First Duties As Chief Information Security Officer of a company, the first controls I would implement in the company would be measures to increase the company such as implementing two factor authentication, Personal Identity Verification (PIV) Cards or Common Access Cards (CAC) with a pin number to access the technology associated with company. I would…
Mitigating Risk with Business Impact Analysis and Business Continuity Plans
A business continuity plan is a proactive plan created by an organization to continue with the businesses operation in the case there is an interruption due to an attack or a natural disaster. A business impact analysis is a review of how much the organization will be impacted from an interruption. Creating an impact analysis…
Exploring Attacks on Availability
What are attacks on availabilityAttacks on availability on a network are attacks that prevent authorized users from accessing and using systems when they are needed. These attacks can be denial of service attacks that can overwhelm the system or network by flooding it with traffic. It can also be physical due to damage to the…
The Impact of Size and Culture When Creating a Risk Management Plan and the Responsibility of Stakeholders
An organization’s size can impact implementation of risk management planning because when we talk about the responsibilities of who will do the monitoring, training, and maintaining compliancy, it may be easier for a small firm that has a small team, however with a large firm with a small team that may be somewhat more difficult….
Identifying Risks, Threats, and Weaknesses in a System
Risk Identification is identifying threat vulnerabilities and estimating the likelihood of those threats being exploited and/or a potential vulnerability in the system that can harm an asset. Threats can be categorized as external or internal, natural or man-made, and/or intentional or accidental. Threats can cause a loss of confidentiality, integrity, and availability to a business…
The NIST Cybersecurity Framework
The Framework gives organizations standards and a common language for managing risk and creating and maintaining a stable cybersecurity environment. The Framework is not to replace any organization’s risk management process, but it’s implementations can greatly compliment it. The Framework Core’s function works to identify, protect, detect, respond and recover the organization from risks and/or…