Heavy Metal Engineering: Information Assurance and Risk Mitigation

Verified

Added on 2022/09/26

AI Summary

This report provides a comprehensive analysis of information assurance for Heavy Metal Engineering, a company specializing in metal casting for high-end seal and dryer products. It addresses the organization's need for a robust information assurance plan to protect its data assets. The report covers key aspects of information assurance, including confidentiality, integrity, availability, authentication, and non-repudiation. It also outlines strategies for implementing information assurance, such as the NIST cybersecurity framework, and details risk mitigation plans specific to the company's operations. Furthermore, the report discusses the role of accrediting bodies like CREST and includes an incident response plan to ensure data security. The overall aim is to provide a structured approach to securing the company's data and improving its cybersecurity posture.

Introduction
This report is prepared so as to deal with the position of Information Assurance for
organization of Heavy Metal Engineering so as to ensure that the data assets are secured
enough.
Organization overview
The organization of Heavy Metal Engineering is an industrial organization that is responsible
for creating metal case casting for very high end seal and dryer products. It lacks certain
information assurance plan and hence often fails in keeping its data assets secured hence it is
looking forward to have a proper information assurance plan.
Information assurance overview (detailed)
Information Assurance is related to the repetition of shielding the data or information against
possible cyber-attacks and managing the overall risks.
 Confidentiality
It to the privacy of information while undertaking measures that are designed to
prevent the sensitive data information from reaching out to the hands of black hat
people.
 Integrity
It includes accuracy, consistency and trustworthiness of data and includes
implementation of measures to frame policies for file accessibility
 Availability
It helps in providing bandwidth for communication while removing the possible
bottlenecks.
 Authentication
It includes protected methods such as using passwords, digital certificates or any type
of authenticated biometric means.
 Non-repudiation
It includes monitoring of actions that one individual cannot deny.
Basics of Information Assurance Strategy
This section will cover over the implementation different strategies of information assurance.
Framework for implementing Information Assurance
 NIST cyber security framework - It consists of standard guidelines along with best
cyber security management practices and is cost effective approach.
 Version 1.1 of NIST Cyber Security Framework - The framework focuses on the
management of risks using methods and metrics and tools.
Risk mitigation Strategy
The organizations needs to assure that its data security are in place while identifying and
managing the different aspect of their metal shell production and the vulnerabilities that are
associated with the manufacturing systems. This section will cover risks and their respective
mitigation plans associated with the company’s new venture.
Accrediting body to ensure Information Assurance
This section shall cover the CREST body and its functionality along with an incident
response plan.