Cyber Security Case Study
Added on - 29 Apr 2020
Cyber SecurityName of the student:Name of the university:Author Note
AbstractThe report undergoes the case study of a systemimplementation and accesses to collect data arerequired to be determined. Further, the reportconsiders that the corporate security policy hasbeen obsolete. Hence a researching and definingof the security administrations and operations aredone here. The report is helpful to recognize theproblems related to the SSCP domains. Further,it has demonstrated the controls and methodskeeping the incorporation of information fromthe proper SSCP domains in mind.KeywordsISC2, SSCP, ISSP1.Introduction:The SSCP refers to the certification forthe practitioners monitoring the informationsystems continuously. This is to protect thesystems from the security threats with knowingto implement the security procedures, tools andconcepts for responding to the security standards.The IISP or issue-specific security policy, on theother hand, addresses the particular areas of thevarious technologies with necessities of frequentupdates and containing the statement in theposition of the organization in specific problems.On the basis that every employee has theInternet access for browsing the web, a systemimplementation and access to collect data arerequired to be determined. Again, it is assumedthat the corporate security policy has beenobsolete and researching and defining of thesecurity administrations and operations areneeded to be done.The following report identifies theproblems related to the SSCP domains. Itdiscusses the controls and methods regarding theincorporation of information from the properSSCP domains.2.Background and problems:The ISC2 SSP is seen as the initial steptowards the career path of the informationsecurity. It has been helping through validatingthe commitment, skill and competence to theprofession. It has been helpful for enhancing anddifferentiating the marketability and credibility.It has been advancing the career and raising theearnings (Gordon and Hernandez 2016). It isreported that the ISC2 members have beengetting about thirty percent more salaries than thenon-members. The commitment is affirmed tothe continued competence within the recent bestpractices. This is done by ISC2’s CPE orContinuing Professional Education necessities(Schneider 2014). It has been fulfilling theorganizational and governmental obligations forthe mandates of Information SecurityCertifications.The SSCP has been helping theemployers through position candidates in thelevel playing field as the certifications areidentified internationally. The increasedcredibility of the organization is needed to beprovided for the group while working with thecontractors and vendors. It assures that theemployees utilize universal language (Burke2016). This must be circumventing the ambiguitywith the terms and practices accepted by theindustry. This raises the confidence that theemployees and job candidates undergo theireducation by the CPE or Continuing ProfessionalEducation keeping and crediting their currentskills. Lastly, it has satisfied the certificationmandate necessities for the subcontractors.
One of the problems lying here is thechallenges faced by leadership. The cyber-security is found to be understood poorly by thetop management. As it co0mes to the security ofIT, the research done by ISC2 has been showinga tepid commitment to investing the substantialsecurity steps. This has been both the sectors ofhuman and technology resources. It is also seenthat very often the cyber security teams get short-staffed (Al-Aali and Yousif 2013). This includesthe lack of resources required to manage thecyber attack. Further, they have not beenprovided with the roles for fulfilling the moreproactive roles in securing the networks and dataof the companies.Moreover, there have been issuesregarding lack of resources and training plaguingthe security team of IT. Though some companieshave been splintering the cybersecurity from theIT regarding structural reasons, the IT teamshave been typically shouldering the roles for thesecurity. This indicates that the professionals ofIT have been those, who enforce the policies,they run the tools for protecting the data of theorganization. However, those IT teams are the defacto team of security in maximum places(Chapple and Seidl 2016). There has been arising concern as they have not been having theaccess to technologies and tools they require.3.The methods and controls:3.1Determining of the system implicationand access according to criteria of IT:The ISC2 has credited the privacystatement for demonstrating the commitment ofthe organizations for privacy. It reserves the rightof changing the policy through notifying theusers of the existence at any time (Edu.isc2.org,2017).The ISC2 has not been gathering thepersonal information regarding the people exceptwhen the person mainly supplies the informationon any voluntary basis. The users are also meantto know, that the non-personal data andinformation must be collected automatically bythe standard operation of the Internet Servers ofISC2 by using the cookies (Alston 2013).Instances of the data collected regardingthe usage are the “top viewed”, the pages visitedand the links on the website, exit points and thetop entry. This also includes the number of theform completions, the time spent on the pages,top keywords that ate used offsite. All these havebeen to lead the customers to the website, the IPaddressed, data collected through cookies. Thisalso includes the device event information likethe crashes, system activities, browser type andthe hardware settings and much more.During particular restricted cases, someinformation might be asked to be provided aboutthe previous criminal convictions for accessingthe suitability for becoming the ISC2 member.This helps in making proper arrangements foraccommodating various events. This informationcould be considered sensitive by the (Chen et al.2017). The user could be assured to keep thatdata in the most confidential area and use thatonly for limited purposes for which it has beengathered.3.2Researching and defining the securityadministrations and operations:There have been two fundamental challengesin implementing the business policies andcontrolling the branch office of IT. The first areais the way to manage various branch networkseffectively. Since all the branch offices have beensmall, it has not had any IT-employee on-sitepresent for supporting the users as anything goeswrong (Hernandez 2014). Thus the emphasis hasbeen on how the core IT department has beenproviding the security and support (Newsletter,2017). Despite all this, the time that is spent onthose activities begin to have the significanteffect on the costs and productivity as it is notplanned carefully.The branch office environment requiresthe similar functionalities as the central office asper as the security is concerned. The IPS, VPN,firewall, web and the email security has beensignificant to the remote workers same as the