IT Security Management
VerifiedAdded on 2022/12/29
|8
|2400
|55
AI Summary
This document provides information on IT security management, including the cost of security breaches, the NIST framework, tiers of a framework, essential focus functions, incident response plan, phases of IRP, types of penetration testing, metrics for measuring incident response, challenges faced by incidence response teams, considerations in computer forensics, and data acquisition.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT SECURITY MANAGEMENT
1
IT Security Management
Student Name
Institution Affiliation
1
IT Security Management
Student Name
Institution Affiliation
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT 2
IT Security Management
Question 1
1.
The cost of a security breach includes brand damage, regulatory fines or penalties, remediation
of vulnerabilities, forensic investigation, and litigation. First, security breaches destroy brand
image and loyalty. Brand and loyalty are created and sustained by the trust between the
organization and all the stakeholders. Once the stakeholders such as customers lose confidence in
the organization, they will not transact with the organization. Secondly, when a business enters
into a contract, the contract always has a clause on protecting the confidentiality of both parties'
financial information. A security breach may expose the confidential final data leading to a
contract breach and consequently inviting legal lawsuits. Lawsuits can lead to organizations to
lose a tremendous amount of money as compensation from regulatory bodies and the court of
law. Remediation of the vulnerabilities after a security breach is also a costly practice since the
business organization has to put defense mechanisms to mitigate future attacks. The process of
forensic investigation to find proof of security breach, so a to take the litigation measures on the
attacker consumes a lot of time and requires additional costs.
2
The five steps of the NIST framework core include detect, respond, recover, identify, and
protect. The identifying step involves the organizational understanding of cyber risk and
business context. The NIST framework core requires organizations to identify the security
threats and vulnerabilities in the organization systems. The risks should then be prioritized and
focus on the nature of the danger to individuals and the organization. To protect involves the
development and implementation of the appropriate safeguards in the organization. This helps in
IT Security Management
Question 1
1.
The cost of a security breach includes brand damage, regulatory fines or penalties, remediation
of vulnerabilities, forensic investigation, and litigation. First, security breaches destroy brand
image and loyalty. Brand and loyalty are created and sustained by the trust between the
organization and all the stakeholders. Once the stakeholders such as customers lose confidence in
the organization, they will not transact with the organization. Secondly, when a business enters
into a contract, the contract always has a clause on protecting the confidentiality of both parties'
financial information. A security breach may expose the confidential final data leading to a
contract breach and consequently inviting legal lawsuits. Lawsuits can lead to organizations to
lose a tremendous amount of money as compensation from regulatory bodies and the court of
law. Remediation of the vulnerabilities after a security breach is also a costly practice since the
business organization has to put defense mechanisms to mitigate future attacks. The process of
forensic investigation to find proof of security breach, so a to take the litigation measures on the
attacker consumes a lot of time and requires additional costs.
2
The five steps of the NIST framework core include detect, respond, recover, identify, and
protect. The identifying step involves the organizational understanding of cyber risk and
business context. The NIST framework core requires organizations to identify the security
threats and vulnerabilities in the organization systems. The risks should then be prioritized and
focus on the nature of the danger to individuals and the organization. To protect involves the
development and implementation of the appropriate safeguards in the organization. This helps in
IT SECURITY MANAGEMENT 3
containing and limiting the impact of the security attack on the organization or its employees.
Several technical and administrative security tools can be used to protect the systems in an
organization from cyber attack. The detect step, on the other hand, involves monitoring and even
logging functions in the system. The detection should be an automatic process that is customized
for the system to avoid the situation of false alarm due to false-positive scenarios. This step is
focused on the monitoring of all the activities in the systems of an organization. The recovering
step involves the actions of restoring business activities after a cyber attack.
Question 2
Tiers of a framework are developed to provide a contest on how organizations should view
cybersecurity. They also outline the process of managing cybersecurity risks.
Repeatable - In this tier involves the formal approval of risk management practices. This tier of
the framework requires the organization to implement an organization-wide approach to manage
cybersecurity risk. The repeatable tier has achieved the definition, implementation, and review
of cybersecurity policies and procedures in the organization.
Adaptive – This tier involves an organization-wide approach to manage cybersecurity risks in an
organization. Risk management is supposed to be incorporated into the organizational culture of
the organization to promote the sustainability and development of the business organization.
Cybersecurity practice should be adaptive to enable the organization to respond to evolving
threats in time and adapt to the changing cybersecurity landscape. Organizations should be
flexible and agile in adapting advanced cybersecurity practices and technologies to reduce
containing and limiting the impact of the security attack on the organization or its employees.
Several technical and administrative security tools can be used to protect the systems in an
organization from cyber attack. The detect step, on the other hand, involves monitoring and even
logging functions in the system. The detection should be an automatic process that is customized
for the system to avoid the situation of false alarm due to false-positive scenarios. This step is
focused on the monitoring of all the activities in the systems of an organization. The recovering
step involves the actions of restoring business activities after a cyber attack.
Question 2
Tiers of a framework are developed to provide a contest on how organizations should view
cybersecurity. They also outline the process of managing cybersecurity risks.
Repeatable - In this tier involves the formal approval of risk management practices. This tier of
the framework requires the organization to implement an organization-wide approach to manage
cybersecurity risk. The repeatable tier has achieved the definition, implementation, and review
of cybersecurity policies and procedures in the organization.
Adaptive – This tier involves an organization-wide approach to manage cybersecurity risks in an
organization. Risk management is supposed to be incorporated into the organizational culture of
the organization to promote the sustainability and development of the business organization.
Cybersecurity practice should be adaptive to enable the organization to respond to evolving
threats in time and adapt to the changing cybersecurity landscape. Organizations should be
flexible and agile in adapting advanced cybersecurity practices and technologies to reduce
IT SECURITY MANAGEMENT 4
security risks. The adaptive cybersecurity management in an organization is achieved through
the continuous sharing of information among all the stakeholders involved.
Risk-Informed – This tier requires the risk management practices approved by the management
to be established across all the levels of the organization. Cyber security activities should be
prioritized through setting organizational risk objectives, business requirements or understanding
the threat environment. This ensures procedures and processes are implanted throughout the
organization, and every member is made aware of the cybersecurity threat.
2
The five essential focus functions of any security framework include access control, awareness
and training, data security, maintenance, and protective technologies. Access control involves
how the security framework handles logical, physical, and remote access. The frame should
outline the authentication process to ensure that unauthorized parties cannot access the systems
in an organization either physically or remotely. The awareness and training function of a
security framework involves establishing the culture of cybersecurity in an organization.
Awareness and training can be achieved by the implementation of the "push vs. pull" strategy.
Data security function involves the encryption of data sets and data in motion. The framework
should able to monitor the integrity of the files and data in the system. The maintenance function
involves the context of providing the maintenance and repair of the systems within the system. A
third party can be consulted to perform the periodic maintenance and test the safety mechanisms
of the systems. Finally, the framework should allow for the implementation of technical controls
through perimeter defense, removable data consideration, and configuration of networks.
Question 3
security risks. The adaptive cybersecurity management in an organization is achieved through
the continuous sharing of information among all the stakeholders involved.
Risk-Informed – This tier requires the risk management practices approved by the management
to be established across all the levels of the organization. Cyber security activities should be
prioritized through setting organizational risk objectives, business requirements or understanding
the threat environment. This ensures procedures and processes are implanted throughout the
organization, and every member is made aware of the cybersecurity threat.
2
The five essential focus functions of any security framework include access control, awareness
and training, data security, maintenance, and protective technologies. Access control involves
how the security framework handles logical, physical, and remote access. The frame should
outline the authentication process to ensure that unauthorized parties cannot access the systems
in an organization either physically or remotely. The awareness and training function of a
security framework involves establishing the culture of cybersecurity in an organization.
Awareness and training can be achieved by the implementation of the "push vs. pull" strategy.
Data security function involves the encryption of data sets and data in motion. The framework
should able to monitor the integrity of the files and data in the system. The maintenance function
involves the context of providing the maintenance and repair of the systems within the system. A
third party can be consulted to perform the periodic maintenance and test the safety mechanisms
of the systems. Finally, the framework should allow for the implementation of technical controls
through perimeter defense, removable data consideration, and configuration of networks.
Question 3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT SECURITY MANAGEMENT 5
1
The chain of custody in cybersecurity forensics is as shown below. The chain of custody is
essential in the collection of digital evidence in cybersecurity forensics since it involves
chronological documentation of the electronic evidence. The chain illustrates the collection,
sequence of control, transfer, and analysis. During a cyber attack in the systems of an
organization, all the activities and the time they occurred are well presented for future evidence.
The events must be recorded by trained staff in the presence of a witness. Once the proof is
documented, it should be secured to avoid loss or distortion of crucial evidence.
Sample Chain of Custody
2
Incident response plan (IRP) is essential in information security, especially in a modern society
facing numerous potential information security threats. Incident response planning is an element
of business continuity planning which ensures that an organization continues to offer customers
products and services efficiently and effectively. First, incident response is essential because it
protects the revenue of the organization. The cost security breach in organizations is very high,
and it can be prevented or reduced by the incident response plan. The average cost per breach
record is $201. Apart from the direct loss of revenue due to the data breach, an organization
11:04
Inc. Response
arrives
11:05- 11:44
System Copied
PKB $RFT
11:47- 1:05
Disk Copied
PKB $RFT
10:53AM
Attack Observed
Jan K
11:15
System brought
offline
RFT
1:15
System locked in
static-free bag in
storage room
RFT & PKB
11:45
System
Powered down
PKB $ RFT
1
The chain of custody in cybersecurity forensics is as shown below. The chain of custody is
essential in the collection of digital evidence in cybersecurity forensics since it involves
chronological documentation of the electronic evidence. The chain illustrates the collection,
sequence of control, transfer, and analysis. During a cyber attack in the systems of an
organization, all the activities and the time they occurred are well presented for future evidence.
The events must be recorded by trained staff in the presence of a witness. Once the proof is
documented, it should be secured to avoid loss or distortion of crucial evidence.
Sample Chain of Custody
2
Incident response plan (IRP) is essential in information security, especially in a modern society
facing numerous potential information security threats. Incident response planning is an element
of business continuity planning which ensures that an organization continues to offer customers
products and services efficiently and effectively. First, incident response is essential because it
protects the revenue of the organization. The cost security breach in organizations is very high,
and it can be prevented or reduced by the incident response plan. The average cost per breach
record is $201. Apart from the direct loss of revenue due to the data breach, an organization
11:04
Inc. Response
arrives
11:05- 11:44
System Copied
PKB $RFT
11:47- 1:05
Disk Copied
PKB $RFT
10:53AM
Attack Observed
Jan K
11:15
System brought
offline
RFT
1:15
System locked in
static-free bag in
storage room
RFT & PKB
11:45
System
Powered down
PKB $ RFT
IT SECURITY MANAGEMENT 6
incurs extra expenses involved in forensic investigation, litigation process, regulatory, and
compliance fines. The IRP ensures that an organization proactively protects its data. Data
protection is achieved by the various IRP activities, including securing backups, detecting
malicious activities by leveraging logs and security attacks, proper access and identity
management, and patch management.
Additionally, an incident response plan is essential in protecting the organization's reputation and
customer trust. Security breaches destroy the brand image and the trust customers have on an
organization. If a security breach is not well handled, an organization is likely to lose a
significant number of customers. IRP ensures that security breaches are processed very fast to
avoid disruption of operations in an organization.
Question 4
1
The phases of IRP are all critical in containing the impact of a security breach in an organization.
Preparation- Organizations should be well prepared for any security breach before its incidence.
This helps in ensuring that the organization is not taken by surprise during a data breach. Early
preparation provides rapid response to a security breach, thus reducing the impact of the attack
on the business organization.
Identification- This phase involves the identification of the security breach in the organization.
This phase of the IRP consists of monitoring all the activities in the systems of the organization
to detect any unfamiliar activity in the system. Faster identification of the threat ensures a speedy
response.
Containment and Escalation – Once a data breach has been identified, the next phase is to
contain the impact of the attack. This is achieved through the initiation of security mechanisms in
the system.
Analysis and eradication – This phase is vital since it enables the organization to realize the root
cause of the attack. The reason may be an unknown vulnerability in the system, and once it is
removed, the security threat is eliminated.
Recovery- This phase ensures that the system operations are restored to normalcy to ensure that
customers are supplied with products and services as required.
Lessons learned- This phase is crucial for the improvement of the security mechanisms in the
systems. It helps organizations to plan well for future attacks.
2
incurs extra expenses involved in forensic investigation, litigation process, regulatory, and
compliance fines. The IRP ensures that an organization proactively protects its data. Data
protection is achieved by the various IRP activities, including securing backups, detecting
malicious activities by leveraging logs and security attacks, proper access and identity
management, and patch management.
Additionally, an incident response plan is essential in protecting the organization's reputation and
customer trust. Security breaches destroy the brand image and the trust customers have on an
organization. If a security breach is not well handled, an organization is likely to lose a
significant number of customers. IRP ensures that security breaches are processed very fast to
avoid disruption of operations in an organization.
Question 4
1
The phases of IRP are all critical in containing the impact of a security breach in an organization.
Preparation- Organizations should be well prepared for any security breach before its incidence.
This helps in ensuring that the organization is not taken by surprise during a data breach. Early
preparation provides rapid response to a security breach, thus reducing the impact of the attack
on the business organization.
Identification- This phase involves the identification of the security breach in the organization.
This phase of the IRP consists of monitoring all the activities in the systems of the organization
to detect any unfamiliar activity in the system. Faster identification of the threat ensures a speedy
response.
Containment and Escalation – Once a data breach has been identified, the next phase is to
contain the impact of the attack. This is achieved through the initiation of security mechanisms in
the system.
Analysis and eradication – This phase is vital since it enables the organization to realize the root
cause of the attack. The reason may be an unknown vulnerability in the system, and once it is
removed, the security threat is eliminated.
Recovery- This phase ensures that the system operations are restored to normalcy to ensure that
customers are supplied with products and services as required.
Lessons learned- This phase is crucial for the improvement of the security mechanisms in the
systems. It helps organizations to plan well for future attacks.
2
IT SECURITY MANAGEMENT 7
There several types of penetration testing for systems in an organization to mitigate cyber-
attacks. Her, we are going to discuss external testing and internal testing. External examining is a
testing that is done outside network perimeters. The external penetration testing involves the
analysis of the vulnerabilities that external users can exploit to gain authorized access to the
systems in the organization. Several technology tools are used to ensure the system is protected
from external attacks. The external penetration testing serves as a checklist for the functionality
and efficiency of the defense mechanisms in the system.
On the other hand, internal penetration testing tests from the network with an organization. The
internal attacks are more severe compared to external attacks since most of the defenses
concentrate on external attacks. Internal security threats can be handled through proper
authentication process for both physical and logical access to the systems in an organization.
Question 5
1
Average time to respond to an incident- This metric is essential in determining how well an
organization is prepared for cyber attacks. If an organization takes a shorter time to respond to an
attack is shows high levels of preparedness.
Average time to resolve an incident- This metric measures the time taken to restore operations to
normal in a security breach incidence. Business organizations should take the shortest time
possible to deal with an attack and restore the services to normalcy.
Total number of incidents successfully resolved- the measure of success in each security breach
incidence is essential in determining the efficiency of the incidence response plan in the
organization
Proactive and preventive measures taken- This metric is crucial in the implementation of an
incidence response plan. It ensures that the security mechanisms take both the proactive and
preventive approach.
Total damage from reported or detected incidents- This metric is essential in demonstrating the
importance of ensuring cybersecurity in an organization. The destruction should be compared
with the cybersecurity investment to determine the efficiency of the security mechanisms in the
system.
2
There several types of penetration testing for systems in an organization to mitigate cyber-
attacks. Her, we are going to discuss external testing and internal testing. External examining is a
testing that is done outside network perimeters. The external penetration testing involves the
analysis of the vulnerabilities that external users can exploit to gain authorized access to the
systems in the organization. Several technology tools are used to ensure the system is protected
from external attacks. The external penetration testing serves as a checklist for the functionality
and efficiency of the defense mechanisms in the system.
On the other hand, internal penetration testing tests from the network with an organization. The
internal attacks are more severe compared to external attacks since most of the defenses
concentrate on external attacks. Internal security threats can be handled through proper
authentication process for both physical and logical access to the systems in an organization.
Question 5
1
Average time to respond to an incident- This metric is essential in determining how well an
organization is prepared for cyber attacks. If an organization takes a shorter time to respond to an
attack is shows high levels of preparedness.
Average time to resolve an incident- This metric measures the time taken to restore operations to
normal in a security breach incidence. Business organizations should take the shortest time
possible to deal with an attack and restore the services to normalcy.
Total number of incidents successfully resolved- the measure of success in each security breach
incidence is essential in determining the efficiency of the incidence response plan in the
organization
Proactive and preventive measures taken- This metric is crucial in the implementation of an
incidence response plan. It ensures that the security mechanisms take both the proactive and
preventive approach.
Total damage from reported or detected incidents- This metric is essential in demonstrating the
importance of ensuring cybersecurity in an organization. The destruction should be compared
with the cybersecurity investment to determine the efficiency of the security mechanisms in the
system.
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT SECURITY MANAGEMENT 8
Incidence response teams face several challenges in the process of preventing and handling
cybersecurity threats. The challenges include management buy-in, organization structure/goal
mismatch, and communication problems. Management may not buy in the incidence response
strategy; thus, the IRP team will not be allocated to the staff, time, and funds to carry out their
activities. This is a top reason for the failure of the incidence response plan in most
organizations. Again, the organization structure and goals may not be aligned to IRP, thus
making it challenging to prioritize IRP activities. This challenge is mostly faced in international
organizations. Furthermore, the IRP team may face communication problems. This is brought by
too little planning of the incidence response resulting in poor coordination of activities. These
challenges make it difficult to implement IRP.
Question 6
1
The four considerations, such namely identify, preserve, analyze, and present, are essential in
computer forensics. The identify consideration involves defining all the information available
from the incident. It is necessary to identify the available data since it serves as the evidence in
computer forensics. Preserving the available information ensures that the evidence is unaltered
and well secured to be used as evidence. It is essential to consider how the incidence is analyzed.
This involves the extraction, processing, and interpretation of the collected evidence. The copied
image in the organization should be analyzed well to determine what can be used as forensic
evidence. The fourth consideration is how the evidence is presented to the management, court,
and all other stakeholders. The acceptance of the evidence strongly depends on the quality of its
presentation. The process used to analyze and preserve the information should be credible for the
evidence to be accepted.
2
Data acquisition- is the process of transferring data to a controlled location. For example, the
investigator can copy volatile data to secure the evidence for forensic investigation.
Extraction – Data extraction refers to the process of selecting specific data from an image. For
example, the logs in the systems can help the investigator to acquire important information about
the attack.
Interrogation- This is the process of obtaining information on parties involved. For example, the
IP address can be analyzed to get more information about the attacker.
Ingestion of normalization- This is the process of converting data to an understandable format,
for example, using graphs to enhance the visual illustration of concepts.
Reporting - The process of producing a report to withstand the legal process. For example, the
documentation of every forensic activity.
Incidence response teams face several challenges in the process of preventing and handling
cybersecurity threats. The challenges include management buy-in, organization structure/goal
mismatch, and communication problems. Management may not buy in the incidence response
strategy; thus, the IRP team will not be allocated to the staff, time, and funds to carry out their
activities. This is a top reason for the failure of the incidence response plan in most
organizations. Again, the organization structure and goals may not be aligned to IRP, thus
making it challenging to prioritize IRP activities. This challenge is mostly faced in international
organizations. Furthermore, the IRP team may face communication problems. This is brought by
too little planning of the incidence response resulting in poor coordination of activities. These
challenges make it difficult to implement IRP.
Question 6
1
The four considerations, such namely identify, preserve, analyze, and present, are essential in
computer forensics. The identify consideration involves defining all the information available
from the incident. It is necessary to identify the available data since it serves as the evidence in
computer forensics. Preserving the available information ensures that the evidence is unaltered
and well secured to be used as evidence. It is essential to consider how the incidence is analyzed.
This involves the extraction, processing, and interpretation of the collected evidence. The copied
image in the organization should be analyzed well to determine what can be used as forensic
evidence. The fourth consideration is how the evidence is presented to the management, court,
and all other stakeholders. The acceptance of the evidence strongly depends on the quality of its
presentation. The process used to analyze and preserve the information should be credible for the
evidence to be accepted.
2
Data acquisition- is the process of transferring data to a controlled location. For example, the
investigator can copy volatile data to secure the evidence for forensic investigation.
Extraction – Data extraction refers to the process of selecting specific data from an image. For
example, the logs in the systems can help the investigator to acquire important information about
the attack.
Interrogation- This is the process of obtaining information on parties involved. For example, the
IP address can be analyzed to get more information about the attacker.
Ingestion of normalization- This is the process of converting data to an understandable format,
for example, using graphs to enhance the visual illustration of concepts.
Reporting - The process of producing a report to withstand the legal process. For example, the
documentation of every forensic activity.
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.