a) Identify the company's potential information security risks and vulnerabilities to assist you in prioritising the implementation of the CNSS controls based on the most critical risks.   b) Identify the CNSS controls required to address the risks and vulnerabilities. Provide a suitable implementation strategy for this purpose.   c) In the given scenario, which of the three CIA triads of information security are most at risk? Justify your answer.

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

The Committee on National Security Systems (CNSS) is an US intergovernmental organisation tasked that set policy, standards, and guidelines for national system security. According to the CNSS, information security refers to the protection of data and its critical components, such as the hardware and systems used to store, use, and transmit data. The model has been designed based on the CIA triad which addresses a variety of information security management, computer and data security, and network security issues. As a result of the growing threat of cyberattacks, it can also be used in the industry for risk assessment and vulnerabilities of utilities and other critical infrastructure.

 

TSY Business Ltd is a financial services firm that has recently dealt with several security incidents, including data breaches and unauthorised access to its information systems. Hackers infiltrated the company's network and stole sensitive financial data from multiple clients, threatening to make the information public if a ransom is not paid. As the Chief Information Security Officer (CISO), you are tasked to lead a security expert team to create a plan that addresses information security risks and improves the company's security posture by implementing CNSS controls. Your strategy should include the following three steps:its

a) Identify the company's potential information security risks and vulnerabilities to assist you in prioritising the implementation of the CNSS controls based on the most critical risks.

 

b) Identify the CNSS controls required to address the risks and vulnerabilities. Provide a suitable implementation strategy for this purpose.

 

c) In the given scenario, which of the three CIA triads of information security are most at risk? Justify your answer.

Expert Solution
steps

Step by step

Solved in 3 steps

Blurred answer
Knowledge Booster
Maintenance
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education