Information Security and Resilience: Analysis and Framework Report

Verified

Added on 2022/10/19

AI Summary

This report addresses the critical need for information security and resilience within an organization, prompted by a management workshop. It examines the debate between utilizing internal talent versus external expertise for implementing security systems. The report highlights the importance of cybersecurity and cyber resilience in mitigating risks and protecting business processes. It critiques the approach of relying solely on internal resources, advocating for the integration of established frameworks like CLASP, PCI DSS, ISO 27001/27002, CIS Critical Controls, and the NIST Framework. The report concludes that while internal talent can contribute, a comprehensive approach incorporating external services and established frameworks is essential for developing a sustainable and effective information security and resilience system. The report emphasizes the ethical and practical advantages of leveraging third-party expertise and standardized methodologies for robust security measures.

Running head: BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
Name of Student
Name of University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
Table of Contents
Introduction: 2
Discussion: 2
Conclusion: 3
References: 5

2BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
Introduction:
The aim of the report is to describe a situation where the heads of the organization has
attended a management offsite workshop and has concluded on the requirement for
developing the information security parameters and systems an also the resilience for the
organization. The discussion during the workshop highlighted the point of selecting the
appropriate authority that will be on charge of implementing the security system and
resilience in the organization whether the talent within their organization will be able to
develop a sustainable system which is better than the formal methods (Linkov et al. 2013)
Discussion:
The ability of the system to make quick response and have better preparation against
the cyber attacks so as to recover the systems from the vulnerability of the attacks that
hampers the business process of the organization is known as the Cyber security and the
cyber resilience. It decreases the revelation to the level of risk to the organization. The heads
and the stakeholders of the organization have argued on the points for the selection of the
implementation process and group (Singh et al. 2013). The employees and senior
stakeholders of the organization have showed full faith on the internal talent of their
organization rather than the formal methods or the structures that are well regarded in the
literature and in the particular industry.
The organization executives however have showed faith on the internal talent, but the
reality states that there are multiple of frameworks that are needed to be followed under the
guidelines of the National Institute of Standards and Technology. There are three levels like
the Executive level, Business Process level and the implementation or operation level which
follows the organizational risks, critical infrastructure and risk managements. Giving chance
to the talent pool of the organization will not allow the organization to fulfil the system and

3BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
requirement of the frameworks that are essential for the process of implementation of the
security procedures on the information and resilience system. However, the employees and
the management argue on their own resources to develop and modify their information
system, it is not ethical and profitable to develop their own security systems by appointing
their own talent pool in the organization (McCarthy and Harnett 2014). Therefore it is
important to include the third party services to provide the security measures to create more
sustainable system.
The CLASP framework is recommendable as a way forward as the CLASP has been
associated in working with the authorities that are based in Greater Manchester, Cheshire,
Liverpool City Region, Warrington and Cumbria for developing the useful guidelines for
producing resilience for the small and medium sized structures of business (Calder and
Williams 2016). It is also recommendable as the guides explore certain features like the ways
that helps to protect and defend the business structures from all kind of unhealthy attacks on
the organization. It also describes the changes that the organization may notice in the change
that is being implemented.
There other frameworks those are similar to the above mentioned framework which
can replace the CLASP framework for the virtue of implying a new security infrastructure
within the organization. The frameworks like the PCI DSS, ISO 27001/27002, CIS Critical
Controls and the most common and widely used framework which is the NSIT Framework
that is applicable for Improving Critical Infrastructure Security (Hert, Papakonstantinou and
Kamara 2016).
Conclusion:
This report concludes on the matter that the security on the information system and
the resilience is an important aspect for securing the organization system. The organization

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
which has decided to implement new security systems and resilience systems has targeted
their own talent poll within the organization for giving the charge on them to implement the
security system. The report has refuted on the fact of arranging the talent pool to develop the
security systems. However, the employees and the management argue on their own resources
to develop and modify their information system, it is not ethical and profitable to develop
their own security systems by appointing their own talent pool in the organization.

5BUILDING SYSTEMS INFORMATION SECURITY AND RESILIENCE
References:
Calder, A. and Williams, G., 2016. PCI DSS: a pocket guide. It Governance Ltd.
De Hert, P., Papakonstantinou, V. and Kamara, I., 2016. The cloud computing standard
ISO/IEC 27018 through the lens of the EU legislation on data protection. Computer
Law & Security Review, 32(1), pp.16-30.
Linkov, I., Eisenberg, D.A., Plourde, K., Seager, T.P., Allen, J. and Kott, A., 2013. Resilience
metrics for cyber systems. Environment Systems and Decisions, 33(4), pp.471-476.
McCarthy, C. and Harnett, K., 2014. National institute of standards and technology (nist)
cybersecurity risk management framework applied to modern vehicles (No. DOT HS
812 073). United States. National Highway Traffic Safety Administration.
Singh, K., Aeran, H., Kumar, N. and Gupta, N., 2013. Flexible thermoplastic denture base
materials for aesthetical removable partial denture framework. Journal of clinical and
diagnostic research: JCDR, 7(10), p.2372.