Explain why you think these methods would work.
Discussion 1
.
Respond to this colleagues (BELOW): (Half a page and please, provide a reference )
Discussion Topic
Explain ways to engage technical stakeholders in the discovery and mitigation process and explain why you think these methods would work.
Post from colleague 1
Engaging technical stakeholders in the discovery and mitigation processes needs to begin with assuring that the stakeholders truly understand the value and purpose of information security within the organization. Without understanding the value and purpose that a security framework can add to an organization, the risk assessment will fall short and not be as thorough as possible. To gain an understanding, the communicator may need to reach outside the company for assistance. Both external and internal stakeholders need to be informed and have a buy-in with the framework to even get to a point of discovery and mitigation processes. The Cybersecurity & Infrastructure Security Agency (CISA), has created a branch of services called the Cybersecurity Advisors (CSAs) that deal directly with engaging stakeholders within an organization. The CSAs offer services to communicate effectively to stakeholders and work with developing partnerships with them. These types of services would work well as they align the purpose of security with business objectives, clearly communicating the stakeholder’s part within the framework and more specifically the risk assessment process. Understanding will help discover risks that may have not been seen before the partnership was established, which in turn would effectively engage the stakeholders within the mitigation processes.
References:
CISA. (2019, December 17). Stakeholder risk assessment and mitigation. DHS. https://www.cisa.gov/stakeholder-risk-assessment-and-mitigation
Post from colleague 2
The way you want to engage with the stakeholders, you will want to have a strategy before the engagement happens. The strategy will be compiled of three components: goals, actions, and action plan. The first part of the strategy should have a goal to find any risks that were assessed during their findings. These risks can lead to individual mitigation goals.
When you have found your goal, actions need to be taken which leads into the next strategy. When the risks have been found, a plan needs to start immediately, by doing this they will take mitigation actions to address the problem. Here they can assess the cost of the risk and rate it on severity of the issue. Here they need to make sure the actions taken are doable and will result in a long-term solution.
Lastly, an action plan will be developed showing how the risk is going to be fixed, including all data and analysis ready, and with correct policies being followed. There needs to be a solution for the risk ready to go before the stakeholders are engaged. The whole point about this is to be ready to show the findings, what actions are taken to fix the problem, and then implemented.
Berke, P., & Masterson, J. H. (2020). Beyond the Basics: Best Practices in Local Mitigation Planning. Retrieved September 07, 2020, from http://mitigationguide.org/task-6/the-mitigation-strategy-goals-actions-action-plan/
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.