Protecting Availability

Safeguarding companies’ assets is a core essential for its survival. When it comes to the safeguarding and protection of a network, this would be part of that core for that survival. An important role in a companies’ organization with network/cyber security would be the chief information security officer (CISO). The CISO “…focuses on developing and leading the information security program” (CISCO, 2024, para. 1). In our previous voice threads about the organization structure, you were able to see how certain positions branch out and how the communication process works up and down the ranks. On a personal experience, administration aspects that I would ensure were implemented are org charts and/or having company policies available in pertinent spaces/share drive. When it comes to ensuring system availability, there must be a status board showing configurations. Standard protocols must be available for responses to breaches/intrusions or outages. Training is a must, so fluidity exist to responses and mitigations. These are just a few examples of how a CISO should approach the information security program.

Implementing standard policies, protocols and following a model that best fits a company would be important. The NIST frameworks or even the principles of the CIA can provide some framing. Bourgeois also provides guidelines for information security like having alternate configuration methods outlined for any time that the primary system must come down (2024). The implementation of an intrusion system for your assets and ensuring that certain spaces have imposed restrictions as needed is also a necessary security measure (Bourgeois, 2024). These are very important physical security measure that a CISO should ensure that guidelines are delineated, and compliance is achieved. Another important measure that a CISO should incorporate, as recommended by NIST, is risk management and implementation of audits (Nieles et al., 2017). Understanding the risk associated with certain scenarios helps you tailor your companies’ guidelines and audits gives a pulse on where a companies’ system stands. Ensuring the information security has robust guidelines, training programs and protocols is crucial for a CISO to protect companies’ assets.  

References

Bourgeois, D. (2024). Chapter 6: Information systems security [Modules]. Canvas@ODU. https://portal.odu.edu/

CISCO. (2024). What is a ciso. https://www.cisco.com/c/en/us/products/security/what-is-ciso.html

Nieles, M., Dempsey, K., & Pillitteri, V. (2017). An introduction to information security. https://doi.org/10.6028/NIST.SP.800-12r1  

Leave a Reply

Your email address will not be published. Required fields are marked *