University Security Report: Critical Security Controls in DRE CISO
VerifiedAdded on 2021/04/16
|10
|2249
|55
Report
AI Summary
This report provides a comprehensive analysis of critical security controls within the DRE CISO organization. It begins by introducing the concept of critical security controls and their alignment with operational development. The report identifies key control issues, including intrusion attacks, system attacks, and vulnerabilities, which hinder the development of security functions. It then offers suggestions for improvement, such as mitigating IT deficiencies, integrating IT operations with security functions, and prioritizing tasks. Furthermore, the report highlights the positive impacts of implementing CSC, including risk reduction, improved operations, incident response capabilities, threat mitigation, and advanced attack detection. The conclusion emphasizes the importance of successive management processes and the deployment of security functions for a robust security posture, supported by relevant references.
Running head: CRITICAL SECURITY REPORT
Critical Security Controls
Name of the Student:
Student ID:
Name of the University:
Author’s note:
Critical Security Controls
Name of the Student:
Student ID:
Name of the University:
Author’s note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CRITICAL SECURITY REPORT
Table of Contents
1. Introduction..................................................................................................................................2
2. Control Issues identified in DRE CISO organization..................................................................2
3. Suggestions for improving the implementation...........................................................................3
4. Positive Impact of the CSC implementation in DRE CISO organization...................................5
5. Conclusion...................................................................................................................................6
References........................................................................................................................................8
Table of Contents
1. Introduction..................................................................................................................................2
2. Control Issues identified in DRE CISO organization..................................................................2
3. Suggestions for improving the implementation...........................................................................3
4. Positive Impact of the CSC implementation in DRE CISO organization...................................5
5. Conclusion...................................................................................................................................6
References........................................................................................................................................8
2CRITICAL SECURITY REPORT
1. Introduction
The critical security control strategy is aligned with the development of the operations for
aligning with the modification of the operations for forming the deployment of the operations
and integration of the supportive management process (Kobezak et al., 2018). The formation of
the supportive integration had listed the formation of the intrigue development models. The
efforts of the operation had supported the management of the implementation for the processes.
The following assignment would involve the use of the effective control strategy for the
alignment of the operations and the development of the operations. The integration had helped in
forming the analysis of the control issues that would form the hindrance in the completion of the
activities. The formation of the final documents had been largely helpful for listing the analysis
of the issues and provides some suggestions that would be helpful for improving the process of
implementation of the CSC in DRE CISO business organization.
2. Control Issues identified in DRE CISO organization
A number of control issues have been identified for forming the hindrance in the
development of the security functions for CISO. The adoption of CSC or Critical Security
Controls is largely induced from the prospect of the integration of the effective integration
management (Bajramovic et al., 2017). The various control issues identified in CISO include,
Increment of Intrusions: The increasing number of intrusion attacks on the operations
had formed the major issue in harming the operations of the business organization (Almorsy,
Grundy & Muller, 2016). The intrusion in the information process is aligned for the formation of
the successive and intrigued development factors. The intrusion in the deployment of the
1. Introduction
The critical security control strategy is aligned with the development of the operations for
aligning with the modification of the operations for forming the deployment of the operations
and integration of the supportive management process (Kobezak et al., 2018). The formation of
the supportive integration had listed the formation of the intrigue development models. The
efforts of the operation had supported the management of the implementation for the processes.
The following assignment would involve the use of the effective control strategy for the
alignment of the operations and the development of the operations. The integration had helped in
forming the analysis of the control issues that would form the hindrance in the completion of the
activities. The formation of the final documents had been largely helpful for listing the analysis
of the issues and provides some suggestions that would be helpful for improving the process of
implementation of the CSC in DRE CISO business organization.
2. Control Issues identified in DRE CISO organization
A number of control issues have been identified for forming the hindrance in the
development of the security functions for CISO. The adoption of CSC or Critical Security
Controls is largely induced from the prospect of the integration of the effective integration
management (Bajramovic et al., 2017). The various control issues identified in CISO include,
Increment of Intrusions: The increasing number of intrusion attacks on the operations
had formed the major issue in harming the operations of the business organization (Almorsy,
Grundy & Muller, 2016). The intrusion in the information process is aligned for the formation of
the successive and intrigued development factors. The intrusion in the deployment of the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CRITICAL SECURITY REPORT
information processing and its misuse for personal gain by the external influence results in the
formation of the issues in the development of the final deliverable for the system.
System Attacks: The various attacks like DDoS and malware results in forming the
hindrance in the operations of the operations. The management of the operations were supported
by the alignment of the functional development model (Knapp & Langill, 2014). The integrated
development of the functions had helped in listing the management of the system configuration.
The various attacks in the system would tend to the formation of the hindrance in alignment of
the successive operations. The attacks would tend to cause the system slackness and issues in
forming the completeness of the system processing.
Vulnerabilities and Risk factors: The vulnerabilities of the system operations would
tend to form the final outcomes of the project integration management. The risk factors of
technological structure of the system are defined for the formation of the intrigued management
process. The vulnerability analysis is deployed for the formation of the successive operations
management (Woods et al., 2017). However, the vulnerabilities of the system would tend to form
the issue resolution for the system management.
3. Suggestions for improving the implementation
The implementation of the CSC in DRE CISO organization would require the use of the
implication of the various strategies that would help in firmly aligning the operations of the
system implementation. The suggestion strategies for the implementation of the CSC in CISO
are,
Mitigation of IT Deficiencies: The deficiency of the IT system forms the major setback
in the complete operations of the system. The deficiency can be in terms of lack of function,
information processing and its misuse for personal gain by the external influence results in the
formation of the issues in the development of the final deliverable for the system.
System Attacks: The various attacks like DDoS and malware results in forming the
hindrance in the operations of the operations. The management of the operations were supported
by the alignment of the functional development model (Knapp & Langill, 2014). The integrated
development of the functions had helped in listing the management of the system configuration.
The various attacks in the system would tend to the formation of the hindrance in alignment of
the successive operations. The attacks would tend to cause the system slackness and issues in
forming the completeness of the system processing.
Vulnerabilities and Risk factors: The vulnerabilities of the system operations would
tend to form the final outcomes of the project integration management. The risk factors of
technological structure of the system are defined for the formation of the intrigued management
process. The vulnerability analysis is deployed for the formation of the successive operations
management (Woods et al., 2017). However, the vulnerabilities of the system would tend to form
the issue resolution for the system management.
3. Suggestions for improving the implementation
The implementation of the CSC in DRE CISO organization would require the use of the
implication of the various strategies that would help in firmly aligning the operations of the
system implementation. The suggestion strategies for the implementation of the CSC in CISO
are,
Mitigation of IT Deficiencies: The deficiency of the IT system forms the major setback
in the complete operations of the system. The deficiency can be in terms of lack of function,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CRITICAL SECURITY REPORT
system component issue, operation slackness, and infiltration (Martellini et al., 2017). All these
deficiencies would tend to result in forming the issues in the deployment of the system functions
for CISO. For example- the malfunctioning of the payment machine would result in forming
delay in the processing of the payment and printing the bills for the customers in retail store. The
mitigation of the IT deficiencies would tend to resolve the issue in these system components and
formation of the final alignment of the operation. The mitigation process considers the
involvement of the effective system development and the formation of the plan for removing the
problems of the system. It would consider the involvement of the analysis and planning for
reducing the impact of the deficiencies of IT.
Integration of IT Operations and Security Functions: The integration of the IT
operations with the various security functions is helpful for the alignment of the success
development. The various IT operations related to the technology is required for being modified
and used at the development of the supportive operations (Rawnsley & Rawnsley, 2018). The
analysis had provided the use of the system components visible for the alignment of the
operations. The IT operations in DRE CISO organization would require the use of the
information available for the management of the operations. The functional development of the
operations would help in listing the formation of the analysis and operations. For example- the
operations of the bookstore include the virtual database storage of the available book stock that
can be bought. The security function of encryption should be used else the people would be able
to extract its information for their personal use (Rahimian, Bajaj & Bradley, 2016). The CSC
security functions are helpful in many cases of protecting the information from theft or frauds.
Ability of Prioritization: The ability of prioritizing is helpful for forming a list of
required functional development and operations. The prioritization of the information is helpful
system component issue, operation slackness, and infiltration (Martellini et al., 2017). All these
deficiencies would tend to result in forming the issues in the deployment of the system functions
for CISO. For example- the malfunctioning of the payment machine would result in forming
delay in the processing of the payment and printing the bills for the customers in retail store. The
mitigation of the IT deficiencies would tend to resolve the issue in these system components and
formation of the final alignment of the operation. The mitigation process considers the
involvement of the effective system development and the formation of the plan for removing the
problems of the system. It would consider the involvement of the analysis and planning for
reducing the impact of the deficiencies of IT.
Integration of IT Operations and Security Functions: The integration of the IT
operations with the various security functions is helpful for the alignment of the success
development. The various IT operations related to the technology is required for being modified
and used at the development of the supportive operations (Rawnsley & Rawnsley, 2018). The
analysis had provided the use of the system components visible for the alignment of the
operations. The IT operations in DRE CISO organization would require the use of the
information available for the management of the operations. The functional development of the
operations would help in listing the formation of the analysis and operations. For example- the
operations of the bookstore include the virtual database storage of the available book stock that
can be bought. The security function of encryption should be used else the people would be able
to extract its information for their personal use (Rahimian, Bajaj & Bradley, 2016). The CSC
security functions are helpful in many cases of protecting the information from theft or frauds.
Ability of Prioritization: The ability of prioritizing is helpful for forming a list of
required functional development and operations. The prioritization of the information is helpful
5CRITICAL SECURITY REPORT
for forming the development of the strategies for the implementation of the CSC with the
integration of information system (Stergiopoulos et al., 2015). The functions and requirements of
IT infrastructure are based on the alignment of the successive carrying out of the activities of the
DRE CISO organization. The prioritization would help in considering the most crucial factor for
the implementation and forming the analysis of it for DRE CISO organization. The prioritization
would allow the selection of the correct path of implementation of the security control in the
organization. The allowance of the system control is helpful for forming the deployment of the
improved functional operations.
4. Positive Impact of the CSC implementation in DRE CISO organization
The implementation of the CSC is helpful for forming the alignment of the operational
development of the security functions in DRE CISO organization. The benefits or positive
impacts of implementing CSC in DRE CISO organization is helpful for,
Reduction of risk: The reduction of the risk is the primary benefit of implementing the
CSC in DRE CISO organization. The risk factors that have negative impact on the operations of
the organization would be mitigated and their overall impact on the operations of the
organization would be reduced (Alcaraz & Zeadally, 2015). The probability of occurrence of the
risk impact would also be negated with the help of implementation of CSC. The risk impact
would be nullified that would result in achievement of the desired outcomes from the processes
implied.
Improvement of operation: The use of the CSC would help the DRE CISO organization
in improving the performance of their operations (Fielder et al., 2016). The security functions
implied would be helpful for forming the deployment of the successive development of the
for forming the development of the strategies for the implementation of the CSC with the
integration of information system (Stergiopoulos et al., 2015). The functions and requirements of
IT infrastructure are based on the alignment of the successive carrying out of the activities of the
DRE CISO organization. The prioritization would help in considering the most crucial factor for
the implementation and forming the analysis of it for DRE CISO organization. The prioritization
would allow the selection of the correct path of implementation of the security control in the
organization. The allowance of the system control is helpful for forming the deployment of the
improved functional operations.
4. Positive Impact of the CSC implementation in DRE CISO organization
The implementation of the CSC is helpful for forming the alignment of the operational
development of the security functions in DRE CISO organization. The benefits or positive
impacts of implementing CSC in DRE CISO organization is helpful for,
Reduction of risk: The reduction of the risk is the primary benefit of implementing the
CSC in DRE CISO organization. The risk factors that have negative impact on the operations of
the organization would be mitigated and their overall impact on the operations of the
organization would be reduced (Alcaraz & Zeadally, 2015). The probability of occurrence of the
risk impact would also be negated with the help of implementation of CSC. The risk impact
would be nullified that would result in achievement of the desired outcomes from the processes
implied.
Improvement of operation: The use of the CSC would help the DRE CISO organization
in improving the performance of their operations (Fielder et al., 2016). The security functions
implied would be helpful for forming the deployment of the successive development of the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CRITICAL SECURITY REPORT
improved operation development. The operation development had allowed the formation of the
improved information system development in the organization. The development of the activities
had supported the listing of the performance and organization.
Incident Response: The response of the incident would be helpful for the deployment of
the incident response for the development of the activities (Rebollo et al., 2015). The integration
of the analysis is aligned with the modification of the operations are aligned with the formation
of the supportive development model. The response of the incident is aligned for the deployment
of the cohesive management operations.
Threat Mitigation: The mitigation of the threats is another major factor that would allow
the formation of the operation management. The mitigation of the threat is aligned with the
influential development of the operation and cohesive formation of the operations (Stergiopoulos
et al., 2015). The security function of encryption should be used else the people would be able to
extract its information for their personal use.
Advanced Attack Detection: The detection and prevention of the attacks like DDoS and
malware would be possible with the help of CSC security functions in CISO. The advanced
attack detection would allow the formation of the successive and influential overcoming of the
operations (Rawnsley & Rawnsley, 2018). The CSC security functions are helpful in many cases
of protecting the information from theft or frauds.
5. Conclusion
It can be concluded from the report that the deployment of the successive management
process and deployment of the security functions. The various control issues identified in CISO
had included increment of intrusions, system attacks, and vulnerabilities and risk factors. The
improved operation development. The operation development had allowed the formation of the
improved information system development in the organization. The development of the activities
had supported the listing of the performance and organization.
Incident Response: The response of the incident would be helpful for the deployment of
the incident response for the development of the activities (Rebollo et al., 2015). The integration
of the analysis is aligned with the modification of the operations are aligned with the formation
of the supportive development model. The response of the incident is aligned for the deployment
of the cohesive management operations.
Threat Mitigation: The mitigation of the threats is another major factor that would allow
the formation of the operation management. The mitigation of the threat is aligned with the
influential development of the operation and cohesive formation of the operations (Stergiopoulos
et al., 2015). The security function of encryption should be used else the people would be able to
extract its information for their personal use.
Advanced Attack Detection: The detection and prevention of the attacks like DDoS and
malware would be possible with the help of CSC security functions in CISO. The advanced
attack detection would allow the formation of the successive and influential overcoming of the
operations (Rawnsley & Rawnsley, 2018). The CSC security functions are helpful in many cases
of protecting the information from theft or frauds.
5. Conclusion
It can be concluded from the report that the deployment of the successive management
process and deployment of the security functions. The various control issues identified in CISO
had included increment of intrusions, system attacks, and vulnerabilities and risk factors. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CRITICAL SECURITY REPORT
suggestion strategies for the implementation of the CSC in CISO that had been highlighted in the
report were mitigation of it deficiencies, integration of it operations and security functions, and
ability of prioritization. The benefits or positive impacts of implementing CSC in DRE CISO
organization were helpful for reduction of risk, improvement of operation, incident response,
threat mitigation, and advanced attack detection. The intrigue deployment had supported the
formation of the critical security controls that are favourable for the management of the risk
posture. The security function development had formed for the consideration of the functional
operations.
suggestion strategies for the implementation of the CSC in CISO that had been highlighted in the
report were mitigation of it deficiencies, integration of it operations and security functions, and
ability of prioritization. The benefits or positive impacts of implementing CSC in DRE CISO
organization were helpful for reduction of risk, improvement of operation, incident response,
threat mitigation, and advanced attack detection. The intrigue deployment had supported the
formation of the critical security controls that are favourable for the management of the risk
posture. The security function development had formed for the consideration of the functional
operations.
8CRITICAL SECURITY REPORT
References
Kobezak, P., Marchany, R., Raymond, D., & Tront, J. (2018, January). Host Inventory Controls
and Systems Survey: Evaluating the CIS Critical Security Control One in Higher
Education Networks. In Proceedings of the 51st Hawaii International Conference on
System Sciences.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Knapp, E. D., & Langill, J. T. (2014). Industrial Network Security: Securing critical
infrastructure networks for smart grid, SCADA, and other Industrial Control Systems.
Syngress.
Woods, D., Agrafiotis, I., Nurse, J. R., & Creese, S. (2017). Mapping the coverage of security
controls in cyber insurance proposal forms. Journal of Internet Services and
Applications, 8(1), 8.
Martellini, M., Abaimov, S., Gaycken, S., & Wilson, C. (2017). Known Weaknesses with
Security Controls. In Information Security of Highly Critical Wireless Networks (pp. 27-
28). Springer, Cham.
Rawnsley, G. D., & Rawnsley, M. Y. (2018). Critical security, democratisation and television in
Taiwan. Routledge.
Rahimian, F., Bajaj, A., & Bradley, W. (2016). Estimation of deficiency risk and prioritization of
information security controls: A data-centric approach. International Journal of
Accounting Information Systems, 20, 38-64.
References
Kobezak, P., Marchany, R., Raymond, D., & Tront, J. (2018, January). Host Inventory Controls
and Systems Survey: Evaluating the CIS Critical Security Control One in Higher
Education Networks. In Proceedings of the 51st Hawaii International Conference on
System Sciences.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Knapp, E. D., & Langill, J. T. (2014). Industrial Network Security: Securing critical
infrastructure networks for smart grid, SCADA, and other Industrial Control Systems.
Syngress.
Woods, D., Agrafiotis, I., Nurse, J. R., & Creese, S. (2017). Mapping the coverage of security
controls in cyber insurance proposal forms. Journal of Internet Services and
Applications, 8(1), 8.
Martellini, M., Abaimov, S., Gaycken, S., & Wilson, C. (2017). Known Weaknesses with
Security Controls. In Information Security of Highly Critical Wireless Networks (pp. 27-
28). Springer, Cham.
Rawnsley, G. D., & Rawnsley, M. Y. (2018). Critical security, democratisation and television in
Taiwan. Routledge.
Rahimian, F., Bajaj, A., & Bradley, W. (2016). Estimation of deficiency risk and prioritization of
information security controls: A data-centric approach. International Journal of
Accounting Information Systems, 20, 38-64.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CRITICAL SECURITY REPORT
Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., & Gritzalis, D. (2015). Risk mitigation
strategies for Critical Infrastructures based on graph centrality analysis. International
Journal of Critical Infrastructure Protection, 10, 34-44.
Alcaraz, C., & Zeadally, S. (2015). Critical infrastructure protection: Requirements and
challenges for the 21st century. International journal of critical infrastructure
protection, 8, 53-66.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation
of a cloud computing information security governance framework. Information and
Software Technology, 58, 44-57.
Bajramovic, E., Waed, K., Gao, Y., & Parekh, M. (2017, July). Shared responsibility for forensic
readiness-related security controls: Prerequisite for critical infrastructure maintenance
and supplier relationships. In Smart Technologies, IEEE EUROCON 2017-17th
International Conference on (pp. 364-369). IEEE.
Stergiopoulos, G., Kotzanikolaou, P., Theocharidou, M., & Gritzalis, D. (2015). Risk mitigation
strategies for Critical Infrastructures based on graph centrality analysis. International
Journal of Critical Infrastructure Protection, 10, 34-44.
Alcaraz, C., & Zeadally, S. (2015). Critical infrastructure protection: Requirements and
challenges for the 21st century. International journal of critical infrastructure
protection, 8, 53-66.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation
of a cloud computing information security governance framework. Information and
Software Technology, 58, 44-57.
Bajramovic, E., Waed, K., Gao, Y., & Parekh, M. (2017, July). Shared responsibility for forensic
readiness-related security controls: Prerequisite for critical infrastructure maintenance
and supplier relationships. In Smart Technologies, IEEE EUROCON 2017-17th
International Conference on (pp. 364-369). IEEE.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.