Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Mitigating Risk for Information Technology
The risk management plan to deal with the situation for this particular assignment is two-fold in nature. Specifically, it is designed to account for the external breach of the company based on its information technology security. Additionally, it must encompass critical facets of data governance which can rectify the weak access-control policies that were taken advantage of for an internal breach. As such, the risk-management policy will address both of these issues holistically through a comprehensive approach that considers data management and data governance in a way that encompasses security measures. The resulting governance mechanisms that are advocated as part of this policy should unequivocally reduce the risk of data breaches, both internally and externally.
It is important to understand just how effective data governance can ameliorate the two security issues described in this assignment prior to formalizing it as part of this risk-management policy. Data governance is a long-term program for data management that offers a formal accountability of the rules, roles and responsibilities that are required for sustainable and orderly access of data as an organization wide asset. At a high level, then, it is necessary to create a data governance council consisting of both domain experts and upper level management to determine the sort of policies necessary to prevent data breaches and...
It is also vital to assign data stewards to ensure that the policies determined are readily enforced; typically stewards should encompass members of both IT departments as well as the business. In regards to the sort of unauthorized access of data in the internal breach for this assignment, the aforementioned councils and stewards are responsible for ensuring that data is accessible on a need-to know basis that is codified not only by one's business or organizational domain, but also by one's particular job function. At the implementation level, there are a number of governance tools and vendor solutions that can facilitate this sort of role-based access -- which is a hallmark of effective data governance, whether information is stored internally or externally, on an organization's physical premises or in the cloud. Moreover, some of the more competitive governance solutions also offer a degree of traceability and data lineage so that it is possible to discern who has accessed what data, what changes they made to it, and even what actions they took next from the same computer. Again, these solutions also offer portals so that IT professionals can have an oversight layer of data governance to view what data employees are accessing and how, which can greatly mitigate the risk of internal breaches due to unauthorized data access.
The data governance policies and procedures outlined in this risk-management policy…
References
Harper, J. (2014). (Big) data governance for cloud deployments. www.dataversity.net Retrieved from http://www.dataversity.net/big-data-governance-cloud-deployments/
Harper, J. (2013). Walk softly: why non-invasive data governance wins. www.dataversity.net Retrieved from http://www.dataversity.net/walk-softly-why-non-invasive-data-governance-wins/
Metrics, Implementation, and Enforcement (Security Governance) How can you determine whether there has been a malware outbreak? The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior
Security Governance Framework Veiga, A. (2007). An Information Security Governance Framework. Information Systems Management, 24 (4), pp. 361 -- 371. In the last several years, security governance strategies have been continually evolving. This is because the nature of the threats to an organization's network is increasing exponentially. To deal with these challenges, new techniques were developed. The article that was written by Veiga (2007) is focusing on four different strategies. That
Security Monitoring Strategies Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area. Defining Security Monitoring Strategies For an
(Gartenberg, 2005) Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify. The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture
Security Sector Reform Overview of the relevant arguments regarding Security Sector reform The objective of security sector reform has to take care of the threats to the security of the state and the safety of its citizens. These arise often from the situation within the state and military responses may not be suitable. This leads on to an analysis of the government. The second article talks in a wider, more theoretical and
security and governance program is "a set of responsibilities and practices that is the responsibility of the Board and the senior executives." This is the procedures by which the company ensures information security in the organization. The program consists of desired outcomes, knowledge of the information assets, and process integration (ITGI, 2013). Security of information is important because of the value of information, especially proprietary, in today's business world.