Information Assurance Strategies for Heavy Metal Engineering Report
VerifiedAdded on 2022/10/10
|21
|3883
|18
Report
AI Summary
This report delves into the critical domain of information assurance, specifically tailored for Heavy Metal Engineering, a manufacturing organization. It begins with an introduction to the importance of information systems and the vital role of information assurance in safeguarding data assets. The report provides an overview of the organization, highlighting its global presence and the need for a robust information assurance plan to secure its data. A detailed discussion of information assurance principles follows, covering confidentiality, integrity, availability, authentication, and non-repudiation. The report then outlines the basics of an information assurance strategy, emphasizing the need for a framework aligned with business objectives. The NIST cybersecurity framework is recommended as a suitable model for Heavy Metal Engineering, with a focus on its implementation and the benefits it offers, particularly in managing risks associated with the manufacturing industry. Furthermore, the report identifies potential risks faced by the company, such as data breaches and supply chain vulnerabilities, and proposes risk mitigation strategies. These strategies include securing data flow, collaborating on security incidents, employing automated systems, and developing comprehensive security programs. Finally, the report addresses the importance of an incident response plan and offers a conclusion summarizing the key findings and recommendations.
Running head: STRATEGIES FOR INFORMATION ASSURANCE
Strategies for Information Assurance
Name of the student:
Name of the university:
Author note:
Strategies for Information Assurance
Name of the student:
Name of the university:
Author note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1STRATEGIES FOR INFORMATION ASSURANCE
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................3
Organization overview:...............................................................................................................3
Detailed overview of Information Assurance:.............................................................................3
Basics of Information Assurance Strategy:.................................................................................5
Framework for implementing Information Assurance:...............................................................6
Risk mitigation Strategy to mitigate the risks that are associated with workplace operation:....9
Accrediting body to ensure Information Assurance:.................................................................12
Incident Response Plan:.................................................................................................................13
Conclusion:....................................................................................................................................16
References:....................................................................................................................................17
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................3
Organization overview:...............................................................................................................3
Detailed overview of Information Assurance:.............................................................................3
Basics of Information Assurance Strategy:.................................................................................5
Framework for implementing Information Assurance:...............................................................6
Risk mitigation Strategy to mitigate the risks that are associated with workplace operation:....9
Accrediting body to ensure Information Assurance:.................................................................12
Incident Response Plan:.................................................................................................................13
Conclusion:....................................................................................................................................16
References:....................................................................................................................................17
2STRATEGIES FOR INFORMATION ASSURANCE
Introduction:
Information System plays a vital role within the infrastructure of any organization.
Information system is defined as the type of information and communication technology that
helps in smooth interaction of technologies within business processes. In today’s world of digital
awareness, information security plays as a crucial component for all organization in order to
protect information and conduct the business processes smoothly1. Information security is
demarcated as one of the protecting measure of evidence and the schemes that are involved
including the hardware use and transmission of information in a protected way. With the
openness of the internet, business organizations are enabled to quickly adopt technologies from
the perspective of information security. With the rise of information security and its systems
comes the concept of information assurance which mainly focuses on the gathering of credential
data and ensuring their safety2. Business organizations are responsible for storing large number
of information such as customer data, different algorithms, transaction related data and other
credentials loss of which can lead to the down fall of the entire association. The development of
information assurance includes maintaining of the confidentiality, integrity as well as the
availability of data that are collected from the users. This type of information protection is
1 Cherdantseva, Y. and Hilton, J., 2015. Information security and information assurance:
discussion about the meaning, scope, and goals. In Standards and Standardization: Concepts,
Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.
2 Jacobs, S., 2015. Engineering information security: The application of systems engineering
concepts to achieve information assurance. John Wiley & Sons.
Introduction:
Information System plays a vital role within the infrastructure of any organization.
Information system is defined as the type of information and communication technology that
helps in smooth interaction of technologies within business processes. In today’s world of digital
awareness, information security plays as a crucial component for all organization in order to
protect information and conduct the business processes smoothly1. Information security is
demarcated as one of the protecting measure of evidence and the schemes that are involved
including the hardware use and transmission of information in a protected way. With the
openness of the internet, business organizations are enabled to quickly adopt technologies from
the perspective of information security. With the rise of information security and its systems
comes the concept of information assurance which mainly focuses on the gathering of credential
data and ensuring their safety2. Business organizations are responsible for storing large number
of information such as customer data, different algorithms, transaction related data and other
credentials loss of which can lead to the down fall of the entire association. The development of
information assurance includes maintaining of the confidentiality, integrity as well as the
availability of data that are collected from the users. This type of information protection is
1 Cherdantseva, Y. and Hilton, J., 2015. Information security and information assurance:
discussion about the meaning, scope, and goals. In Standards and Standardization: Concepts,
Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.
2 Jacobs, S., 2015. Engineering information security: The application of systems engineering
concepts to achieve information assurance. John Wiley & Sons.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3STRATEGIES FOR INFORMATION ASSURANCE
applied to almost all types of field in order to transit the data in both physical and electronic
forms. This report is prepared so as to deal with the position of Information Assurance for
organization of Heavy Metal Engineering so as to ensure that the data assets are secured enough.
Discussion:
Organization overview:
The organization of Heavy Metal Engineering is a industrial organization that is
responsible for creating metal case casting for very high end seal and dryer products. It has
suppliers and customers all through the world with its worldwide offices. The corporate office of
Heavy Metal Engineering organization at US is observing forward to receive certain funding
from significant third parties in order develop a joint venture. But the organization lacks certain
information assurance plan and hence often fails in keeping its data assets secured. Hence in
order to put this in place, it is necessary that the manufacturing organization has a proper
information assurance plan implemented within their system that ensures the safety of the data
that is deposited within their data base system.
Detailed overview of Information Assurance:
The concept of Information Assurance is related to the repetition of shielding the data or
information against possible cyber-attacks and managing the overall risks that are associated
with different types of data risks related to the unauthorized usage of data, transmission of wrong
information and various other information risks3. The concept of Information Assurance is
3 Samonas, S. and Coss, D., 2014. THE CIA STRIKES BACK: REDEFINING
CONFIDENTIALITY, INTEGRITY AND AVAILABILITY IN SECURITY. Journal of
Information System Security, 10(3).
applied to almost all types of field in order to transit the data in both physical and electronic
forms. This report is prepared so as to deal with the position of Information Assurance for
organization of Heavy Metal Engineering so as to ensure that the data assets are secured enough.
Discussion:
Organization overview:
The organization of Heavy Metal Engineering is a industrial organization that is
responsible for creating metal case casting for very high end seal and dryer products. It has
suppliers and customers all through the world with its worldwide offices. The corporate office of
Heavy Metal Engineering organization at US is observing forward to receive certain funding
from significant third parties in order develop a joint venture. But the organization lacks certain
information assurance plan and hence often fails in keeping its data assets secured. Hence in
order to put this in place, it is necessary that the manufacturing organization has a proper
information assurance plan implemented within their system that ensures the safety of the data
that is deposited within their data base system.
Detailed overview of Information Assurance:
The concept of Information Assurance is related to the repetition of shielding the data or
information against possible cyber-attacks and managing the overall risks that are associated
with different types of data risks related to the unauthorized usage of data, transmission of wrong
information and various other information risks3. The concept of Information Assurance is
3 Samonas, S. and Coss, D., 2014. THE CIA STRIKES BACK: REDEFINING
CONFIDENTIALITY, INTEGRITY AND AVAILABILITY IN SECURITY. Journal of
Information System Security, 10(3).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4STRATEGIES FOR INFORMATION ASSURANCE
associated with the CIA triad or the Confidentiality, Integrity and Availability of data. Besides it
also includes the authentication as well as non-repudiation of data. The detailed analysis of the
components is discussed as follows:
1. Confidentiality: Confidentiality refers to the privacy of information while undertaking
measures that are designed to prevent the sensitive data information from reaching out to the
hands of black hat people. It also helps in restricting the unauthorized access of data. The
confidentiality factor of the CIA triad helps in categorizing the data according to the type of
damage that is caused due to unintentional use. Maintaining the confidentiality of data helps in
safeguarding the data while involving special training related to the security risks that causes
threatening of the credential information.
2. Integrity: The principle of integrity involves maintaining the accuracy, consistency and
trustworthiness of information assets within an organization. It includes implementing of
measures so as develop policies including accessibility of files and modifying them without prior
permission.
3. Availability: Availability principle of CIA triad includes maintaining of hardware performance
while resolving the issues immediately and ensuring the proper functionality of the resources
used within the information system. It helps in providing bandwidth for communication while
removing the possible bottlenecks. Implementing this within organization helps in mitigating the
serious consequences that are faced during any type of hardware issues.
associated with the CIA triad or the Confidentiality, Integrity and Availability of data. Besides it
also includes the authentication as well as non-repudiation of data. The detailed analysis of the
components is discussed as follows:
1. Confidentiality: Confidentiality refers to the privacy of information while undertaking
measures that are designed to prevent the sensitive data information from reaching out to the
hands of black hat people. It also helps in restricting the unauthorized access of data. The
confidentiality factor of the CIA triad helps in categorizing the data according to the type of
damage that is caused due to unintentional use. Maintaining the confidentiality of data helps in
safeguarding the data while involving special training related to the security risks that causes
threatening of the credential information.
2. Integrity: The principle of integrity involves maintaining the accuracy, consistency and
trustworthiness of information assets within an organization. It includes implementing of
measures so as develop policies including accessibility of files and modifying them without prior
permission.
3. Availability: Availability principle of CIA triad includes maintaining of hardware performance
while resolving the issues immediately and ensuring the proper functionality of the resources
used within the information system. It helps in providing bandwidth for communication while
removing the possible bottlenecks. Implementing this within organization helps in mitigating the
serious consequences that are faced during any type of hardware issues.
5STRATEGIES FOR INFORMATION ASSURANCE
4. Authentication: Authentication is another factor that ensures the methods that are adopted
within organization so as to access the data. It includes protected methods such as using
passwords, digital certificates or any type of authenticated biometric means.
5. Non-repudiation: The last but not the least another important factor that contributes to the
information assurance system is Non- repudiation. It includes monitoring of actions that one
individual cannot deny such as authenticity of a contract or any message that is provided by the
machine or system as a proof of action.
Basics of Information Assurance Strategy:
Implementing an Information Assurance plan within organization helps in creating a road
map for protecting the information as well as their infrastructure while aligning the strategies
with that of the business goals and objectives. Implementing strategies based on information
assurance is treated as a major IT function including detailed planning of the strategy.
Developing a suitable information strategy helps organization in understanding their business
condition while dictating the availability of information while mitigating the major risks
associated with it. Having a proper Information Assurance strategy plan in place helps
organizations to reduce their operational expense while increasing the market value of the
organization. While implementing Information assurance strategy it is thus necessary to follow
proper framework that exactly aligns with the business objectives while helping in to secure the
data assets within the organization.
Framework for implementing Information Assurance:
Information Assurance framework consist of a series of developments that are recycled to
define the guidelines and procedures to implement the supervision of various information
4. Authentication: Authentication is another factor that ensures the methods that are adopted
within organization so as to access the data. It includes protected methods such as using
passwords, digital certificates or any type of authenticated biometric means.
5. Non-repudiation: The last but not the least another important factor that contributes to the
information assurance system is Non- repudiation. It includes monitoring of actions that one
individual cannot deny such as authenticity of a contract or any message that is provided by the
machine or system as a proof of action.
Basics of Information Assurance Strategy:
Implementing an Information Assurance plan within organization helps in creating a road
map for protecting the information as well as their infrastructure while aligning the strategies
with that of the business goals and objectives. Implementing strategies based on information
assurance is treated as a major IT function including detailed planning of the strategy.
Developing a suitable information strategy helps organization in understanding their business
condition while dictating the availability of information while mitigating the major risks
associated with it. Having a proper Information Assurance strategy plan in place helps
organizations to reduce their operational expense while increasing the market value of the
organization. While implementing Information assurance strategy it is thus necessary to follow
proper framework that exactly aligns with the business objectives while helping in to secure the
data assets within the organization.
Framework for implementing Information Assurance:
Information Assurance framework consist of a series of developments that are recycled to
define the guidelines and procedures to implement the supervision of various information
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6STRATEGIES FOR INFORMATION ASSURANCE
security controls within an institute. These type of frameworks are usually defined as the
blueprint for developing program related to information security in order to achieve the risks that
are related with the information assets within the organization while reducing the vulnerabilities
associated with various cyber risks related to the data4. There are different types of Information
Assurance framework that are developed for specific industries in association with their specific
regulatory compliances5. The various risks that are associated with the manufacturing
organization of Heavy Metal Engineering includes vulnerability with the disruption in the supply
chain, data breaches, risks associated with the third party vendors, risks related to the protection
of sensitive data within the organization and many more. Based on this risks, the suitable
Information Assurance Framework that can be recommended for the organization of Heavy
Metal Engineering is the NIST cyber security Framework.
NIST cyber security framework:
For manufacturing industry, it is important to manage the risks that are associated within
organization while adopting the risk based approaches related to the assurance of cyber security
within the association. The National Institute of Standard and Technology is one of the most
recognized cyber security framework that has been widely used by industries for establishing
security management of data assets effectively within organization6. It consists of standard
4 Sharkov, G., 2016, October. From cybersecurity to collaborative resiliency. In Proceedings of
the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (pp. 3-9).
ACM
5 Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information assurance
& security. In 2013 International Conference on Availability, Reliability and Security (pp. 546-
555). IEEE
6 Such, J.M., Gouglidis, A., Knowles, W., Misra, G. and Rashid, A., 2016. Information assurance
techniques: Perceived cost effectiveness. Computers & Security, 60, pp.117-133.
security controls within an institute. These type of frameworks are usually defined as the
blueprint for developing program related to information security in order to achieve the risks that
are related with the information assets within the organization while reducing the vulnerabilities
associated with various cyber risks related to the data4. There are different types of Information
Assurance framework that are developed for specific industries in association with their specific
regulatory compliances5. The various risks that are associated with the manufacturing
organization of Heavy Metal Engineering includes vulnerability with the disruption in the supply
chain, data breaches, risks associated with the third party vendors, risks related to the protection
of sensitive data within the organization and many more. Based on this risks, the suitable
Information Assurance Framework that can be recommended for the organization of Heavy
Metal Engineering is the NIST cyber security Framework.
NIST cyber security framework:
For manufacturing industry, it is important to manage the risks that are associated within
organization while adopting the risk based approaches related to the assurance of cyber security
within the association. The National Institute of Standard and Technology is one of the most
recognized cyber security framework that has been widely used by industries for establishing
security management of data assets effectively within organization6. It consists of standard
4 Sharkov, G., 2016, October. From cybersecurity to collaborative resiliency. In Proceedings of
the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense (pp. 3-9).
ACM
5 Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information assurance
& security. In 2013 International Conference on Availability, Reliability and Security (pp. 546-
555). IEEE
6 Such, J.M., Gouglidis, A., Knowles, W., Misra, G. and Rashid, A., 2016. Information assurance
techniques: Perceived cost effectiveness. Computers & Security, 60, pp.117-133.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7STRATEGIES FOR INFORMATION ASSURANCE
guidelines along with best cyber security management practices7. The framework is known for
its flexibility and prioritized based on its cost effective approach helping in to promote the
resilience and protection of the critical framework with organization8. This type of Information
Assurance framework is also important in the field of providing security economically and
nationally. For industries especially for manufacturing industries, the NIST Cyber security
Framework acts as a proper guidance. The recent version that is released under the NIST
framework helps in improving the Critical Infrastructure of the Cyber security framework within
the organization.
Version 1.1 of NIST Cyber Security Framework:
The new version of NIST 1.1 that has been released by the US Commerce Department
aims at improving the critical infrastructure of an organization. The framework focuses on the
management of risks using methods and metrics and tools so as to enable the manufacturers in
assessing the cyber risks related to their system. The section 3.3 of the Cyber Security
Framework describes the way or the communicating requirements needed for communicating
with th stakeholders and helps organization to better recognize the concept of Cyber Supply
Chain Risk Management. The section 3.4 of the framework helps in highlighting the decision
process related to buying while understanding risks associated with the products and services.
7 Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global cybersecurity
standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on
shaping reasonable national and international cybersecurity practices. Tex. Int'l LJ, 50, p.305
8 Almuhammadi, S. and Alsaleh, M., 2017. Information Security Maturity Model for Nist Cyber
Security Framework. Computer Science & Information Technology, 51.
guidelines along with best cyber security management practices7. The framework is known for
its flexibility and prioritized based on its cost effective approach helping in to promote the
resilience and protection of the critical framework with organization8. This type of Information
Assurance framework is also important in the field of providing security economically and
nationally. For industries especially for manufacturing industries, the NIST Cyber security
Framework acts as a proper guidance. The recent version that is released under the NIST
framework helps in improving the Critical Infrastructure of the Cyber security framework within
the organization.
Version 1.1 of NIST Cyber Security Framework:
The new version of NIST 1.1 that has been released by the US Commerce Department
aims at improving the critical infrastructure of an organization. The framework focuses on the
management of risks using methods and metrics and tools so as to enable the manufacturers in
assessing the cyber risks related to their system. The section 3.3 of the Cyber Security
Framework describes the way or the communicating requirements needed for communicating
with th stakeholders and helps organization to better recognize the concept of Cyber Supply
Chain Risk Management. The section 3.4 of the framework helps in highlighting the decision
process related to buying while understanding risks associated with the products and services.
7 Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global cybersecurity
standard of care: Exploring the implications of the 2014 NIST cybersecurity framework on
shaping reasonable national and international cybersecurity practices. Tex. Int'l LJ, 50, p.305
8 Almuhammadi, S. and Alsaleh, M., 2017. Information Security Maturity Model for Nist Cyber
Security Framework. Computer Science & Information Technology, 51.
8STRATEGIES FOR INFORMATION ASSURANCE
Thus for the organization of Heavy Metal Engineering it would be beneficial for the organization
if the NIST cyber security framework is implemented within them.
The different processes by which the NIST framework can be implemented within the
organization includes-
1. Setting up the targeted goals of the organization while establishing agreement about the levels
of risk tolerance throughout the organization.
2. Creating a detailed profile based on three areas such-
Integration of Risk management program
Initiating the Risk Management Process
Initiating external participation
3. Assessing the current position of the company by identifying the software tools or the areas
that are mostly vulnerable to cyber risks while performing a risk assessment report for the
organization.
4. Analyzing the gap of the action plans while comparing the ideas with actual and targeted
scores.
5. Implementing the action plans while aligning the organizational goals with a set of remedial
actions.
Thus for the organization of Heavy Metal Engineering it would be beneficial for the organization
if the NIST cyber security framework is implemented within them.
The different processes by which the NIST framework can be implemented within the
organization includes-
1. Setting up the targeted goals of the organization while establishing agreement about the levels
of risk tolerance throughout the organization.
2. Creating a detailed profile based on three areas such-
Integration of Risk management program
Initiating the Risk Management Process
Initiating external participation
3. Assessing the current position of the company by identifying the software tools or the areas
that are mostly vulnerable to cyber risks while performing a risk assessment report for the
organization.
4. Analyzing the gap of the action plans while comparing the ideas with actual and targeted
scores.
5. Implementing the action plans while aligning the organizational goals with a set of remedial
actions.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9STRATEGIES FOR INFORMATION ASSURANCE
Risk mitigation Strategy to mitigate the risks that are associated with workplace
operation:
Manufacturing industries are known to stand among the second list in case of security
issues as most of the attack is related to cyberspace occur in this field. As the company of Heavy
Metal Engineering is trying to look for some third party funding while coming into an
international joint venture, hence it needs to assure that its data security are in place while
identifying and managing the different aspect of their metal shell production and the
vulnerabilities that are associated with the manufacturing systems.
Certain risks that is associated with the company:
Lack of security features such as encryption and authentication
Free access to all systems
Lack of interface within company’s network
Vulnerabilities related to supply chain attacks
Sharing of data without prior permission
Lack of any framework for information assurance
Lack of strategies to implement measures to the cyber risks9
Lack of monitoring of the systems
Use of BYOD policy within the organization
Prevalence of Password based authentication of wireless network within the
organization.
9 Giannakis, M. and Papadopoulos, T., 2016. Supply chain sustainability: A risk management
approach. International Journal of Production Economics, 171, pp.455-470
Risk mitigation Strategy to mitigate the risks that are associated with workplace
operation:
Manufacturing industries are known to stand among the second list in case of security
issues as most of the attack is related to cyberspace occur in this field. As the company of Heavy
Metal Engineering is trying to look for some third party funding while coming into an
international joint venture, hence it needs to assure that its data security are in place while
identifying and managing the different aspect of their metal shell production and the
vulnerabilities that are associated with the manufacturing systems.
Certain risks that is associated with the company:
Lack of security features such as encryption and authentication
Free access to all systems
Lack of interface within company’s network
Vulnerabilities related to supply chain attacks
Sharing of data without prior permission
Lack of any framework for information assurance
Lack of strategies to implement measures to the cyber risks9
Lack of monitoring of the systems
Use of BYOD policy within the organization
Prevalence of Password based authentication of wireless network within the
organization.
9 Giannakis, M. and Papadopoulos, T., 2016. Supply chain sustainability: A risk management
approach. International Journal of Production Economics, 171, pp.455-470
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10STRATEGIES FOR INFORMATION ASSURANCE
Presence of malicious code within system as a result of unaware risk of clicking into
some link.
Lack of immediate incident response plan
Lack of surveillance and monitoring of the company’s website
In order implement third party funding, it is important that the organization mitigate certain risks
using strategies such as-
1. Ensuring security of data flow and interaction between the different flows of information in
the manufacturing system. For this, necessary strategy needs to be taken such as implementing
framework structure to propose the secured flow of data within the manufacturing organization
of Heavy Metals Engineering10.
2. Collaborating and sharing the information related to security incidents and measures used in
mitigating the issues with the associated sharing partners of the organization.
3. Employing automated machines so as to understand the feasibility of the data and to assist the
collaboration of information within the system.
4. Coordinating contingency development of plan with the business stakeholders with ten plans
related to security of data11.
10 Aqlan, F. and Lam, S.S., 2016. Supply chain optimization under risk and uncertainty: A case
study for high-end server manufacturing. Computers & Industrial Engineering, 93, pp.78-87.
11 DeSmit, Z., Elhabashy, A.E., Wells, L.J. and Camelio, J.A., 2016. Cyber-physical vulnerability
assessment in manufacturing systems. Procedia Manufacturing, 5, pp.1060-1074.
Presence of malicious code within system as a result of unaware risk of clicking into
some link.
Lack of immediate incident response plan
Lack of surveillance and monitoring of the company’s website
In order implement third party funding, it is important that the organization mitigate certain risks
using strategies such as-
1. Ensuring security of data flow and interaction between the different flows of information in
the manufacturing system. For this, necessary strategy needs to be taken such as implementing
framework structure to propose the secured flow of data within the manufacturing organization
of Heavy Metals Engineering10.
2. Collaborating and sharing the information related to security incidents and measures used in
mitigating the issues with the associated sharing partners of the organization.
3. Employing automated machines so as to understand the feasibility of the data and to assist the
collaboration of information within the system.
4. Coordinating contingency development of plan with the business stakeholders with ten plans
related to security of data11.
10 Aqlan, F. and Lam, S.S., 2016. Supply chain optimization under risk and uncertainty: A case
study for high-end server manufacturing. Computers & Industrial Engineering, 93, pp.78-87.
11 DeSmit, Z., Elhabashy, A.E., Wells, L.J. and Camelio, J.A., 2016. Cyber-physical vulnerability
assessment in manufacturing systems. Procedia Manufacturing, 5, pp.1060-1074.
11STRATEGIES FOR INFORMATION ASSURANCE
5. Developing and maintaining the security program within the organization of Heavy Metals
Engineering including development of policies, designating the risks, screening and monitoring
the causes and effects, accessing agreements with third party and many more.
6. Restricting access of information or any file without prior permission or predefined policies.
7. Enforcing requirements for getting process or access approved while controlling and
monitoring activities with maintenance tools within the organization system12.
8. Conducting regular tests related to phishing test or hardware or software vulnerability test.
9. Scanning devices for ensuring if there is any such presence of malicious code that can harm
the systems of the entire organization.
10. Last but not the least of all the strategies that needs to be undertaken within the organization
of Heavy Metals Engineering is to develop a proper incident response plan along with disaster
recovery plan so as to mitigate the future possible risks related to cyber security of the data assets
of the organization13.
Accrediting body to ensure Information Assurance:
CREST
12 Tupa, J., Simota, J. and Steiner, F., 2017. Aspects of risk management implementation for
Industry 4.0. Procedia Manufacturing, 11, pp.1223-1230.
13 Teodoro, N., Gonçalves, L. and Serrão, C., 2015, August. NIST CyberSecurity Framework
Compliance: A Generic Model for Dynamic Assessment and Predictive Requirements. In 2015
IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 418-425). IEEE
5. Developing and maintaining the security program within the organization of Heavy Metals
Engineering including development of policies, designating the risks, screening and monitoring
the causes and effects, accessing agreements with third party and many more.
6. Restricting access of information or any file without prior permission or predefined policies.
7. Enforcing requirements for getting process or access approved while controlling and
monitoring activities with maintenance tools within the organization system12.
8. Conducting regular tests related to phishing test or hardware or software vulnerability test.
9. Scanning devices for ensuring if there is any such presence of malicious code that can harm
the systems of the entire organization.
10. Last but not the least of all the strategies that needs to be undertaken within the organization
of Heavy Metals Engineering is to develop a proper incident response plan along with disaster
recovery plan so as to mitigate the future possible risks related to cyber security of the data assets
of the organization13.
Accrediting body to ensure Information Assurance:
CREST
12 Tupa, J., Simota, J. and Steiner, F., 2017. Aspects of risk management implementation for
Industry 4.0. Procedia Manufacturing, 11, pp.1223-1230.
13 Teodoro, N., Gonçalves, L. and Serrão, C., 2015, August. NIST CyberSecurity Framework
Compliance: A Generic Model for Dynamic Assessment and Predictive Requirements. In 2015
IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 418-425). IEEE
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.