To: Padgett-Beale CISOFrom: bosek sakayoDate: March 31, 2020
To: Padgett-Beale CISOFrom: bosek sakayoDate: March 31, 2020Subject: Identification and Selection of IT Security ControlsIntroductionThe M&A team has identified three events that contributed to the bankruptcy of IBS. The company officers and senior managers were able to conduct criminal activity using company IT assets without detection, does not have a disaster recovery/business continuity plan, and storage media was not backed up on offsite premises. The following families of controls from NIST SP 800-53 will be used to remediate the mentioned deficiency (Security and Privacy Controls, 2013):AU (Audit and Accountability) – The AU family focuses on the audit process and guide an organization employing effective auditing into process and system.CP (Contingency Planning) – The CP family focuses on preparing an organization to be able to maintain the essential mission and functions during a disruptive event. It guides an organization supporting an effective contingency plan, and cost-effective means for reacting rapidly and effectively to a troublesome occasion. Analysis The following are the controls within the AU and CP families that are recommended to deter the above shortages.AU-3 Content of Audit Records— This control enforces the establishment of audit records from information systems such as when what, and where the event occurred, and the source, outcomes of the game and involved, and involved subjects (NIST, n.d.). This control can be implemented by employing software that manages the audit. This will help deter people in the company executing criminal activities using the company’s IT asset. For example, a malicious person trying to log in to the company system outside of a work hour to be discrete from other employees, but audit management software would record the login information, and that user will be questioned.CP-2 Contingency Plan – This control enforces a company to have a practical contingency plan and recovery plans that will help the business to function in a disruptive event such as loss of servers and workstations. The continency plan must identify the essential business mission and be tested and reviewed periodically. During an incident, everybody should know their roles and responsibility and carry out an objective that is written on the contingency plan to sustain the critical mission and operation.CP-6 Alternate Storage Site – This control focus on implementing storage site off the premises in case of an emergency where on-premises storage data fails to provide support business operation. The cloud technology is recommended for alternate storage because the cloud service provider offers robust security, reliability, and accessibility (KeepItSafe, n.d.).Summary The M&A team has identified three events that occurred in the IBS, and that played a big part in IBS go bankruptcy. This was a result of not having adequate internal control and contingency plan. The NIST SP 800-53 was incorporated to suggest controls that may help deter mentioned deficiencies, and they are AU-3 (Content of Audit Records), CP-2 (Contingency Plan), and CP-6 (Alternate Storage Site). The team suggests employing audit management software, strategically written contingency plans, and cloud service. They will help fight officers and managers using the company’s IT for criminal activities and to be able to sustain essential business operation after servers, workstations, and storage media has been disrupted.Resources:KeepItSafe. (n.d.). ON-PREMISES VS OFFSITE BACKUP. Retrieved March 31, 2020, from https://www.keepitsafe.com/docs/default-source/whi…NIST Special Publication 800-53 (Rev. 4). (n.d.). Retrieved March 31, 2020, from https://nvd.nist.gov/800-53/Rev4/control/AU-3Security and Privacy Controls for Federal Information Systems and Organizations. (2013). doi: 10.6028/nist.sp.800-53r4
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.