public internet. I would implement the NIST CSF's essential security measures in my company by:
Create a Governance framework
: To start, draft a governance framework outlining the organizational roles and responsibilities for information security management. This entails appointing a cross-functional group in charge of putting the NIST Cybersecurity Framework (CSF) into practice and organizing activities
amongst several departments.
Conduct a Risk Assessment
: To determine the present and future risks to information security, conduct a thorough risk assessment. Threats from the outside as well as the inside, weaknesses, and possible
effects should all be taken into account. The risk assessment will function as the foundation for allocating resources and setting security activity priorities.
Create Security Awareness and Training Programs:
Design a continuous program to teach staff members about information security rules, procedures, and best practices. Frequent awareness campaigns, training sessions, and simulated phishing exercises can all support the development of a security-conscious culture and strengthen security awareness.
Implement Access Control Mechanisms
: Put strong access restrictions in place to guarantee that only people with permission can access sensitive data. Strong authentication procedures, role-based access controls, the least privilege principle, and frequent evaluations of user access privileges are all necessary for this.
Create an Incident Response Plan
: Set out what actions should be done in case of a security incident in
your incident response plan. Procedures for spotting, handling, containing, and recovering from security issues should all be part of this strategy. Make sure the plan is working by testing and updating it frequently.
Determining Current/Recent Risks or Dominant Threat Categories:
This assessment may include: 1. Examining threat intelligence reports from reliable providers. 2. Keeping an eye on industry-specific venues for collaboration and information sharing. 3. Examining security event and breach reports pertaining to businesses in comparable industries. 4. Participating in cybersecurity communities, conferences, and forums. 5. Carrying out internal audits and evaluations to find possible weak points and hazards.
Developing System-Specific Plans for Intellectual Property Protection:
Following actions can be taken to safeguard intellectual property: 1. Determine what Intellectual Property Is Critical: Identify the important intellectual property that the company has, such as trade secrets, proprietary algorithms, patents, and sensitive client information. 2. Classify and Label Intellectual Property: To guarantee appropriate management and protection, classify
intellectual property according to its sensitivity and add the necessary labels or markings.
3. Implement Data Loss Prevention (DLP) Measures: Implement DLP systems to track and manage the flow of confidential knowledge inside the company. Implementing encryption, access restrictions, and measures to stop data leaks are all part of this.
4. Secure Intellectual Property Storage: Make sure that intellectual property is kept both electronically and
physically safe. To prevent unwanted access, put in place the necessary security measures, such as encryption, intrusion detection systems, and access controls.
5. Provide policies and education for employees: Instruct staff members on the value of safeguarding intellectual property and establish guidelines for managing, distributing, and discarding it. Applying the Security Model to Protect from Unauthorized Users:
The security model should follow a defense-in-depth approach, which includes:
1.
Perimeter Security :Use network segmentation, intrusion prevention systems, and firewalls to guard against unwanted access and outside threats.
2.
Network Security: Implement network segmentation to protect critical systems and resources from illegal access.
Protect network infrastructure from unauthorized access and assaults by deploying firewalls, intrusion detection/prevention systems (IDS/IPS), and virtual private networks (VPNs).
3.
Physical Security: To prevent unwanted physical access, implement biometric authentication, access control systems, and security cameras.
4.
Incident Response Plan: Establish protocols for incident identification, containment, eradication, and recovery to reduce the effect of security issues.
Roles of Personnel in Planning and Managing Security:
Board of Directors
: The board of directors analyze and approve security policies, risk management plans, and important security projects.
Senior Management
: Senior management is in charge of determining the organization's security objectives, offering strategic guidance, and allocating resources.
Chief Information Security Officer
: The CISO is in charge of establishing and implementing the organization's information security strategy. They direct the security program, manage security projects, coordinate security efforts, and engage with top management and the board of directors.
IT Management (CIO, IT Director, etc.):
IT management is in charge of putting security controls in place and ensuring that security measures work as they should. They are in charge of implementing security technology, managing security incidents, and ensuring that security rules and standards are met.
Functional Area Management
: Functional area managers, such as department heads, are in charge of enforcing security regulations in their particular areas. They work with the security team to meet security requirements and ensure that personnel follow security rules and procedures.
Information Security Personnel
: Information security workers are in charge of day-to-day security activities such as vulnerability assessments, incident response, security monitoring, and security control implementation. End Users
: End users play an important role in information security by adhering to security rules and procedures, maintaining good security hygiene, and quickly reporting any suspicious actions.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Reference:
Sysdig. NIST 800-53 Compliance for Containers and Cloud. Retrieved from https://sysdig.com/s-nist-800-
53-compliance-for-containers-and-cloud/
National Institute of Standards and Technology (NIST). Five Functions. Retrieved from https://www.nist.gov/cyberframework/getting-started/online-learning/five-functions
Copyrighted.com. (n.d.). Protect Intellectual Property. Retrieved from https://www.copyrighted.com/blog/protect-intellectual-property